Archive for the ‘full disk encryption’ category

Unauthorized PII access and Data Breach

February 10th, 2016

Florida-based Jackson Health System fired an employee after it was found that she may have stolen confidential patient information.

Former hospital unit secretary Evelina Reid may have stolen confidential patient information including names, dates of birth, Social Security numbers, and home addresses. The incident happened over the last five years. Local law enforcement is investigating the alleged incident.

“Jackson Health System is committed to patient confidentiality,” the statement reads. “The safety and security of our patients is top priority. In order to protect our patients’ rights and private information, we enforce strict rules for those who handle patient information.”

The hospital added that currently “in the process of acquiring and implementing a more robust security system to monitor access to patient records.” Employees are also regularly educated on privacy rules and regulations, according to Jackson Health.

According to the reports, approximately 24,000 patient records may have been inappropriately accessed.

As per the statement:

Any allegations about a breach in security and patient privacy are taken extremely seriously. Jackson Health System continually educates all employees on privacy rules and regulations and has zero tolerance for violations.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

————————————————————————————————————————————————————-

Alertsec is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Third Party Security Risks

February 8th, 2016

According to the PWC’s 2015 U.S. State of Cybercrime Survey –

  • Sixty two percent of companies evaluate the security risks of third-party vendors
  • Fifty Seven percent evaluate security risks for contractors
  • Forty two percent consider supplier risks
  • Twenty three percent don’t evaluate third-party security at all

“I’ve seen a change happen where in the beginning, the vendors would say, ‘No, we’re secure, trust us. We don’t have to show you our security process, we don’t have to show you the results of testing,’ to today we’re seeing vendors having to provide assurances to their customers about their security programs,” Veracode co-founder and CTO Chris Wysopal said

Steps to consider:

Audit your company

As per Joe Schorr, director of advanced security solutions at Bomgar, the first step should be to focus on yourself.

“A lot of the third-party access seems to be kind of ‘fire and forget.’ ‘We decided to outsource this function, so let’s nail up the VPN, get these guys in, get them working’ — and then people tend to walk away from it,” Schorr said.

“Go back, do a good internal audit of who’s accessing what at the very least, and then get a little bit deeper: why are they accessing that, who gave them that, who’s the internal sponsor for this activity?” Schorr said. “Start peeling that onion a little bit.”

Audit third party vendors

Any vendor should be capable of providing you with that kind of information, Wysopal said. “If they say, ‘No, we don’t do that,’ or ‘We don’t share results on our internal security,’ they probably do, and they’re just trying to make you go away,” he said. “One of the things we’ve learned is that if you push hard enough, they say, ‘Yeah, you’re right. We have had a third party audit, and we can show you the results.'”

Regular Audit

Too many companies, Schorr said, examine these issues, both internally and externally, once in detail — but fail to follow up on a regular basis.

“Even when they do it right, they tend to leave those activities in the dust and just hope they’re good for another 11 months and three weeks until they launch that audit again,” he said. “The most effective thing I’ve seen is to do it quarterly.”

Use of Technologies

“I call it the three Ps: Property, something that’s Profitable or something that’s Personal,” he said. “When you need to protect that, you should probably be talking about encryption. I’m not a fan of encrypting everything on network — I think that’s crazy — but the stuff that keeps you awake at night that you’re trying to protect, that’s the stuff for which you should be looking at some kind of an encryption scheme.”

Get It in Writing

Contracts do not need to be complex, he said. “It can be something as simple as ‘Here’s what your system should look like to connect to us, you’re going to have to go through this special connection we’ve set up, you’re going to be recorded while you’re doing all of that, and here’s our recourse if something bad happens and we find out it came through you,'” Schorr said. “That may be just enough to get people to take the extra couple of steps to do some basic security stuff on their end.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

————————————————————————————————————————————————————-

Alertsec is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Security Survey

February 6th, 2016

As per the recent survey of 207 U.S. security professionals –

  • Thirty Four percent of respondents expressed concern over not having enough budget for the right tools to defend against advanced malware
  • Thirty Seven percent of security analysts don’t have enough highly-skilled security staff to defend their networks from advanced malware
  • Twenty percent of respondents said their defenses against hackers have improved over the past year
  • Sixty two percent of respondents said they could “personally guarantee” their company’s customers that their data will be safe in 2016
  • Twenty-six percent of respondents have been asked to remove malware from a computer or device used by a member of their senior leadership team after it was used to visit an infected porn site
  • Fifty nine percent have been asked to remove malware after the user clicked on a malicious link in a phishing email
  • Twenty nine percent have been asked to remove malware after the computer or device was used by a family member of the user
  • Thirty three percent of have been asked to remove malware after an infected USB drive or smartphone was attached to the user’s computer
  • Fifty six percent believe that the most difficult technical challenges they face in defending their networks are complexity of malware
  • Twenty four percent believe that their is inability to correlate data or threat intelligence to specific attacks

The survey was conducted by Opinion Matters on behalf of ThreatTrack Security.

“With high-profile data breaches emerging one after the other, growing security accountability within enterprises and the exponential growth in cybersecurity investments, the last two years have been transformational for the security industry,” ThreatTrack president John Lyons said in a statement. “But despite access to more tools, security analysts — the most critical resource within an enterprise’s cyber defense — remain ill-equipped, underfunded and understaffed in their daily battle against advanced malware.”

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

————————————————————————————————————————————————————-

Alertsec is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Patient Privacy Violation

February 4th, 2016
Patient Privacy Violation

Patient Privacy Violation

According to the reports, a former Wayne Memorial nurse’s aide reportedly accessed 390 individuals’ records. The hospital believe that the data was not used maliciously or inappropriately.

Affected information includes Social Security numbers, diagnoses and insurance information. Patients who may have had their Social Security numbers accessed will be offered a free one-year membership in a credit monitoring service, according to the hospital.

CEO David Hoff mentioned that the employee was terminated, and that the incident had been reported to the police.

“This incident has prompted us to further review all levels of employee access to patient medical records, to enhance our HIPAA training for all employees and to research software programs that might help us better detect unauthorized access,” Hoff explained.

Hoff added that Wayne Memorial “is considering expanding restrictions for particular groups of employees.”

“Wayne Memorial Hospital was one of the first in the region to implement electronic medical records, which help reduce the potential for human error and often accelerate diagnosis and treatment,”said Hoff. “We have been ahead of the technology curve, and I can assure you that we will do all that we can to make sure something like this does not happen again.”

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

————————————————————————————————————————————————————-

Alertsec is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec’s Check Point Full Disk Encryption.

 

Medical Fraud Charges Against Employee

February 2nd, 2016

The Louisiana Attorney General’s office mentioned that an individual who worked at a doctor’s office used another individual’s information to get into LHCC’s provider website. According to the reports, an individual was arrested on Medicaid fraud charges. The  stolen information is related to Louisiana Healthcare Connections (LHCC).

Culprit downloaded a list of LHCC members and gave it to another provider who should not have received it. Affected information includes names, Medicaid ID numbers, dates of birth, Medicaid effective dates, phone numbers, addresses, and in some cases, information on how current members’ are with provider visits, the number of emergency room visits, and current medical conditions. Credit card information, financial information and Social Security numbers were not included in the stolen data.

According to the statement, 13,000 Medicaid recipients enrolled in LHCC in the Acadiana region were affected. “We appreciate the efforts of the Attorney General and local law enforcement to bring those responsible to justice,” LHCC said. “We regret any concern or inconvenience this incident may have caused and are dedicated to protecting our members’ health information. We are also reviewing existing information security protocols and taking steps to prevent this type of event from happening in the future.”

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

————————————————————————————————————————————————————-

Alertsec is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec’s Check Point Full Disk Encryption.

Credential Misuse and Data Breach

January 24th, 2016

Brigham and Womens Faulkner Hospitals (Brigham) experienced data breach when an unauthorized user obtained an employees network credentials.

According to the reports, the credentials were used to access an employees email account.

Affected information includes full names, dates of birth, medical record numbers, provider name, dates of service, and some clinical information, such as diagnoses and treatments received. However, health insurance information, health insurance numbers, or other financial or account information were not included.

The incident caused data breach to approximately 1,000 individuals as per OCR data breach reporting tool. Brighams patients and patient electronic medical records system were not affected. Only discrete information contained in the single compromised email account was potentially affected.

As per the statement:

We are committed to the security of the sensitive information we maintain and are taking this matter very seriously,Brigham explained in its notification letter. To help prevent a similar incident from reoccurring, we are taking steps to enhance our existing technical safeguards regarding network credentials, and we are re-educating workforce members.

Although to date, we have no evidence that any patient information contained in the emails has been misused, as a precaution we began mailing letters to affected individuals on January 11, 2016, and we have established a dedicated call center to answer any questions they may have. 

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

————————————————————————————————————————————————————-

Alertsec is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Data Breach Affects 950K Patients

January 22nd, 2016

Centene Corporation recently experienced a potential healthcare data breach when its hard drives went missing. The incident may have affected approximately 950,000 individuals. Breached information includes names, addresses, dates of birth, Social Security numbers, member ID numbers and health information. However, financial or payment information were not on the hard drives.

Centene is conducting search for six missing hard drives after it found out that the hard drives were unaccounted for in its inventory of IT assets. It did not mention the hard drives encryption status. The data of the individuals who have received laboratory services from 2009-2015 may be present on the drives.

“Centene takes the privacy and security of our members’ information seriously,” Centene Chairman, President and CEO Michael F. Neidorff said in a statement. “While we don’t believe this information has been used inappropriately, out of abundance of caution and in transparency, we are disclosing an ongoing search for the hard drives. The drives were a part of a data project using laboratory results to improve the health outcomes of our members.”

According to the statement, potentially affected individuals will be receiving data breach notification letters and will also be offered free credit and healthcare monitoring. Also, corporation is in the process of reinforcing and reviewing its procedures related to managing its IT assets.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

————————————————————————————————————————————————————-

Alertsec  is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec’s Check Point Full Disk Encryption.

 

Unauthorized user access and data breach

January 20th, 2016

Blue Shield of California recently suffered potential data breach when one of its vendors recently became aware of an unauthorized user access to its data systems. Potentially affected information includes names, addresses, dates of birth, and Social Security numbers.

As per OCR data breach output, 20,764 individuals were possibly affected.

No Blue Shield data systems were impacted. Misused log-in credentials for certain Blue Shield customer service representatives have resulted in to the incident.

“We are working internally and with our vendor to improve our overall security procedures in order to provide additional protections for your personal information,” explained the notification letter signed by Blue Shield Chief Privacy Officer Molly McCoy Esq., CIPP/US.

According to the Molly McCoy:

I’m writing to provide you information on the steps we are taking to protect you and your information moving forward.

In addition, and to help protect your identity, we are offering a complimentary one year membership in Experian’s® ProtectMyID® Alert. While we have no indication that specific personal information about you has been misused, this product helps detect possible misuse of your personal information and provides you with superior identity protection support focused on immediate identification and resolution of identity theft.

Once your enrollment in ProtectMyID is complete, you should carefully review your credit report for inaccurate or suspicious items. If you have any questions about ProtectMyID, need help understanding something on your credit report, or suspect that an item on your credit report may be fraudulent, please contact Experian’s customer care team. 

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

————————————————————————————————————————————————————-

Alertsec is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec’s Check Point Full Disk Encryption.

Laptop theft leads to Data Breach

January 18th, 2016

Montana-based New West Health Services d/b/a New West Medicare recently suffered potential healthcare data breach following a laptop theft.

New West announcement did not specify how many individuals were potentially affected by the incident. According to the OCR data breach reporting tool, the impacted count stands at 28,209.

New West in a statement explained that the password-protected laptop was stolen from an off-site location. It contained information on past and present New West customers.

Affected information includes customers’ names, addresses, and in some cases driver’s license numbers and Social Security numbers or Medicare claim numbers. Limited information related to some individuals’ Medicare premium payments, including electronic funds transfer information (bank account number, account holder name, account type and bank routing number) or credit card information (card holder name, credit card account number, expiration date and CVV (Card Verification Value) number) may also have been on the laptop.

New West mentioned that the information has not been used inappropriately. It is offering one year of complimentary credit monitoring to affected individuals. New West is also taking steps to prevent this type of incident from occurring in the future. It is installing additional security on company laptops, increasing employee education, and strengthening data security policies.

According to the statement:

The privacy and security of members’information is a top priority. Moving forward, we are committed to taking steps to prevent this type of incident from occurring in the future. These steps include installing additional security on all company laptops, enhancing education for our employees, and strengthening our data security policies and practices. 

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

————————————————————————————————————————————————————-

Alertsec is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Thumb Drive and Data Breach

January 16th, 2016

St. Luke’s Cornwall Hospital (SLCH) suffered a potential healthcare data breach after a USB thumb drive was stolen from its facility. Potentially affected information includes patient names, medical record numbers, dates of service, types of imaging service received, and “administrative–type information used for internal business purposes.”

SLCH conducted internal investigation. It found out that the thumb drive “appears to have included a file” that held certain patient information on it. Social Security numbers and electronic medical records were not included.

“SLCH values the privacy and security of its patients’ information and is taking steps to prevent this type of event from happening in the future, including requiring password and encryption protection for all of its USB thumb drives, and the implementation of new systems that do not require the use of thumb drives or other mobile media devices,” SLCH explained.

SLCH did not list how many individuals were affected. According to the OCR data breach reporting tool, 29,156 individuals as being affected.

Many other data breaches occur due to missing storage drives.  Advantage of encrypting storage drive includes –

  • Controls how these device are used
  • Enforces encryption policies on all data transfer
  • Limits the data to be transferred
  • Prevents Data Leakage
  • Provides flexibility as per the usage and working environment

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

————————————————————————————————————————————————————-

Alertsec is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.