Archive for the ‘Bkis’ category

Heart Group suffers computer breach

June 2nd, 2015

 

New York’s Buffalo Heart Group, LLP suffered data breach which potentially affected 500 to 600 patients. The exposed information includes patient names, dates of birth, addresses, telephone numbers, e-superbills, and appointment schedules. However, Social Security numbers, health information and financial information were not included.

“The recently completed internal investigation indicated insider wrongdoing resulted in the access of certain health information by unnamed third parties operating under the direction of a physician then associated with the medical practice and used by the physician to solicit patients in connection with the physician’s new employment,” according to a statement by the law firm Hurwitz-Fine that was published by WKBW Buffalo.

According to the statement:

The medical practice is working with the NYS Department of Health, Office of Professional Medical Conduct, on the matter, but emphasized that the computer system is secure, there has been no unauthorized access since June, 2014 and that it is unlikely that any precautionary or preventative measures are required to be taken by affected individuals.

Buffalo Heart Group has begun sending patient notification letters this week to affected individuals and has notified the federal Department of Health & Human Services.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

 

Malware hits Advantage dental database

March 13th, 2015

Oregon based Advantage Dental suffered data breach when its internal database was attacked by malware. The unauthorized access affected 151,626 Advantage patients. The compromised information includes names, dates of birth, phone numbers, Social Security numbers, and home addresses. According to the reports, treatment, payment, and other financial data were not accessed.

“Since terminating the illegal access, Advantage has been reviewing and improving its safeguards, implemented mitigation steps to prevent further access and has been working with law enforcement to properly determine the scope of the incident and any additional steps that might be required,” the statement read. “At this time, Advantage has no indication that the stolen information has been used for criminal activity, to include identity theft.”

Advantage Compliance Manager Jeff Dover told that the theft happened after the malware accessed an Advantage employee’s computer. Username and password that allows access to the membership database was stolen from there. This is a separate database from the one that contains financial and treatment information.

“Unfortunately this happened,” Dover said, adding that Advantage computers are equipped with anti-virus software, but sometimes new variations of a virus are not detected. “What you can do is be as transparent as you can, take responsibility for it, learn from it and then move on.”

After this incident, Advantage is no longer allowing access to its internal patient database from computers that are not within company clinics or its Redmond headquarters.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Bon Secours suffers data breach due to former employee

November 17th, 2014

Employee’s access to patient’s PHI leads can lead to unauthorized activity. Hence, companies are generally advised to monitor the system. The recent incident involves, Bon Secours Kentucky Health System where former employee had accessed PHI information from the system. The total number of affected patients stands at 700. According to the reports, the affected data includes names, dates of birth and the last four digits of their Social Security number.

For few patients, there is wider breach which includes names, dates of service, provider and facility names, patient account numbers (which may have included Social Security numbers), dates of birth, and treatment information, such as diagnosis. Bon Secours found that a user ID and password assigned to a former employee had been used to access information in the Athena health system

“Due to the nature of the access, and out of an abundance of caution to protect our patients, we approached law enforcement, specifically the Secret Service, to assist us with our investigation,” the statement read. “The Secret Service asked Bon Secours to delay notifying patients until their investigation was complete so as not to compromise their investigation.”

Bon Secours notified the affected patients by mail about the breach and one year of free credit monitoring and identity protection services is initiated.

“We are deeply sorry that this occurred,” the statement read. “In response to this matter, we are working with our vendor, Athena, to ensure that all user IDs and passwords to their system are properly and permanently disabled when Bon Secours determines that an employee should no longer have access to information in the Athena system.”

Alertsec strengthens security
Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Record stolen from doctor’s storage shed

October 25th, 2014

Dr. Nisar A. Quraishi came to know that both latches on the shed door of his office’s storage facility had been cut and medical records of patients he had treated was stolen. According to the reports, approximately 40,000 patient records containing protected health information (PHI) were missing. The records reportedly included patients’ Social Security numbers, dates of birth, home addresses and medical histories.

Quraishi said he had “no idea” who broke into the shed and that he had not been to the property since Aug. 10, at which point the shed was still secure, the news source reported. Quraishi became aware of the issue when he was contacted by a neighborhood resident that the lock was broken. Quraishi also told police he was unable to immediately provide any of the names of the patients whose records were stolen from the shed.

While conducting investigation, police said there were no security cameras or witnesses in the area or at the scene. According to the Journal, neighbors weren’t even aware that a break-in had occurred in the first place. It was also reported that the first floor of Quraishi’s office “is a gutted, empty space with exposed beams and no carpet.

A spokeswoman for NYU Langone Medical Center, where Quraishi has been employed since January, said the stolen records were not of NYU Langone patients.

“The patient records involved were from Dr. Quraishi’s private practice … and therefore do not include any treatments provided by him since his employment with NYU Langone as of January 2014,” said Lisa Greiner, senior director of institutional communications at NYU Langone Medical Center. “The medical records of patients who were treated at NYU Langone by Dr. Quraishi are not part of the breach in question.”

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

 

X-Ray films and data exposure

October 23rd, 2014

California healthcare facility suffered data breach when improper disposal of information affected PHI. Graybill Medical Group notified patients of a potential data breach after X-ray films were accidentally taken out with the regular trash. It was meant to be sent to a waste disposal company.

According to the reports, the films set for disposal were placed in a trash liner bag but the employee who was supposed to take them to the disposal company was ill.

“Later that evening or early the next morning, our janitorial service gathered the films, believing they were to be disposed of as ordinary trash,” Arena said in the release. “That bag was then taken to a dumpster and collected by the waste disposal company. When this was discovered the following day, we attempted to locate the films in the dumpster but it had already been emptied.”

Graybill tried to possess the information by reaching to trash company but was informed that they had already been taken to a landfill and were irretrievable.

“Of the total group of X-ray films that were taken during that period, only a small percentage were to be destroyed,” Arena explained. “Unfortunately, because we do not know which films were in the group set for destruction, we are taking the extra precaution of notifying all patients who had X-rays taken during that time.”

According to the reports, films did not contain Social Security numbers or any other medical information. However, they did contain patient names, addresses, phone numbers, dates of birth and medical provider identification.

“It is our sincere belief that the trash bag of X-ray films is now buried in an unknown location in the landfill, and we have no reason to believe that any of demographic information they contain will be accessed or used in an adverse way in the future,” Arena said. “Protecting the privacy of our patients is of the highest priority in our organization and we deeply regret this incident occurred.”

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Laptops with PHI missing

October 21st, 2014

In the unprecedented event, few laptops went missing in the period of three years from ambulances in the Dallas area. According to the reports, laptops contained patient information. Dallas City Hall stated that Dallas Fire-Rescue (DFR) Emergency Medical Services (EMS) laptop computers in DFR ambulances “became unaccounted for” in the three-year period.

“If the EMS laptop used during a patient’s treatment was one of those unaccounted for, and if the paramedics performed an electrocardiogram (EKG) on the patient, that EKG and possibly the patient’s name, age and gender, may have become accessible to an unauthorized person(s),” explained a press release from the city of Dallas.

Incident was reported to US Department of Health and Human Services (HHS) and according to the process affected patients were notified.

“The City has formed a breach assessment team, which is working with an outside consulting firm to assess potential security risks related to the EMS laptops,” the statement read. “Once the risks have been identified, actions will be implemented to prevent such events from recurring.”

Reports failed to mention number of laptops that went missing. According to the release, Patients who have been contacted and who have questions related to this matter can call the Dallas Fire-Rescue EMS staff.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

A Pennsylvania healthcare service suffers data breach

October 19th, 2014

A Pennsylvania healthcare service suffered data breach incident which may led to personal health information (PHI) misuse. According to the reports, computer server containing patient information for Dr. Barry Snyder was breached after a third party element accessed information wrongly.

“Our forensics experts cannot verify with 100 percent certainty that the data security event occurred, but Penn Highlands Brookville is providing notice to affected patients so that they may take steps to protect their identity if they feel it is necessary,” the release said.

The affected information includes patients’ names, addresses, dates of birth, driver’s license numbers, Social Security numbers, phone numbers, insurance information, medical information and gender.

Healthcare swung into action and hired national security and computer forensics experts to thoroughly investigate the incident. It also provided toll free number for patients to call for more information.

According to the press release:

Penn Highlands Brookville encourages its patients to remain vigilant by reviewing account statements for any unusual activity, notifying their credit card companies, and monitoring their credit reports. Under U.S. law, individuals are entitled to one free credit report annually from each of the three major credit bureaus. 

At no charge, you can also have these credit bureaus place a “fraud alert” on their files that alerts creditors to take additional steps to verify their identity prior to granting credit in their names. Please note, however, that because it tells creditors to follow certain procedures to protect the individual’s credit, it may also delay the ability to obtain credit while the agency verifies the individual’s identity. As soon as one credit bureau confirms an individual’s fraud alert, the others are notified to place fraud alerts on that individual’s file.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

18th Breach for Oregon Health Insurance Exchange

October 17th, 2014

In the successive events, Oregon Health Insurance Exchange suffered 18

security breaches in past six months. The recent incident involved documents with PHI being sent to wrong patient. Cover Oregon spokeswoman Ariane Holm said the breach is under investigation. The exchange’s security team with a return envelope was immediately sent to Migliaccio who got the other patients information.

“We take the security and privacy or our customers very seriously and have policies and trainings in place to protect personally identifiable information of our consumers,” Holm told the news source, adding Cover Oregon regularly improves procedures.

According to the Associated Press, Ann Migliaccio applied for health coverage through Cover Oregon and then received documents in the mail containing the names and birth dates of two other applicants. However, Migliaccio told the news source that the documents did not include Social Security number. Affected information included addresses, names, dates of birth and internal Cover Oregon IDs.

“It was pretty shocking,” Migliaccio said. “But with Cover Oregon nothing is shocking anymore. They should be very thankful I’m an honest person and I will not try to use this information.”

When applicants need to update their applications, the exchange no longer mails the completed documents that include Social Security numbers and other information. Earlier, Cover Oregon was working with Oracle Corp. to create an HIE for the state but it missed the deadlines and individuals were required to use a hybrid paper-online application process.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.