Archive for January, 2016

Credential Misuse and Data Breach

January 24th, 2016

Brigham and Womens Faulkner Hospitals (Brigham) experienced data breach when an unauthorized user obtained an employees network credentials.

According to the reports, the credentials were used to access an employees email account.

Affected information includes full names, dates of birth, medical record numbers, provider name, dates of service, and some clinical information, such as diagnoses and treatments received. However, health insurance information, health insurance numbers, or other financial or account information were not included.

The incident caused data breach to approximately 1,000 individuals as per OCR data breach reporting tool. Brighams patients and patient electronic medical records system were not affected. Only discrete information contained in the single compromised email account was potentially affected.

As per the statement:

We are committed to the security of the sensitive information we maintain and are taking this matter very seriously,Brigham explained in its notification letter. To help prevent a similar incident from reoccurring, we are taking steps to enhance our existing technical safeguards regarding network credentials, and we are re-educating workforce members.

Although to date, we have no evidence that any patient information contained in the emails has been misused, as a precaution we began mailing letters to affected individuals on January 11, 2016, and we have established a dedicated call center to answer any questions they may have. 

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

————————————————————————————————————————————————————-

Alertsec is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Data Breach Affects 950K Patients

January 22nd, 2016

Centene Corporation recently experienced a potential healthcare data breach when its hard drives went missing. The incident may have affected approximately 950,000 individuals. Breached information includes names, addresses, dates of birth, Social Security numbers, member ID numbers and health information. However, financial or payment information were not on the hard drives.

Centene is conducting search for six missing hard drives after it found out that the hard drives were unaccounted for in its inventory of IT assets. It did not mention the hard drives encryption status. The data of the individuals who have received laboratory services from 2009-2015 may be present on the drives.

“Centene takes the privacy and security of our members’ information seriously,” Centene Chairman, President and CEO Michael F. Neidorff said in a statement. “While we don’t believe this information has been used inappropriately, out of abundance of caution and in transparency, we are disclosing an ongoing search for the hard drives. The drives were a part of a data project using laboratory results to improve the health outcomes of our members.”

According to the statement, potentially affected individuals will be receiving data breach notification letters and will also be offered free credit and healthcare monitoring. Also, corporation is in the process of reinforcing and reviewing its procedures related to managing its IT assets.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

————————————————————————————————————————————————————-

Alertsec  is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec’s Check Point Full Disk Encryption.

 

Unauthorized user access and data breach

January 20th, 2016

Blue Shield of California recently suffered potential data breach when one of its vendors recently became aware of an unauthorized user access to its data systems. Potentially affected information includes names, addresses, dates of birth, and Social Security numbers.

As per OCR data breach output, 20,764 individuals were possibly affected.

No Blue Shield data systems were impacted. Misused log-in credentials for certain Blue Shield customer service representatives have resulted in to the incident.

“We are working internally and with our vendor to improve our overall security procedures in order to provide additional protections for your personal information,” explained the notification letter signed by Blue Shield Chief Privacy Officer Molly McCoy Esq., CIPP/US.

According to the Molly McCoy:

I’m writing to provide you information on the steps we are taking to protect you and your information moving forward.

In addition, and to help protect your identity, we are offering a complimentary one year membership in Experian’s® ProtectMyID® Alert. While we have no indication that specific personal information about you has been misused, this product helps detect possible misuse of your personal information and provides you with superior identity protection support focused on immediate identification and resolution of identity theft.

Once your enrollment in ProtectMyID is complete, you should carefully review your credit report for inaccurate or suspicious items. If you have any questions about ProtectMyID, need help understanding something on your credit report, or suspect that an item on your credit report may be fraudulent, please contact Experian’s customer care team. 

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

————————————————————————————————————————————————————-

Alertsec is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec’s Check Point Full Disk Encryption.

Laptop theft leads to Data Breach

January 18th, 2016

Montana-based New West Health Services d/b/a New West Medicare recently suffered potential healthcare data breach following a laptop theft.

New West announcement did not specify how many individuals were potentially affected by the incident. According to the OCR data breach reporting tool, the impacted count stands at 28,209.

New West in a statement explained that the password-protected laptop was stolen from an off-site location. It contained information on past and present New West customers.

Affected information includes customers’ names, addresses, and in some cases driver’s license numbers and Social Security numbers or Medicare claim numbers. Limited information related to some individuals’ Medicare premium payments, including electronic funds transfer information (bank account number, account holder name, account type and bank routing number) or credit card information (card holder name, credit card account number, expiration date and CVV (Card Verification Value) number) may also have been on the laptop.

New West mentioned that the information has not been used inappropriately. It is offering one year of complimentary credit monitoring to affected individuals. New West is also taking steps to prevent this type of incident from occurring in the future. It is installing additional security on company laptops, increasing employee education, and strengthening data security policies.

According to the statement:

The privacy and security of members’information is a top priority. Moving forward, we are committed to taking steps to prevent this type of incident from occurring in the future. These steps include installing additional security on all company laptops, enhancing education for our employees, and strengthening our data security policies and practices. 

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

————————————————————————————————————————————————————-

Alertsec is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Thumb Drive and Data Breach

January 16th, 2016

St. Luke’s Cornwall Hospital (SLCH) suffered a potential healthcare data breach after a USB thumb drive was stolen from its facility. Potentially affected information includes patient names, medical record numbers, dates of service, types of imaging service received, and “administrative–type information used for internal business purposes.”

SLCH conducted internal investigation. It found out that the thumb drive “appears to have included a file” that held certain patient information on it. Social Security numbers and electronic medical records were not included.

“SLCH values the privacy and security of its patients’ information and is taking steps to prevent this type of event from happening in the future, including requiring password and encryption protection for all of its USB thumb drives, and the implementation of new systems that do not require the use of thumb drives or other mobile media devices,” SLCH explained.

SLCH did not list how many individuals were affected. According to the OCR data breach reporting tool, 29,156 individuals as being affected.

Many other data breaches occur due to missing storage drives.  Advantage of encrypting storage drive includes –

  • Controls how these device are used
  • Enforces encryption policies on all data transfer
  • Limits the data to be transferred
  • Prevents Data Leakage
  • Provides flexibility as per the usage and working environment

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

————————————————————————————————————————————————————-

Alertsec is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

A missing storage device and data breach

January 14th, 2016

IU Health Arnett suffered data breach due to missing storage device. The incident potentially affected nearly 30,000 individuals. The device was unencrypted which went missing from its emergency department.

The hospital has yet to find the device. Facility mentioned that they are continuing their search for the device. They also said that there is currently no reason to believe that the information stored on it has been misused.

According to the reports, the device contained spreadsheets with limited health information belonging to emergency department patients. NPRs Chris Morisse Viza reports that those spreadsheets accounted for approximately 30,000 IU patients.

Affected information included patient names, dates of birth, ages, home telephone numbers, medical record numbers, dates of services, diagnoses, and treating physicians. These spreadsheets did not contain any Social Security numbers, financial information, or medical records.

IU Health Arnett maintains that patient privacy is one of its largest concerns. It also mentioned that they will be reassessing security procedures to ensure that incidents such as this do not occur in the future.

IU Health Arnett takes very seriously its obligation to maintain patient information secure, and we appreciate the trust our patients place in us,the hospital explained in a press release. We are taking steps to enhance the protection of portable storage devices and are reviewing policies and procedures to minimize the chance of such an incident occurring in the future.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

————————————————————————————————————————————————————-

Alertsec  is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec’s Check Point Full Disk Encryption.

Data breach at Washington Hospital Healthcare

January 12th, 2016

Washington Township Health Care District (the District) mentioned that unauthorized access of a computer associated with the Washington Community Health Resource Library may have resulted in data breach. According to a Washington Hospital statement signed by Washington Hospital Healthcare Systems Chief of Compliance Kristin Ferguson, MSN, MHA, BS, RN CHC, the device in question is used to maintain library identification cards.

Upon learning this, we immediately initiated a comprehensive internal review to determine what information may have been accessed,Ferguson explains. We also retained an outside computer forensic firm to assist in our investigation. That investigation is now complete.

Affected information includes individualsnames, addresses, and drivers license numbers. However, Social Security numbers and health information were not affected. As per the healthcare statement, there is no reason to believe that the information was used inappropriately. The affected computer was not connected to the Districts network.

Potentially affected individuals are provided with a complimentary, one-year membership to identify protection services.

To help prevent something like this from happening in the future, we are taking additional steps to strengthen and enhance the security of information on our network, including conducting a comprehensive review of our information security policies and procedures,the letter explained.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

————————————————————————————————————————————————————-

Alertsec is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Data breach at New Mexico Department of Health

January 10th, 2016

The New Mexico Department of Health reported that an employee’s laptop was stolen from the employee’s vehicle. The incident potentially compromised patient PHI.

According to the reports, the vehicle was parked at St. Joseph on the Rio Grande Church, where several other burglaries took place that same day. Affected information includes patient first and last names, dates of birth, facility unit and medications. In some cases, diagnosis data may have been exposed.

“The laptop and certain files were password protected,” the department explained. “The Department of Health has no evidence indicating that any individual’s protected health information has been accessed or utilized.”

Department mentioned that patients who may have been affected would have visited the New Mexico Behavioral Health Institute in Las Vegas, New Mexico between June of 1997 and September of 2013 or the Sequoyah Adolescent Treatment Center in Albuquerque between 2013 and 2015.

Around 561 individuals are affected by the incident. According to the statement:

  • The Department of Health has established a call center with ID Experts to answer questions and help the affected individuals enroll in the no-cost credit monitoring.
  • The Department has notified individuals impacted in writing and has set up a year’s worth of no cost credit monitoring.
  • The Department of Health has no evidence indicating that any individual’s protected health information has been accessed or utilized.
  • The Department of Health is working with law enforcement, but at this time, the laptop has not been recovered.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

————————————————————————————————————————————————————-

Alertsec is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Employee sent files to personal email

January 8th, 2016

California-based child welfare agency Hillsides suffered data breach when an employee sent internal files to a personal email address. Facility notified certain individuals that they may have been the victims of a PHI data breach after the incident.

Hillsides mentioned that the employee sent unencrypted files to his own personal email address on five separate occasions. Affected information included names, Social Security numbers, home address and phone numbers for 468 members of Hillsides staff. The files also included names, dates of birth, gender, medical identification numbers, therapist names, and rehabilitative therapists’ names for 502 Hillsides clients.

“We sincerely apologize for the inconvenience and concern these incidents may have caused to our staff and clients, whose privacy is very important to us,“ Hillsides CEO Joseph M. Costa said in a statement. “We will continue to investigate the incident, to reduce harm to potentially affected individuals, and to protect against future similar occurrences.”

Employee was terminated from his position upon discovery of the incident. Hillside believes that there has been no evidence of misuse of information. But it has been unable to recover the files from the email account or verify if the files have been deleted.

Hillsides is strengthening its safety measures to avoid such incidents.

“The agency is working with its legal counsel to ensure all appropriate steps and notifications are being followed,”the agency said in its statement. “They are also implementing an employee re-training program to reduce the risk of future occurrences and improve its internal security awareness procedures.”

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

————————————————————————————————————————————————————-

Alertsec is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Incorrect attachment sent out in a mass email

January 6th, 2016

The dermatology office of Dr. Mary Ruth Buchness, PC suffered data breach when an email was sent to certain patients which included a spreadsheet with patient demographic information. The email was sent out to take a survey.

Affected information included names, Social Security numbers, dates of birth, gender, dates of last service and next appointment, telephone numbers, addresses, email addresses, marital status, head of household, employer/occupation and race/ethnicity.

Around 14,000 patients were recently notified about the incident.

As soon as the error was discovered we notified our network administrator, who immediately shut down our email server in order to minimize the number of recipients who received the incorrect attachment,Buchness said in her notification letter. Nevertheless, although we have not yet determined the exact number of recipients, it appears that approximately one hundred thirty emails were sent.

Buchness added that of the 130 emails sent, 60 were successfully delivered and received. Notification letter failed to specify number of affected individuals. But the OCR data breach reporting database listed the number at 14,910.

A privacy and security consultant has been hired to help prevent future data breaches, Buchness stated, and will also help with implementing additional technical safeguards to prevent sending protected health information unintentionally through our e-mail system.

Office is providing additional HIPAA training to the employees. Also, there is temporary ban on sending emails to multiple recipients until the necessary procedures are followed.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

————————————————————————————————————————————————————-

Alertsec is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.