Archive for the ‘Alertsec Express’ category

Cybersecurity breach at Virginia hospital

January 23rd, 2017

Sentara Healthcare announced data breach when one of its third party vendors suffered a cybersecurity breach. The incident affected personal health information. Vascular and thoracic procedures occurring between 2012 and 2015 at a Sentara facility where involved in this breach. Potentially accessed information includes patients’ names, medical records, and Social Security numbers.

“We assure our patients that we are committed to the security of the personal information we maintain and are taking this matter very seriously. To help prevent something like this from happening in the future, the vendor has informed us that it is enhancing its system security. In addition, Sentara continually strengthens policies and procedures and invests in technologies which protect our information technology systems.”

Sentara started the investigation by reaching third party vendor. It also called upon law enforcement. It has started sending and mailing advisory to affected individuals.

Facility suggested that the affected patients should check for any signs of possible fraud. Also, they are advised to review account statements and get free credit reports. Organisation has provided resources to help for future security.

“If you believe you are the victim of identity theft or have reason to believe your personal information has been misused, you should immediately contact the Federal Trade Commission and/or the Attorney General’s office in your state. You can obtain information from these sources about steps an individual can take to avoid identity theft as well as information about fraud alerts and security freezes.  You should also contact your local law enforcement authorities and file a police report.  Obtain a copy of the police report in case you are asked to provide copies to creditors to correct your records.”

Sentara is one of the nation’s top integrated healthcare systems. It works on a not-for-profit system which includes imaging centers, nursing and assisted-living centers, outpatient campuses, physical therapy and rehabilitation services, home health and hospice agency, a 3,800-provider medical staff and four medical groups. It also provides medical transport ambulances and nightingale air ambulance.

____________________________________________________________________________________________

Alertsec is powered by Check Point Endpoint Security products, which are positioned in the leaders quadrant in Gartner’s Magic Quadrant for Mobile Data Protection.

Data breach at Delaware

January 21st, 2017

Sixteen self-insured customers and nineteen thousand Highmark members were vulnerable due to a potential attack at Highmark Blue Cross Blue Shield in Delaware.The Delaware Department of Insurance released the information to the public after the incident.

Summit Reinsurance Services, Inc., in Indiana and BCS Financial in Illinois were the two subcontractors involved in the breach. Highmark didn’t specify the explicit nature of the breach. According to the reports, this incident is one of the several data breaches which is related to Summit Reinsurance Services, Inc. in 2016.

Early in November 2016, Summit reported a ransomware attack which impacted thousands of current and former Black Hawk College employees. Affected information contained PHI, including Social Security numbers and health insurance information.

There was also a potential data breach at Louisiana Health Cooperative, Inc. A ransomware compromised sensitive patient information including Social Security numbers.

Trinidad Navarro, the Delaware Insurance Commissioner mentioned that they are looking into the breach.

“I would like to ensure Delaware consumers that the Department of Insurance takes this matter seriously and is currently investigating how this occurred,” Navarro said. “I have directed my staff to closely monitor the situation as it develops. Many Delawareans have received mailed correspondence from Summit Reinsurance explaining the breach. Unfortunately, we fear that many may have misinterpreted or inadvertently discarded the latter as some form of sales ad.”

The Delaware Department of Insurance is helping affected patients by providing resources to answer any questions.

“The Commissioner has ordered an investigation into the reported breach. Highmark Blue Cross Blue Shield of Delaware is cooperating with the Delaware Department of Insurance to resolve the matter.”

“If consumers have received a letter from SummitRe regarding this situation and have questions, they may contact the Delaware Department of Insurance.”

____________________________________________________________________________________________

Alertsec Endpoint Encrypt is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

HIPAA violated by VA Senator

January 19th, 2017

A Virginia State Senator act of unlawful sharing of patient information led to an investigation into alleged HIPAA breach. As per the reports, senator during her 2015 campaign used patient contact information to send political solicitations. It violated federal health privacy rules.

Senator Dunnavant sent emails and print letters to 1500 patients during the 2015 election campaign. She ran in a four-way Republican primary for the 12th District seat. US Department of Health and Human Services’ (HHS) Office for Civil Rights (OCR) mentioned that senator broke federal HIPAA law due to the use of patients’ information and her decision to disclose the same with her campaign manager.

Conservative blogger Tom White and an unnamed individual filed a complaint against Dunnavant after receiving the letter during her campaign. HHS investigators mentioned that the case is closed. They mentioned that senator Dunnavant will not face any penalties or fines as she took prompt actions to minimize the damage.

“For me, it’s really all about the fact that none of my patients were harmed,” Dunnavant said.

She also added that it is regrettable. The senator said that she ran the letter by her medical practice board and lawyers. They took no issue with it. She also mentioned the sharing of information with campaign manager was done under HIPAA’s Privacy and Security rule. Investigators denied the legitimacy of her claim.

“Dr. Dunnavant’s position that the disclosure and use of (protected health information) to and by the campaign committee was strictly related to treatment or health care operations is not supported by the evidence,” Barbara J. Holland, the mid-Atlantic regional manager for the HHS OCR, wrote in a letter dated Dec. 6. “The letter expressly encouraged patients to participate in campaign activities and invited patients to contact the campaign for additional information.”

HHS mentioned that they are willing to take additional steps if more complaints or evidence of misconduct comes forward in the future.

____________________________________________________________________________________________

Alertsec helps you comply with HIPAA, PCI and SOX requirements.

Ransomware attacks

January 13th, 2017

The Susan M. Hughes Center recently announced a data breach due to ransomware attack on its computer system. The incident has potentially affected patients. Facility has immediately launched an investigation. Also, they have reset all passwords and removed the infected server from the system.

A Forensic firm is employed for investigation. It determined that an unknown person accessed server files. The affected information included patient names, telephone numbers, dates of service, types of service or treatment, and amounts paid.

Facility mentioned that there is no evidence of misuse of patient information. Also, sensitive PHI including Social Security numbers or account numbers have not been accessed.

The Hughes Center has started mailing advisory letters to potentially impacted patients. Also, the facility established a call center to answer queries.

“We regret any inconvenience or concern this may have caused our patients. To help prevent something like this from happening in the future we are working with a security firm to enhance the security of our systems.”

Another ransomeware attack involves Summit Reinsurance Services, Inc. who alerted Alliant Health Plans, Inc. of a ransomware attack on its servers.  The affected server contained patient data of more than 1,000 Alliant members.  Facility mentioned that the investigation didn’t provided any evidence of data misuse. Also, Alliant mentioned that its members are at very low risk of data breach consequences.

Affected information included Social Security numbers, health insurance information, and claim-focused medical records.

Summit is updating its policies, procedures and protections for member information to minimise the damage.It also working on other precautionary measures to prevent further incident. Alliant will be continuing encryption to prevent foreign access of sensitive information.

Summit is notifying the affected individuals and also offering one year of identity theft protection to potentially impacted Alliant members.

“As always, Alliant and Summit recommend taking steps to prevent identity theft by monitoring your credit reports for any unusual activity.”

____________________________________________________________________________________________

Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers.

Data breach due to virus

January 10th, 2017

Brandywine Pediatrics, P.A in Delaware recently suffered data breach exposing PHI for many patients. Brandone came to know about the incident when it discovered a file server which was locked due to virus.

Facility immediately recovered the files from backup tapes. Also, it started the investigation and took help of a forensic computer expert. This incident has affected certain PHI which includes name, address, and health insurance and medical information.

Brandwine mentioned that there is exposure of health information but it has not found any evidence which suggests that it was misused. It also included in statement that there is no chance of compromise of patients’ Social Security numbers or payment card information.

Affected individuals are notified about the incident and had asked to take steps to protect them. Facility has improved the security of its systems. Also, policies and procedures are reviewed.

Brandwine mentioned that the privacy and protection of the patients is a top priority.  It also deeply regret any inconvenience or concern this incident may cause. The number of affected individuals are not mentioned in the statement.

Types of attack to gain database access

Physical theft or loss of the device

Rogue employee or other insiders misusing privileges to gain financial or personal gains

Attacks on website and application by finding weaknesses in coding

Phishing to gain passwords and usernames. Legitimate-looking email are sent to employees

Installing malicious software which misdirects users to fraudulent websites

‘Dedicated Denial of Service’ attacks

Ransomware attacks

Point-of-sale intrusions

Remote attacks

Payment card skimmers

Viruses

Worms

Trojan Horses

 Data breaches also occur due to human errors which includes below –

Sending sensitive information to the wrong person by email or fax by mistake

Making information publicly available on a web server or website by mistake

Incorrect disposing of data which also includes paper data

Losing electronic device which contains sensitive data

____________________________________________________________________________________________

Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers.

Ransomware leads to data breach

January 7th, 2017

Arizona-based Desert Care Family & Sports Medicine recently announced data breach due to ransomware attack. The incident has affected up to 500 patient records. Desert Care has notified local police and the FBI. It has also taken its server to IT specialists so that ransomware encryption can be broken to retrieve affected patient data. But they are not able to access the encrypted data. All hacked patient records remain unavailable.

Desert Care in the statement mentioned that “We understand that this may pose an inconvenience to you. We sincerely apologize and regret that this situation has occurred. Desert Care is committed to providing quality care, including protecting your personal information, and we want to assure you that we have policies and procedures to protect your privacy.”

Facility mentioned that it does not know whether the information has been exposed. It said that by the type of ransomware the intention was to gain access to information. It also mentioned that it doubts any information has been affected or copied onto a different system.

Affected patients are sent notification by the facility. It alerted them about the incident. According to the reports – full name, dates of birth, home addresses, account numbers, and disability codes are potentially exposed. Desert Care started a forensic investigation into the incident. Also, it is updating its technology and policies to prevent future attacks.

“Desert Care is taking steps to mitigate any data disclosure and to prevent any future incidents. The ransomware attack was reported to the authorities and we fully intend to cooperate with any investigations. In addition, we are conducting our own forensic investigation into the attack. We are also updating our technology and policies to prevent future incidents. “

Facility has advised the patients to make effort for protection which includes-

Consumers should register a fraud alert with one of three credit bureaus

Monitor all account statements, and contact the Consumer Protection Division of the Arizona Attorney’s General Office or the Federal Trade Commission’s Fraud Victim Assistance Department for assistance.

____________________________________________________________________________________________

Alertsec helps you comply with HIPAA, PCI and SOX requirements.

PHI available online

January 5th, 2017

Indiana-based Fairbanks Hospital recently mentioned that they suffered data breach. It said that Fairbanks employees had online access to certain current and former patients’ PHI. This access was not meant for all the employees.

“The investigation has determined that this issue existed since at least November of 2013, however we are unable to determine whether the issue existed prior to that time,” the hospital said. “We have now corrected this issue so that only the appropriate Fairbanks personnel has electronic access to files containing patient information.”

As per the OCR data breach reporting tool, incident affected 12,994 individuals. Breached information included names, Social Security numbers, dates of birth, contact information, patient identification numbers, diagnoses, treatment information, health insurance information, and information related to initial admission and appointment scheduling.

Facility mentioned that the affected information will vary by patient. The majority of patients are “only having their name and limited information relating to initial admission and scheduling of appointments impacted.”

Fairbanks said that it is not aware of any actual or attempted misuse of the information. Facility is offering Identity and credit monitoring services.

“We encourage you to remain vigilant against incidents of identity theft and fraud, to review your account statements, and to monitor your credit reports and explanation of benefits forms for suspicious activity,” Fairbanks said. “This also includes reviewing account statements, medical bills, and health insurance statements regularly to ensure that no one has submitted fraudulent medical claims using your name and address.”

Fairbanks mentioned that individuals can place “fraud alert’ at no charge. This step will alert creditors to take additional steps to verify your identity prior to granting credit in your name. As this procedure tells creditors to follow certain rules, it may delay individuals’ ability to obtain credit.

Individuals can also place a security freeze on credit reports. This process will give rights to bureau not to release any information from a consumer’s credit report without the consumer’s written authorization. It may delay, interfere or prevent timely approval. It can affect processing for new loans, credit mortgages, employment, housing, or other services. This service is provided free of cost if individual provides valid police report.

Individuals can also educate themselves for identity theft, fraud alerts, and the steps one can take by contacting the Federal Trade Commission or individuals’ state Attorney General.

____________________________________________________________________________________________

Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers.

Data breach at New Hampshire Hospital

January 2nd, 2017

New Hampshire Hospital recently suffered data breach when a patient reportedly hacked into the New Hampshire Department Of Health And Human Services (DHHS). PHI was posted online which affected 15,000 individuals.

DHHS came to know about the incident on November 4, 2016. Facilities internal files were posted on social media site. The list of DHHS clients are those who received services from DHHS prior to November 2015. Affected information includes names, addresses, Social Security numbers, and Medicaid identification numbers.

According to the reports, the person who accessed the information was patient at the facility. individual used a computer available for patient use in the hospital library. The individual was “observed by a staff member to have accessed non-confidential DHHS information on a personal computer located in the New Hampshire Hospital library.”

“The staff member notified a supervisor, who took steps to restrict access to the library computers. This incident, however, was not reported to management at New Hampshire Hospital or DHHS. In August 2016, a security official at New Hampshire Hospital informed DHHS that the same individual may have posted on social media some DHHS information. That was immediately reported to the Department of Information Technology, the State Police and other state officials.”

Facility believes that PHI was not misused. Also, credit card or banking information was not accessed. DHHS said that affected individuals are encouraged to monitor their credit and banking statements. They are told that they “can protect themselves from incidents of identity theft or fraud by reviewing their account statements and monitoring their credit.”

“Safeguarding the personal, financial and medical information of DHHS clients is one of this Department’s highest priorities,” DHHS stated. “DHHS will continue to work with state agency partners to make every effort to ensure that the Department’s data remains secure.”

Facility mentioned that they can report any suspicion of identity theft or fraud to local law enforcement Individuals and or the Consumer Protection Bureau at the New Hampshire Department of Justice.

“DHHS is making available a toll-free telephone number that affected individuals may call with questions about this incident.”

____________________________________________________________________________________________

Alertsec helps you comply with HIPAA, PCI and SOX requirements. The implemented encryption is powered by CheckPoint and has the highest security certifications: FIPS 140-2, Common Criteria EAL4 and BITS.

Ransomware attack

December 30th, 2016

Summit Reinsurance Services recently suffered a potential cyber security threat. The incident may have affected thousands of current and former Black Hawk College employees. Summit works as reinsurance carrier for the Health Alliance, a third-party health insurance administrator for the college.

As per the website, “Summit Reinsurance provides a full-service managing general underwriter and reinsurance intermediary broker who focuses exclusively on managed care.”

Summit Re site also mentioned that it closely works with clients to completely understand risk profile. It also considers clients’ strategic vision and unique reinsurance needs. It believes that the traditional solutions don’t always provide the best experience. Customized solutions are needed considering clients’ requirements. It also provides medical management services to offer cost savings options.

After the attack, Summit informed Black Hawk. According to the reports, ransomware had infected a server containing information which includes names, Social Security numbers, health insurance information, and claim-focused medical records of current and former employees and their dependents.

As per the third-party forensic investigator, the incident occurred on March 12. Summit believes that there is no evidence for any personal information misuse. The investigation is currently ongoing. Also, potentially affected individuals are notified. They are informed about the steps which needs to be taken to improve security. Free access to one year of credit monitoring is provided.

Facility has set up call center to answer all the queries. Summit Reinsurance also suffered data breach earlier this month. That incident affected a server holding information including Social Security numbers and health insurance information.

“We are pleased that Summit Reinsurance Services is moving aggressively and taking the appropriate steps to notify the affected individuals and to minimize the impact this incident may have on them,” said Dr. Bettie Truitt, president of Black Hawk College.

 ___________________________________________________________________________________

Alertsec is powered by Check Point Endpoint Security products, which are positioned in the leaders quadrant in Gartner’s Magic Quadrant for Mobile Data Protection.

Data breach investigation and deadlines

December 29th, 2016

Balabit survey recently conducted a survey of more than 100 IT companies and security professionals. It has following observations:

Seventy-five percent fix time limit for investigation of potential data security incidents

Forty-four percent said that they missed internal or external deadlines of data breach investigation or reporting

Seven percent of respondents mentioned that they faced serious consequences due to missed deadline

“The Balabit survey identified that the primary reason for not being able to investigate data breaches in time is that organizations still do not understand their own data,” Balabit product manager Peter Gyongyosi said in a statement. “It is difficult for them to extract the necessary information from unstructured data with their existing tools and they lack the contextual information that would help transform this data into valuable, actionable information.”

Survey also found out that thirty percent need not report to external authorities about the progress

Seventy percent are required to report to external authorities but only twenty-five percent has set time limit

“Data and information are two different things entirely,” Prevalent director of product management Jeff Hill said. “The former is easy to collect; extracting the latter from it is much easier said than done.”

“The results of the Balabit survey are likely to surprise few in the cyber security community,” Hill added. “Investigating breaches is tedious, requires specific expertise, is increasingly difficult as attack vectors become more sophisticated, and is usually undertaken in a highly stressful and pressure-filled environment. Current techniques often require the painstaking parsing of millions of logs and identifying subtle changes in behavior.”

“CEOs are underestimating their companies’ cyber vulnerabilities,” RedSeal chairman and CEO Ray Rothrock said in a statement. “Their confidence does not square with what we observe. Cyber attacks are up and financial losses associated with these attacks are increasing dramatically.”

 ___________________________________________________________________________________

Alertsecs cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers.