Archive for January, 2017

Software glitch at TriHealth

January 31st, 2017

TriHealth recently suffered software glitch which replaced the mailing addresses of 1,126 TriHealth patients with an old address. The healthcare organization had the old address on another file. The glitch resulted in sending billing statements and other correspondence to the previous addresses of patients.

“Please be assured that TriHealth takes patient privacy very seriously. The addresses of the affected patients have been corrected in TriHealth’s computer system and the software problem has been fixed. Please accept our sincere apology for any inconvenience this may have caused.”

Facility mentioned that they can’t confirm whether the billing statements was sent to patients current addresses. It is notifying patients of the incident. Incorrect billing statements, advisory letters, and other letters were sent to affected patients between November 15, 2016 and January 12, 2017.

Affected information included patient name, financial charges, payments and adjustments, balance and amount due, and appointment reminders, among other pieces of information. Facility mentioned that no sensitive patient information, such as Social Security numbers or credit card numbers, were affected.

TriHealth mentioned that there is no evidence of information misuse. It has offered a free credit report annually. It has now resolved the software problem.

About TriHealth

“Bethesda and Good Samaritan Hospital joined together to form TriHealth in 1995, bringing together two of Cincinnati’s finest health care organizations. Through these two acute care hospitals and more than 130 sites of care, TriHealth provides a wide range of clinical, educational, preventive and social programs. TriHealth’s non-hospital services include physician practice management, fitness centers and fitness center management, occupational health centers, home health and hospice care.”

According to a study conducted most of data breaches are the result of human mistakes and system problems.

“While external attackers and their evolving methods pose a great threat to companies, the dangers associated with the insider threat can be equally destructive and insidious,” says Larry Ponemon, chairman and founder of security research think tank the Ponemon Institute.

____________________________________________________________________________________________

 Alertsec helps you comply with HIPAA, PCI and SOX requirements.

CoPilot security breach

January 28th, 2017

CoPilot Provider Support Services, Inc. recently suffered a data breach. Facility mentioned that it detected unauthorized access at one of its databases. Potentially affected patients of this incident are notified. Facility has no information or evidence that the accessed data is misused.

“CoPilot recognizes the importance of protecting patient information and is committed to taking steps to prevent this type of incident from occurring again in the future, including the monitoring of its databases by K2 Intelligence, Inc., an independent and nationally renowned forensic IT firm. “

Incident affected database which included information on approximately 220,000 individuals. Patient names, addresses, health insurers, and Social Security numbers are included in the breach. Facility immediately launched an investigation into the incident. The investigation concluded that no sensitive PHI was accessed by an unauthorized party. It also found out that no financial information, medical treatment records or other sensitive information were accessed.

CoPilot issued letters to potentially affected patients informing them about the ways to protect themselves in the future. Facility has offered identity theft protection services to impacted individuals. They are also advised to regularly check their financial institution statements, account statements, and any other relevant accounts for possible unauthorized activity. Also, individuals are supposed to immediately report any suspicious activity.

The database was intended for healthcare professionals in the U.S. to let know patients on whether certain aspects of treatment are covered by insurance.

About CoPilot Provider Support Services, Inc.

“CoPilot is a fully integrated healthcare administrative services and information technology organization supporting providers in understanding the complexities of health insurance benefits, coding, coverage, and payments for each of their patients to ensure optimal treatment and better healthcare outcomes. CoPilot leadership includes executives with managed care, government, healthcare IT, call center and innovative portal development/operations experience. “

Company has setup dedicated call center to address the queries of affected patients.

____________________________________________________________________________________________

Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers.

Ukraine Blackout

January 27th, 2017

According to the Ukraine’s national power company Ukrenergo, blackout in Kiev was due to cyber attack. Initial reports suggested that workstations and SCADA systems at a 330-kilowatt substation were attacked by hackers. The Company didn’t mention the source from which the attack originated.

“The analysis of the impact of symptoms on the initial data of these systems indicates a premeditated and multi-level invasion,” Ukrenergo said.

“The attackers actually attacked more but couldn’t achieve all their goals.” Said Honeywell lead cyber security researcher Marina Krotofil.

Marina said that the attackers hid in the network for six months. She added, “The team involved had quite a few people working in it, with very serious tools and an engineer who understands the power infrastructure.”

In 2015, a similar attack was attributed to Russian hackers. It affected 225,000 people in western Ukraine while damaging power distribution equipment.

“Cyber attacks that cripple critical infrastructures continue to grow at a rapid pace — the repeated attacks on power plants in Ukraine, resulting in a loss of power to hundreds of thousands, [are] just the latest example,” Dtex Systems CEO Christy Wyatt told eSecurity Planet by email.

“It is crucial for all public and private sector organizations to focus on not only mitigating these attacks, but preventing nation state actors from gaining access to their networks in the first place,” Wyatt added.

Recent Survey Tripwire of 200 IT professionals working for governments has below findings –

Ninety-eight percent believe smart cities are at risk for cyber attacks

Thirty-eight percent said smart grids have the greater cyber security risks

Twenty percent said they have smart city initiatives

Fifty-five percent says they don’t have enough cybersecurity resources

“Security isn’t usually glamorous, and it can be difficult to    sell the need for added time and cost on a project, even when it’s to ensure that services are secure,” Tripwire senior director of IT security and risk strategy Tim Erlin said in a statement. “Smart city initiatives are pushing the technological envelope for urban infrastructure management, and it’s clear from the survey results that cyber security is being left out of the conversation.”

____________________________________________________________________________________________

Alertsec Endpoint Encrypt is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Largest number of data breaches in US in 2016

January 25th, 2017

Identity Theft Resource Center (ITRC) and CyberScout, 2016 conducted survey and mentioned that US suffered an all-time high of 1,093 reported data breaches. Previous year breaches stands at 780. Thus making a 40 percent increase in the breach count.

ITRC president and CEO Eva Velasquez said he is not sure whether the increased number is due to increase in the breaches or more companies making it public.

“For the 10 years, the ITRC has been aware of the under-reporting of data breach incidents on the national level and the need for more state or federal agencies to make breach notifications more publicly available,” Velasquez said in a statement. “This year we have seen a number of states take this step by making data breach notifications public on their websites.”

According to the survey the breaches categories include –

The business sector – 494  incidents

Healthcare industry – 377 incidents

The education sector – 98 incidents

The government/military -72 incidents

Banking/credit/financial sector – 52 incidents

Other findings include –

Hacking and phishing  attacks – 55.5 percent of breaches

Employee error – 8.7 percent breaches

Fifty-two percent exposed Social Security numbers

“For businesses of all sizes, data breaches hit close to home, thanks to a significant rise in CEO spear phishing and ransomware attacks,” CyberScout CEO Matt Cullina said in a statement. “With the click of a mouse by a naive employee, companies lose control over their customer, employee and business data.”

“In an age of an unprecedented threat, business leaders need to mitigate risk by developing C-suite strategies and plans for data breach prevention, protection and resolution,” Cullina added.

“The database compromises of 2016 confirmed yet again that breaches are the third certainty in life and we are all living in a constant state of cyber insecurity,” CyberScout chairman and founder Adam Levin said in a statement. “Hackers and identity thieves continue to evolve. They are very sophisticated, extremely creative and dogged in their pursuit of what is ours.”

Separately, 10Fold recently published a list of top ten breaches of 2016.

“If 2015 was the year of the healthcare data breach — breaches impacted nearly 40 million people — then 2016 was the year of the social media breach,” Angela Griffo, vice president of 10Fold’s cyber security practice, said in a statement. “Four of the top 10 breaches were social media related and impacted more than 640 million people.”

“But the biggest surprise of the year was Yahoo revealing that the information of more than 1.5 billion people had been stolen by attackers,” Griffo added. “Regardless of an attacker’s motive, any compromised information leaves users susceptible to identity theft and fraud.”

____________________________________________________________________________________________

Alertsec is powered by Check Point Endpoint Security products, which are positioned in the leaders quadrant in Gartner’s Magic Quadrant for Mobile Data Protection. The implemented encryption has the highest security certifications – FIPS, Common Criteria and BITS.

Cybersecurity breach at Virginia hospital

January 23rd, 2017

Sentara Healthcare announced data breach when one of its third party vendors suffered a cybersecurity breach. The incident affected personal health information. Vascular and thoracic procedures occurring between 2012 and 2015 at a Sentara facility where involved in this breach. Potentially accessed information includes patients’ names, medical records, and Social Security numbers.

“We assure our patients that we are committed to the security of the personal information we maintain and are taking this matter very seriously. To help prevent something like this from happening in the future, the vendor has informed us that it is enhancing its system security. In addition, Sentara continually strengthens policies and procedures and invests in technologies which protect our information technology systems.”

Sentara started the investigation by reaching third party vendor. It also called upon law enforcement. It has started sending and mailing advisory to affected individuals.

Facility suggested that the affected patients should check for any signs of possible fraud. Also, they are advised to review account statements and get free credit reports. Organisation has provided resources to help for future security.

“If you believe you are the victim of identity theft or have reason to believe your personal information has been misused, you should immediately contact the Federal Trade Commission and/or the Attorney General’s office in your state. You can obtain information from these sources about steps an individual can take to avoid identity theft as well as information about fraud alerts and security freezes.  You should also contact your local law enforcement authorities and file a police report.  Obtain a copy of the police report in case you are asked to provide copies to creditors to correct your records.”

Sentara is one of the nation’s top integrated healthcare systems. It works on a not-for-profit system which includes imaging centers, nursing and assisted-living centers, outpatient campuses, physical therapy and rehabilitation services, home health and hospice agency, a 3,800-provider medical staff and four medical groups. It also provides medical transport ambulances and nightingale air ambulance.

____________________________________________________________________________________________

Alertsec is powered by Check Point Endpoint Security products, which are positioned in the leaders quadrant in Gartner’s Magic Quadrant for Mobile Data Protection.

Data breach at Delaware

January 21st, 2017

Sixteen self-insured customers and nineteen thousand Highmark members were vulnerable due to a potential attack at Highmark Blue Cross Blue Shield in Delaware.The Delaware Department of Insurance released the information to the public after the incident.

Summit Reinsurance Services, Inc., in Indiana and BCS Financial in Illinois were the two subcontractors involved in the breach. Highmark didn’t specify the explicit nature of the breach. According to the reports, this incident is one of the several data breaches which is related to Summit Reinsurance Services, Inc. in 2016.

Early in November 2016, Summit reported a ransomware attack which impacted thousands of current and former Black Hawk College employees. Affected information contained PHI, including Social Security numbers and health insurance information.

There was also a potential data breach at Louisiana Health Cooperative, Inc. A ransomware compromised sensitive patient information including Social Security numbers.

Trinidad Navarro, the Delaware Insurance Commissioner mentioned that they are looking into the breach.

“I would like to ensure Delaware consumers that the Department of Insurance takes this matter seriously and is currently investigating how this occurred,” Navarro said. “I have directed my staff to closely monitor the situation as it develops. Many Delawareans have received mailed correspondence from Summit Reinsurance explaining the breach. Unfortunately, we fear that many may have misinterpreted or inadvertently discarded the latter as some form of sales ad.”

The Delaware Department of Insurance is helping affected patients by providing resources to answer any questions.

“The Commissioner has ordered an investigation into the reported breach. Highmark Blue Cross Blue Shield of Delaware is cooperating with the Delaware Department of Insurance to resolve the matter.”

“If consumers have received a letter from SummitRe regarding this situation and have questions, they may contact the Delaware Department of Insurance.”

____________________________________________________________________________________________

Alertsec Endpoint Encrypt is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

HIPAA violated by VA Senator

January 19th, 2017

A Virginia State Senator act of unlawful sharing of patient information led to an investigation into alleged HIPAA breach. As per the reports, senator during her 2015 campaign used patient contact information to send political solicitations. It violated federal health privacy rules.

Senator Dunnavant sent emails and print letters to 1500 patients during the 2015 election campaign. She ran in a four-way Republican primary for the 12th District seat. US Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) mentioned that senator broke federal HIPAA law due to the use of patients’ information and her decision to disclose the same with her campaign manager.

Conservative blogger Tom White and an unnamed individual filed a complaint against Dunnavant after receiving the letter during her campaign. HHS investigators mentioned that the case is closed. They mentioned that senator Dunnavant will not face any penalties or fines as she took prompt actions to minimize the damage.

“For me, it’s really all about the fact that none of my patients were harmed,” Dunnavant said.

She also added that it is regrettable. The senator said that she ran the letter by her medical practice board and lawyers. They took no issue with it. She also mentioned the sharing of information with campaign manager was done under HIPAA’s Privacy and Security rule. Investigators denied the legitimacy of her claim.

“Dr. Dunnavant’s position that the disclosure and use of (protected health information) to and by the campaign committee was strictly related to treatment or health care operations is not supported by the evidence,” Barbara J. Holland, the mid-Atlantic regional manager for the HHS OCR, wrote in a letter dated Dec. 6. “The letter expressly encouraged patients to participate in campaign activities and invited patients to contact the campaign for additional information.”

HHS mentioned that they are willing to take additional steps if more complaints or evidence of misconduct comes forward in the future.

____________________________________________________________________________________________

Alertsec helps you comply with HIPAA, PCI and SOX requirements.

Ransomware attacks

January 13th, 2017

The Susan M. Hughes Center recently announced a data breach due to ransomware attack on its computer system. The incident has potentially affected patients. Facility has immediately launched an investigation. Also, they have reset all passwords and removed the infected server from the system.

A Forensic firm is employed for investigation. It determined that an unknown person accessed server files. The affected information included patient names, telephone numbers, dates of service, types of service or treatment, and amounts paid.

Facility mentioned that there is no evidence of misuse of patient information. Also, sensitive PHI including Social Security numbers or account numbers have not been accessed.

The Hughes Center has started mailing advisory letters to potentially impacted patients. Also, the facility established a call center to answer queries.

“We regret any inconvenience or concern this may have caused our patients. To help prevent something like this from happening in the future we are working with a security firm to enhance the security of our systems.”

Another ransomeware attack involves Summit Reinsurance Services, Inc. who alerted Alliant Health Plans, Inc. of a ransomware attack on its servers.  The affected server contained patient data of more than 1,000 Alliant members.  Facility mentioned that the investigation didn’t provided any evidence of data misuse. Also, Alliant mentioned that its members are at very low risk of data breach consequences.

Affected information included Social Security numbers, health insurance information, and claim-focused medical records.

Summit is updating its policies, procedures and protections for member information to minimise the damage.It also working on other precautionary measures to prevent further incident. Alliant will be continuing encryption to prevent foreign access of sensitive information.

Summit is notifying the affected individuals and also offering one year of identity theft protection to potentially impacted Alliant members.

“As always, Alliant and Summit recommend taking steps to prevent identity theft by monitoring your credit reports for any unusual activity.”

____________________________________________________________________________________________

Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers.

Data breach due to virus

January 10th, 2017

Brandywine Pediatrics, P.A in Delaware recently suffered data breach exposing PHI for many patients. Brandone came to know about the incident when it discovered a file server which was locked due to virus.

Facility immediately recovered the files from backup tapes. Also, it started the investigation and took help of a forensic computer expert. This incident has affected certain PHI which includes name, address, and health insurance and medical information.

Brandwine mentioned that there is exposure of health information but it has not found any evidence which suggests that it was misused. It also included in statement that there is no chance of compromise of patients’ Social Security numbers or payment card information.

Affected individuals are notified about the incident and had asked to take steps to protect them. Facility has improved the security of its systems. Also, policies and procedures are reviewed.

Brandwine mentioned that the privacy and protection of the patients is a top priority.  It also deeply regret any inconvenience or concern this incident may cause. The number of affected individuals are not mentioned in the statement.

Types of attack to gain database access

Physical theft or loss of the device

Rogue employee or other insiders misusing privileges to gain financial or personal gains

Attacks on website and application by finding weaknesses in coding

Phishing to gain passwords and usernames. Legitimate-looking email are sent to employees

Installing malicious software which misdirects users to fraudulent websites

‘Dedicated Denial of Service’ attacks

Ransomware attacks

Point-of-sale intrusions

Remote attacks

Payment card skimmers

Viruses

Worms

Trojan Horses

 Data breaches also occur due to human errors which includes below –

Sending sensitive information to the wrong person by email or fax by mistake

Making information publicly available on a web server or website by mistake

Incorrect disposing of data which also includes paper data

Losing electronic device which contains sensitive data

____________________________________________________________________________________________

Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers.

Ransomware leads to data breach

January 7th, 2017

Arizona-based Desert Care Family & Sports Medicine recently announced data breach due to ransomware attack. The incident has affected up to 500 patient records. Desert Care has notified local police and the FBI. It has also taken its server to IT specialists so that ransomware encryption can be broken to retrieve affected patient data. But they are not able to access the encrypted data. All hacked patient records remain unavailable.

Desert Care in the statement mentioned that “We understand that this may pose an inconvenience to you. We sincerely apologize and regret that this situation has occurred. Desert Care is committed to providing quality care, including protecting your personal information, and we want to assure you that we have policies and procedures to protect your privacy.”

Facility mentioned that it does not know whether the information has been exposed. It said that by the type of ransomware the intention was to gain access to information. It also mentioned that it doubts any information has been affected or copied onto a different system.

Affected patients are sent notification by the facility. It alerted them about the incident. According to the reports – full name, dates of birth, home addresses, account numbers, and disability codes are potentially exposed. Desert Care started a forensic investigation into the incident. Also, it is updating its technology and policies to prevent future attacks.

“Desert Care is taking steps to mitigate any data disclosure and to prevent any future incidents. The ransomware attack was reported to the authorities and we fully intend to cooperate with any investigations. In addition, we are conducting our own forensic investigation into the attack. We are also updating our technology and policies to prevent future incidents. “

Facility has advised the patients to make effort for protection which includes-

Consumers should register a fraud alert with one of three credit bureaus

Monitor all account statements, and contact the Consumer Protection Division of the Arizona Attorney’s General Office or the Federal Trade Commission’s Fraud Victim Assistance Department for assistance.

____________________________________________________________________________________________

Alertsec helps you comply with HIPAA, PCI and SOX requirements.