Archive for the ‘data encryption’ category

Stolen laptop results in data breach

February 2nd, 2017

Children’s Hospital Los Angeles (CHLA) and Children’s Hospital Los Angeles Medical Group (CHLAMG) recently suffered data breach when one of its unencrypted laptop was stolen. The laptop contained personal health information of 3,600 patients.

According to the reports, laptop was taken away by thief from the locked vehicle of a CHLAMG physician at CHLA. Investigation conducted by the facility found that the laptop was encrypted to up-to-date institutional standards along with password-protection. But later review mentioned the possibility of unencrypted status of laptop.

Facility is notifying patients whose information was stored on the laptop. Affected information includes names, addresses, medical record numbers, and certain clinical information.

“Following the notification regarding the burglary, an investigation took place to determine whether patient health information existed on the laptop,” CHLA spokesman Lorenzo Benet said in a statement. “Based on the investigation, the laptop has not been used to access the internet. From that information, we believe that all data may have been erased from the device without any patient data being accessed.”

Also, a protocol is created to erase data from the laptop when it logs onto the internet next time. Notification letters sent by facility will instruct individuals to review health insurance documents for evidence of misuse or identify theft.

Facility also asked patients to review their Explanation of Benefits statements in case of any unusual behavior . Also, they are advised to notify the hospital immediately for any issues.

About Childrens Hospital Los Angeles

“Children’s Hospital Los Angeles has been named the best children’s hospital in California and among the top 10 in the nation for clinical excellence with its selection to the prestigious U.S. News & World Report Honor Roll. Children’s Hospital is home to The Saban Research Institute, one of the largest and most productive pediatric research facilities in the United States. Children’s Hospital is also one of America’s premier teaching hospitals through its affiliation with the Keck School of Medicine of the University of Southern California since 1932.”

___________________________________________________________________________________

Alertsec Endpoint Encrypt is certified according to Common Criteria AEL4 and FIPS 140-2.

Data breach due to billing service provider

November 24th, 2016

A physical therapy provider recently suffered data breach which involves personal information. The security incident may have affected 1,100 patients at Best Health Physical Therapy. secure-data

Best Health is owned by Travis Lombardi, PT, MSPT.  It provides solution and services to meet rehabilitation goals of individuals. It provides solution for orthopedic and sports medicine, neurological, arthritis, fracture and other issues.

Facility came to know that one of the computer from its billing services provider was inappropriately accessed. The person who got access to the accounts writes blogs on internet security. The individual was reportedly looking for data vulnerabilities. He said that he has no intention of misusing any of the accessed information.

Potentially affected information includes names, addresses, dates of birth, insurance information, driver’s license information and health information. Best Health said that there is no evidence that the data was misused. It also highlighted the fact that the vulnerability was not on its computer system. Billing provider’s system failed to secure its system.

“Best Health took immediate steps to investigate and determine the source and extent of any access to our patients’ information,” Best Health said. “The vulnerability was identified and closed by the billing service provider immediately. Updated access controls are now in place to secure the account. Best Health has terminated its relationship with the billing service provider.”

Best Health did not mention the number of affected individuals but as per the OCR data breach reporting tool,  total 1,100 patients’ information were affected.

“Best Health takes the privacy and protection of its patients very seriously and we sincerely apologize for any concern that this may cause. If you are a patient of Best Health and have questions or concerns regarding this matter and/or the protections available to you, please do not hesitate to call.”

____________________________________________________________________________________________

Alertsec Endpoint Encrypt helps you protect your valuable data from falling into the wrong hands by encrypting it at the source.

Kaiser Permanente data breach

July 24th, 2016

Kaiser Permanente may have suffered possible data breach due to theft of its ultrasound units. This incident has affected 1,100 members of the facility. Undisclosed number of ultrasound units were stolen by the two former employees. Facility recovered a “significant portion” of the stolen machines which contained ePHI, such as names, medical record numbers, and medical images.

Kaiser Permanente is an integrated managed care system which maintains healthcare coverage for 9 million individuals. According to the reports, the stolen machines were found in a locked storage unit. Some units are yet to be located. It mentioned that that the only reason for the theft was to sell the units for profit. It has nothing to do with disclosing or misusing PHI. Also, there is no evidence that ePHI was accessed by an unauthorized entity.

Facility launched an investigation to identify which members may have had their information exposed by the incident. It has also contacted local law enforcement officials. Notifications letters specifically addressing the ePHI data elements found for each affected individual are sent.

“Kaiser Permanente is committed to protecting the confidentiality of our members’ personal information,” explained the statement. “We are continuing our investigation of this incident and are taking appropriate actions to prevent similar errors in the future. We are cooperating fully with law enforcement in this matter.”

“We sincerely apologize for any inconvenience or concern this incident may cause. Because Social Security numbers were not accessed, the risk for any fraud is quite low. Additionally, we believe that this equipment was only stolen to sell for profit, and not to reveal or misuse member information. There is no sign that health information has been used for fraud or other criminal activity,” said Angela Anderson, Regional Privacy & Security Officer, Kaiser Permanente Northern California.

___________________________________________________________________________________________

Alertsec is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Check Point Full Disk Encryption.

TX data breach incident

June 23rd, 2016

The Texas Health and Human Services Commission possibly suffered data breach which affected  600 individuals. The data breach incident was the result of missing documents. Iron Mountain, one of TX contractors and a document shredding company mentioned that 15 boxes containing client information went missing from the Irving, Fort Worth, and Dallas facilities.

Iron Mountain was hired by the Texas Health and Human Services Commission to destroy the client documents. The missing boxes contained confidential information from individuals who may have applied for medical assistance between January 1, 2008 and August 31, 2009.

Both TX and Iron Mountain did not mention about the reason for misplaced boxes. Affected information included Social Security numbers, addresses, Social Security claim numbers, dates of birth, names, medical record numbers, Medicaid or individual numbers, case numbers, and bank account information.

As per the statement,

“HHSC is committed to ensuring that our clients’ confidential information is secure. The agency is conducting an investigation into Iron Mountain’s handling of this event and taking steps to secure confidential information and reduce the chances of this event happening again. After the investigation is complete, HHSC will review processes and procedures, making any changes needed to prevent this type of event in the future.”

The Texas Health and Human Services Commission reached all affected individuals mentioning them about the healthcare data security incident. They are provided complimentary credit monitoring services for one year. Iron Mountain has taken steps to improve data security measures for confidential information.

“The agency is conducting an investigation into Iron Mountain’s handling of this event and taking steps to secure confidential information and reduce the chances of this event happening again,” explained the statement. “After the investigation is complete, HHSC [Health and Human Services Commission] will review processes and procedures, making any changes needed to prevent this type of event in the future.”

————————————————————————————————————————————————————–

Alertsec is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Connecticut-based podiatry group suffers data breach

June 2nd, 2016

A Connecticut-based podiatry group has been facing a possible healthcare data breach. The incident has impacted approx. 40,491 individuals after hackers accessed network services.Some external party had gained access to Stamford Podiatry Group’s systems, including its EHR database. The intruder is suspected to have viewed patient information between February 22 and April 14, 2016. Healthcare group has ordered a forensic investigation and terminated the unauthorized user’s access to its systems.

“Although we have not been able to confirm that your personal information was accessed and copied, we have not been able to rule out that possibility and encourage you to take … protective measures,” the organization mentioned.

Personal information involved in the healthcare data security event included medical histories, treatment information, names, Social Security numbers, dates of birth, genders, marital statuses, addresses, phone numbers, email addresses, names of doctors, and insurance information.

Stamford Podiatry Group’s Vice President Rui DeMelo, DPM, FACFAS, wrote in the letter “We have also implemented and are continuing to implement additional security measures designed to protect our systems against future intrusions. We have retained cybersecurity experts to assist us in these efforts.”

While there is no evidence yet that the personal information is being misused, the organization is still offering its patients a year of credit monitoring. Healthcare group has attempted to notify all affected patients. Individuals have also been advised by Stanford Podiatry Group to monitor financial and medical accounts for potential identify theft.

According to the recent reports by Department of Health and Human Services Data, more than 120 million people have been affected in more than 1,100 separate breaches at organizations handling protected health data since 2009.

“That’s a third of the U.S. population — this really should be a wake-up call,” said Deborah Peel, the executive director of Patient Privacy Rights.

————————————————————————————————————————————————————-

Alertsec has created a web based encryption service that radically simplifies deploymentand management of PC encryption by using industry leading Check Point Full DiskEncryption software.

Data Breach Due to Email Misconduct

April 11th, 2016

Val Verde Regional Medical Center recently announced data breach when unsecured PHI in an email was discovered.

“On or about August 9, 2015, an independent healthcare provider downloaded unsecured protected health information and emailed it to a personal account without encryption protection,” explained the press release. “In addition, the independent contractor was not authorized to access some of the protect[ed] health information.”

Val Verde Regional Medical Center came to know about health data breach on December 8, 2015. Affected patient information in the email included names, addresses, phone numbers, medical record numbers, and visit numbers.

According to the OCR data breach portal, two thousand individuals were affected by the incident. Val Verde Regional Medical Center launched an investigation. It also notified patients who were possibly affected by the event.

Internal audit and improved security measures to the hospital’s HIPAA security program is being undertaken by the hospital.

Val Verde Medical Center  believes that there have been no reports of improper use of PHI, patient medical histories, or Social Security numbers by unauthorized individuals. It has encouraged all potentially affected patients to monitor credit reports for suspicious activity.

Users are advised to take necessary steps.They are advised to obtain credit reports from one or more of the major credit reporting agencies to monitor financial accounts for unauthorized activity. Consumers are entitled to  get a free copy of their credit report from each of the major nationwide credit reporting companies once every 12 months. They need to request the same as per the federal law.

Del Rio and surrounding communities received services from Val Verde Regional Medical Center since 1959. Val Verde Regional Medical Center considers the privacy of patients as a high priority task. It is guided by the mission to improve the health of the people in the communities served.

————————————————————————————————————————————————————-

Alertsec is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Cyber Security Budgets Not In Tune With Rising Threats

April 2nd, 2016

Businesses are increasing their investment in cyber security but the landscape of threat is changing very rapidly. To remain secured one has to understand the possibility of cyber attacks in advance and make sure data remains safe. Majority of security professionals believes that the budget should be increased.

Institute of Information Security Professionals (IISP) conducted survey to understand the current scenario. Two-thirds of professionals said that security budgets has increased. For 15% of respondents, budgets stayed the same.

“In times of financial pressure or instability, as we have seen in recent years, security is often seen as a supporting function or an overhead,” said IISP director Piers Wilson.

Sixty percent believes that budgets are low considering level of threats. Only seven percent of respondents reported that security budgets were rising faster than the level of threat.

The survey was conducted in participation with more than 2,500 members working in security across a wide range of industries and roles. UK cyber security space can be understood by the survey.

“Security budgets are hard won because they are about protection against future issues, so are a good indication of the state of risk awareness in the wider business community,” he said.

Wilson said that while it is good news that businesses are increasing investment, it is clear that spending on security is still not at a level that matches the changing threat dynamics.

Cyber security skills shortage is another issues which organisations are dealing. Participants mentioned that there is shortfall in the level of skills and experience which makes staff training, development and retention crucial to the future of the industry.

Ten percent of respondents felt that the security industry’s ability to protect data is declining rather than improving while forty nine percent said the opposite.

Survey found that there is awareness of security risks. Also, the impacts of a breach are driving an increase in investment, skills, experience, education and professionalism.

“While there is clearly much more to be done, the results of the survey are encouraging,” said Wilson.

————————————————————————————————————————————————————-

Alertsec is used by organizations that have recognized the need to protect their information. Customers range from single user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec’s Check Point Full Disk Encryption.

Computer glitch and Data Breach

March 26th, 2016

Laborers’ Health & Welfare Trust Fund for Northern California discovered that a computer glitch caused certain consumer health information to be processed incorrectly. The incident affected the processing of IRS Form 1095-B which included some patient health data in California.

According to the reports, some personal health information of workers were sent to other plan
participants and beneficiaries. Affected information included beneficiary names and names of dependents, Social Security numbers, and health plan coverage information. According to a press release, the Fund Office has notified potentially affected individuals personally, and will provide free credit monitoring to them.

The Fund Office mentioned that it will be taking steps to strengthen training processes and tighten security measures.

According to the press release –
The Fund Office has notified participants and provided credit monitoring services to all those participants and beneficiaries affected.The Fund Office has also instituted stronger security measures to guard against future mishaps.

According to the Wikipedia –
A computer glitch is the failure of a system, usually containing a computing device, to complete its functions or to perform them properly.In public declarations, glitch is used to suggest a minor fault which will soon be rectified and is therefore used as a euphemism for a bug, which is a factual statement that a programming fault is to blame for a system failure.

————————————————————————————————————————————————————-

Alertsec is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Unencrypted email and data breach

March 24th, 2016

BJC Healthcare Accountable Care Organization (BCJ ACO) in the St. Louis area recently announced data breach when an unencrypted email was sent to a participating medical practice in the BCJ ACO.It mentioned that 2,393 patients were possibly affected by the data security breach.

As per the statement, an email was sent containing patient information without the necessary security encryption. Affected information includes patient names, gender, dates of birth, and Medicare beneficiary identification numbers.  Medical information was not sent via email.

“BJC ACO investigated the email transmission and has discovered no indication that anyone other than the intended and authorized recipient at the medical practice read or accessed the email. BJC ACO has taken steps to re-educate staff on the process for sending emails in a secure manner”, the statement confirmed.

According to the statement: BJC ACO has complied with all U.S. Department of Health and Human Services Office for Civil Rights notification requirements, including individual patient letters, public news release and website posting.

About BJC ACO

BJC HealthCare was the first provider in the St. Louis area and one of 89 U.S. health care providers selected in 2012 as an Accountable Care Organization by the Centers for Medicare and Medicaid Services. CMS established ACOs that year to encourage groups of doctors, hospitals and other providers to coordinate health care services for Medicare patients and share in savings obtained through high-quality, well-coordinated care. BJC ACO currently coordinates care for approximately 40,000 patients in the BJC service area of metropolitan St. Louis, southern Illinois and mid-Missouri.

————————————————————————————————————————————————————-

Alertsec is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Phishing Attack and Data Breach

March 15th, 2016

A California-based cancer research and treatment center mentioned that some patient suffered data breach due to a phishing attack. According to the reports, four staff members had their email accounts accessed by an unauthorized party due to a phishing attack. Out of four, three accounts included emails that contained PHI, such as patient names, medical record numbers, dates of birth, addresses, email addresses, telephone numbers and some clinical information such as diagnoses, test results and dates of service.

“It does not appear that the phishing attack targeted protected health information; instead, it appears the accounts were accessed for the purposes of sending spam emails to other individuals,” the statement explained. “City of Hope is sending notification letters to the affected patients, and is taking all appropriate steps to mitigate any potential harm to affected individuals.” City Hope mentioned that only patients name and medical record number were affected for most.

Only one patient’s information which included Social Security numbers and financial information was affected. The statement failed to disclose how many individuals were potentially affected. “City of Hope took prompt action to secure the email accounts and end the intrusion,” the center stated. “In addition to notifying local law enforcement, City of Hope retained a leading forensic information technology firm to assist with its investigation of the incident, to evaluate its systems and processes and further strengthen its safeguards to protect against such attacks.”

————————————————————————————————————————————————————-

Alertsec is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.