Archive for the ‘Encryption’ category

Computer glitch and Data Breach

March 26th, 2016

Laborers’ Health & Welfare Trust Fund for Northern California discovered that a computer glitch caused certain consumer health information to be processed incorrectly. The incident affected the processing of IRS Form 1095-B which included some patient health data in California.

According to the reports, some personal health information of workers were sent to other plan
participants and beneficiaries. Affected information included beneficiary names and names of dependents, Social Security numbers, and health plan coverage information. According to a press release, the Fund Office has notified potentially affected individuals personally, and will provide free credit monitoring to them.

The Fund Office mentioned that it will be taking steps to strengthen training processes and tighten security measures.

According to the press release –
The Fund Office has notified participants and provided credit monitoring services to all those participants and beneficiaries affected.The Fund Office has also instituted stronger security measures to guard against future mishaps.

According to the Wikipedia –
A computer glitch is the failure of a system, usually containing a computing device, to complete its functions or to perform them properly.In public declarations, glitch is used to suggest a minor fault which will soon be rectified and is therefore used as a euphemism for a bug, which is a factual statement that a programming fault is to blame for a system failure.

————————————————————————————————————————————————————-

Alertsec is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Unencrypted email and data breach

March 24th, 2016

BJC Healthcare Accountable Care Organization (BCJ ACO) in the St. Louis area recently announced data breach when an unencrypted email was sent to a participating medical practice in the BCJ ACO.It mentioned that 2,393 patients were possibly affected by the data security breach.

As per the statement, an email was sent containing patient information without the necessary security encryption. Affected information includes patient names, gender, dates of birth, and Medicare beneficiary identification numbers.  Medical information was not sent via email.

“BJC ACO investigated the email transmission and has discovered no indication that anyone other than the intended and authorized recipient at the medical practice read or accessed the email. BJC ACO has taken steps to re-educate staff on the process for sending emails in a secure manner”, the statement confirmed.

According to the statement: BJC ACO has complied with all U.S. Department of Health and Human Services Office for Civil Rights notification requirements, including individual patient letters, public news release and website posting.

About BJC ACO

BJC HealthCare was the first provider in the St. Louis area and one of 89 U.S. health care providers selected in 2012 as an Accountable Care Organization by the Centers for Medicare and Medicaid Services. CMS established ACOs that year to encourage groups of doctors, hospitals and other providers to coordinate health care services for Medicare patients and share in savings obtained through high-quality, well-coordinated care. BJC ACO currently coordinates care for approximately 40,000 patients in the BJC service area of metropolitan St. Louis, southern Illinois and mid-Missouri.

————————————————————————————————————————————————————-

Alertsec is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Hackers and Sensitive Data

March 4th, 2016

In today’s hacking world, hackers can gain access to sensitive data with little efforts. “It’s a bit depressing,” said Chandra Rangan, vice president marketing, HPE Security Products at Hewlett Packard Enterprise, discussing some of the findings published in HPE’s Cyber Risk Report 2016.

“Attackers are lazy. They want maximum bang for the buck, so they will go for low-hanging fruit,” Rangan said, noting that the most exploited bug in 2015 was over five years old. It was also the top bug in 2014.

As per the new findings, the top 10 vulnerabilities leveraged by attackers in 2015 are more than a year old. Half of them are at least five years old.

According to Rangan, there is a shift in which applications, rather than servers or operating systems, are used as a primary attack vector.

Mobile Insecurity

As per the recent survey:

  • 95 percent of newly discovered malware samples are found on Microsoft Window
  • 42 percent of exploits targeting Microsoft Window
  • 18 percent of the total exploits targeting Android
  • 12 percent of exploits on Java
  • Microsoft Office 11 percent
  • Adobe attacked by 14 percent, evenly divided between Flash and Reader exploits
  • 75 percent of the mobile apps scanned by HPE had at least one vulnerability

Some software developers “seem to be making a tradeoff between speed and security,” Rangan said. “There is a whole new crop of app developers, and they are saying ‘how quickly can I get this app to market and how quickly can I monetize it?’ When you are in that mode, you are less likely to use the development processes and methodologies that include multiple security checks.”

“You do not need to make a tradeoff, and you do not need to use the old-school waterfall development model. There are plenty of technologies out there where you can build security into the very fabric of your apps.”

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

————————————————————————————————————————————————————-

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Cybersecurity Insights from SC Congress

March 2nd, 2016

Recent SC Congress emphasised on Cyber insurance and new approaches to security patches.

Experts discussed some of the current and emerging issues in cybersecurity.

Cyber Insurance

Most of the panel on cyber insurance believed that the legal wording of policies, exclusions and other factors tend to make it a pricey policy which may not provide the expected benefits in the event of a data breach.

“I’ve never been a fan of insurance; getting the right coverage is always an uphill fight,” said Winn Schwartau, CEO of The Security Awareness Company. “We’ve been at war, but acts of nation-states are excluded by insurance, as are acts of war and acts of God. Is ISIS a nation-state?”

Same Old Cybersecurity Threats

Even though there are new, deeper threats, many cybersecurity vulnerabilities have existed for years which also exists today.

According to Jeffery Ingalsbe, CISO of broker management firm Flexible Plan Investments, in many way, there is nothing new under the sun.

Security Patches

“The problem is that companies are continuing to patch the same way. They’ve had problems with organization and prioritization of patches. They need to understand how to patch and unpatch so as not to impact the users,” Rushing said.

High Cybersecurity Standards

When it comes to securing the network, companies need to score closer to 99.9999 percent in order to be considered safe.

Test Security Software

Don’t try to integrate during proof of concept, or there could be other network issues, Richard Lafosse, CISO for Cook County, Ill added. “Evaluate more than one vendor and remember that the contract terms are king.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

————————————————————————————————————————————————————-

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Ransomware attack and data breach

February 24th, 2016

Hollywood Presbyterian Medical Center (HPMC) was on the verge of data breach but paid $17,000 after a ransomware attack. According to the reports, the cyber attack encrypted its EHR files and demanded the sum of money in exchange for the encryption key.

HPMC believes that there is no sign of information misuse stored on the EHR. HPMC discovered the breach after staff members got issues accessing parts of the hospital network. After a thorough investigation, hospital believed that it had fallen victim to a malware attack that kept them from accessing patient medical files stored in their EHR.

Forty bitcoins, an equivalent of $17,000 was asked as a ransom amount. As per HPMC, It paid the $17,000 ransom because that was typically the quickest and easiest way to regain access to its EHR files.

Hospital gained full access to the files. It was completely cleansed of the malware and checked for adequate security standards.

According to the  CEO and president Allen Stefanek –

I am very proud of the dedication and hard work of our staff who have maintained the highest level of service, compassion and quality of care to our patients throughout this process,” Stefanek wrote. “I am also thankful for the efforts of the technical staff as the EMR systems were restored, and their continued efforts as other systems are brought back online.

Phil Lieberman, a cybersecurity expert mentioned that –

I have never heard of this kind of attack trying to shut down a hospital. This puts lives at risk, and it is sickening to see such an act,he said. Health management systems are beginning to tighten their security.

According to Parham Eftekhari, ICIT co-founder and senior fellow –

As we have seen in the recent attack on Hollywood Presbyterian, hackers are able to completely paralyze an organization until it pays a ransom which may or may not unlock their systems and data,he said earlier this week in an interview with HealthITSecurity.com. The hundreds of thousands or millions of dollars paid in ransom is a small price to pay for an organization when faced with the alternative of losing everything and threat actors know it.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

————————————————————————————————————————————————————-

Alertsec is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec’s Check Point Full Disk Encryption.

 

Phishing Scam and Data Breach

February 22nd, 2016

Saint Joseph’s Healthcare System in New Jersey suffered data breach when it was attacked by phishing scam. According to the statement, more than 5,000 employees at some of its facilities may have affected by identity theft.

According to St. Joseph’s Vice President of External Affairs Kenneth Morris Jr., facilities in Paterson, Wayne and Cedar Grove locations were affected. Patient data and medical information are safe, but employees’ names, social-security numbers and employee earnings for 2015 and 2016 were potentially accessed. However, dates of birth, home addresses, and banking information were not affected.

According to the Morris, there was no indication that the phishing scam was an internal crime. Attack came from external source. He added that the scam included a named company executive using an internal email.

“There was no intrusion or breach of our internal IT system,” he explained. “None of that data was compromised.”

HealthCare system mentioned that affected employees will be receiving free credit monitoring. Local and federal authorities were notified along with system’s insurance carrier.

“Our primary focus is really protecting our employees and their credit health,”he said. “In addition, we’re putting the proper protocols in place so that this doesn’t happen again.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

————————————————————————————————–

Alertsec is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Impersonation Scam leads to data breach

February 20th, 2016

Magnolia Health Corporation (MHC) has reportedly suffered a potential data breach. The incident may have likely affected all active MHC employees and its affiliated facilities.

According to a official statement by MHC, a third-party individual impersonated MHC’s CEO Kenny Moyle. Using email address of Moyle, the person reportedly obtained employment information for all of MHC’s active employees.

Individuals those employed at Twin Oaks Assisted Living, Inc., Twin Oaks Rehabilitation and Nursing Center, Inc., Porterville Convalescent, Inc., Kaweah Manor, Inc., and Merritt Manor, Inc suffered data breach.

Affected information includes employee number, name, address, city, state, zip code, sex, date of birth, Social Security number, hire date, seniority date, salary/hourly, salary/rate, department, job title, last data paid, and the name of the employee’s MHC facility.

Law enforcement were notified about theincident and data breach notification letters were sent to  potentially affected individuals,.

According to statement:

We are offering to provide, at no cost to you, identity theft prevention and mitigation services, with a one-year membership in Experian’s® ProtectMyID® Elite. This product helps detect possible misuse of your personal information and provides you with identity protection support focused on immediate identification and resolution of identity theft.

If you do find suspicious activity on your credit reports, call your local police or sheriff’s office and file a police report of identity theft. Get a copy of the police report. You may need to give copies of the police report to creditors to clear up your records. 

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

————————————————————————————————————————————————————-

Alertsec is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec’s Check Point Full Disk Encryption.

Alliance Health affected by Data Breach

February 18th, 2016

Alliance Health found that one of its customer databases had been left accessible via the internet. According to the reports, the incident didn’t affect all Alliance Health customers. The database contained some customer information for those who submitted their data online before July 2013.

Affected information includes customer names, addresses, telephone numbers, email addresses, medications, and some clinical information. No Social Security numbers, billing or financial information was included on the data base.

Alliance Health removed the database from public view after the incident came to notice. Data breach letters are sent to affected individuals.Alliance Health believes that there is no indication that the information stored on the healthcare database has been misused.

According to the reports:

We apologize for this and want our customers to know that we take the protection of customers’ personal data very seriously. We have enhanced our security measures and performed an extensive audit of all of our databases.

Below may cause Internet Database threat

  • Improper data retention on databases – Example includes hackers accessing old data even when customers are not using the service
  • Sensitive data in testing environment of database
  • Improper deletion of database
  • Database login set to unlimited credentials
  • Admin access to too many people
  • Unprotected password
  • No or faulty firewall protection
  • Database are not monitored by encryption softwares
  • Untested database for live portal

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

————————————————————————————————————————————————————-

Alertsec is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization

Mobile Authentication and System

February 16th, 2016

Biometrics and multi-factor screen authentication are two ways to access sensitive enterprise systems via mobile devices. Security plays a larger role in the mobile devices used in our daily lives. Todays authentication is evolving tech with more and more security layers being added.

Biometric Authentication

Biometric authentication is a system that relies on the unique biological characteristics which includes retina, voice, fingerprint, signature of individuals to verify identity for secure access to mobile systems.

Advantages:

  • With biometrics for authentication, user never has problem of forgotten password.
  • It is easy to use
  • It is reliable

Disadvantages:

  • It includes high level of dependencies in your organization
  • It is expensive and inconvenient, as initial provisioning of users requires a tamper-proof process to link identity and biometric data
  • Employees may no longer be able to login from devices other than their company-issued devices

Multi-factor Authentication

Adaptive multi-factor authentication (MFA) in the mobile device uses a systems like user name, password.

Advantage:

  • It limits the hacker’s possibilities to compromise the system
  • Employees can always carry their device with them

Disadvantages:

  • It has painful enrollment process

It has still some level of dependency, with users relying on a modem or Web dispatch service to function and send codes.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

 

Apps for Iphone Security

February 14th, 2016

Apple blocks full anti-virus apps from its App Store. According to the company, “Every iOS device combines software, hardware and services designed to work together for maximum security and a transparent user experience”. But still there are Apps which can improve security.

Iphone

Find My iPhone (free) within iCloud is crucial to ensuring the security of your iOS device. You can activate it on your device at Settings -> iCloud -> Find My iPhone.

McAfee Mobile Security

McAfee Mobile Security (free) let users to back up and restore contacts, locate a lost or stolen iOS device on a map, wipe contacts remotely on a lost or stolen device and trigger a loud alarm on a lost or stolen device.

iDiscrete

iDiscrete (Paid) is a digital safe which enables iPhone users to secure a wide variety of file types so that an unauthorized user sees fake “loading” screen.

Spam Arrest

Spam Arrest (Paid) requires everyone who sends you an email to respond to a query to confirm their identity.

SplashID Safe

SplashID Safe (free) enables secure storage of online passwords, credit card data, account numbers, registration codes etc.

Private Internet Access

Private Internet Access (free) provides an encrypted VPN service to protect user privacy and security at Wi-Fi hotspots.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

————————————————————————————————————————————————————-

Alertsec is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec’s Check Point Full Disk Encryption.