Archive for January, 2017

PHI available online

January 5th, 2017

Indiana-based Fairbanks Hospital recently mentioned that they suffered data breach. It said that Fairbanks employees had online access to certain current and former patients’ PHI. This access was not meant for all the employees.

“The investigation has determined that this issue existed since at least November of 2013, however we are unable to determine whether the issue existed prior to that time,” the hospital said. “We have now corrected this issue so that only the appropriate Fairbanks personnel has electronic access to files containing patient information.”

As per the OCR data breach reporting tool, incident affected 12,994 individuals. Breached information included names, Social Security numbers, dates of birth, contact information, patient identification numbers, diagnoses, treatment information, health insurance information, and information related to initial admission and appointment scheduling.

Facility mentioned that the affected information will vary by patient. The majority of patients are “only having their name and limited information relating to initial admission and scheduling of appointments impacted.”

Fairbanks said that it is not aware of any actual or attempted misuse of the information. Facility is offering Identity and credit monitoring services.

“We encourage you to remain vigilant against incidents of identity theft and fraud, to review your account statements, and to monitor your credit reports and explanation of benefits forms for suspicious activity,” Fairbanks said. “This also includes reviewing account statements, medical bills, and health insurance statements regularly to ensure that no one has submitted fraudulent medical claims using your name and address.”

Fairbanks mentioned that individuals can place “fraud alert’ at no charge. This step will alert creditors to take additional steps to verify your identity prior to granting credit in your name. As this procedure tells creditors to follow certain rules, it may delay individuals’ ability to obtain credit.

Individuals can also place a security freeze on credit reports. This process will give rights to bureau not to release any information from a consumer’s credit report without the consumer’s written authorization. It may delay, interfere or prevent timely approval. It can affect processing for new loans, credit mortgages, employment, housing, or other services. This service is provided free of cost if individual provides valid police report.

Individuals can also educate themselves for identity theft, fraud alerts, and the steps one can take by contacting the Federal Trade Commission or individuals’ state Attorney General.

____________________________________________________________________________________________

Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers.

Data breach at New Hampshire Hospital

January 2nd, 2017

New Hampshire Hospital recently suffered data breach when a patient reportedly hacked into the New Hampshire Department Of Health And Human Services (DHHS). PHI was posted online which affected 15,000 individuals.

DHHS came to know about the incident on November 4, 2016. Facilities internal files were posted on social media site. The list of DHHS clients are those who received services from DHHS prior to November 2015. Affected information includes names, addresses, Social Security numbers, and Medicaid identification numbers.

According to the reports, the person who accessed the information was patient at the facility. individual used a computer available for patient use in the hospital library. The individual was “observed by a staff member to have accessed non-confidential DHHS information on a personal computer located in the New Hampshire Hospital library.”

“The staff member notified a supervisor, who took steps to restrict access to the library computers. This incident, however, was not reported to management at New Hampshire Hospital or DHHS. In August 2016, a security official at New Hampshire Hospital informed DHHS that the same individual may have posted on social media some DHHS information. That was immediately reported to the Department of Information Technology, the State Police and other state officials.”

Facility believes that PHI was not misused. Also, credit card or banking information was not accessed. DHHS said that affected individuals are encouraged to monitor their credit and banking statements. They are told that they “can protect themselves from incidents of identity theft or fraud by reviewing their account statements and monitoring their credit.”

“Safeguarding the personal, financial and medical information of DHHS clients is one of this Department’s highest priorities,” DHHS stated. “DHHS will continue to work with state agency partners to make every effort to ensure that the Department’s data remains secure.”

Facility mentioned that they can report any suspicion of identity theft or fraud to local law enforcement Individuals and or the Consumer Protection Bureau at the New Hampshire Department of Justice.

“DHHS is making available a toll-free telephone number that affected individuals may call with questions about this incident.”

____________________________________________________________________________________________

Alertsec helps you comply with HIPAA, PCI and SOX requirements. The implemented encryption is powered by CheckPoint and has the highest security certifications: FIPS 140-2, Common Criteria EAL4 and BITS.