Archive for the ‘glitch’ category

Internet and PHI breach

May 12th, 2016

The Children’s National Medical Center in Washington DC may have recently suffered data breach as few of its document where available on the internet. The incident may have occurred in February. According to the reports, due to Ascend Healthcare Systems mistake, a former business associate of the healthcare system, data related to 4,107 patients of Children’s National Medical Center was accessible via the Internet.

“Due to changes and upgrades to systems, a system that is secure today could become vulnerable with the next change – thus the need to repeat the vulnerability scan periodically,” says Mark Dill, former longtime CISO at the Cleveland Clinic who is now a principal consultant at tw-Security.

PHI could have been found using a search engine, like Google. Affected information includes names, dates of births, medications lists, and physicians’ notes on diagnosis and treatment. The incident occurred as the File Transfer Protocol site was misconfigured. Facility mentioned that the site was a standard network for storing and transferring files.

According to the Children’s National Medical Center, Ascend Healthcare Systems violated its contract who was required to delete all patient information as per the separation agreement.  After the incident, Ascend is advised by the Children’s Hospital Medical Center’s to delete transcription documents from its servers and secure the site.

Medical center didn’t receive any reports about inappropriate access or misuse of patient information. It has sent notification letters to affected individuals. Also, a dedicated call center was created to answer queries. Children’s National regrets any concern this incident may cause.

According to the statement:

Children’s National Health System, based in Washington, DC, has been serving the nation’s children since 1870. Children’s National is a Leapfrog Group Top Hospital, Magnet® designated, and was ranked among the top 10 pediatric hospitals by U.S. News & World Report 2015-16. Home to the Children’s Research Institute and the Sheikh Zayed Institute for Pediatric Surgical Innovation, Children’s National is one of the nation’s top NIH-funded pediatric institutions. With a community-based pediatric network, seven regional outpatient centers, an ambulatory surgery center, two emergency rooms, an acute care hospital, and collaborations throughout the region, Children’s National is recognized for its expertise and innovation in pediatric care and as an advocate for all children.

————————————————————————————————————————————————————-

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption software.

Unsecured database and data breach

April 16th, 2016

Einstein Healthcare Network announced possible data breach when one of its databases was left unsecured on its website. Einstein Healthcare Network is a Pennsylvania-based healthcare network. The incident has affected approximately 3,000 individuals.

According to the reports, Einstein Healthcare Network found that one of its website databases was available to unauthorized users. Accessible information included patient information that was entered by individuals on information form on the healthcare network’s webpage.

EHR systems was not connected to the website. Affected information included patient names, telephone numbers, reasons for submitting requests, healthcare provider names, and health information.Social Security numbers, financial information, or EHR information was not present on the database. Individuals who entered Information on the webpage’s form before feb 2016 were affected.

“It’s important to note that in the data we evaluated, hacking or IT incidents only accounted for about one in 10 data breaches,”said study lead author Dr. Vincent Liu, a research scientist with the Kaiser Permanente Division of Research in Oakland.

“While hacking has garnered a lot of recent attention, a more common reason for breaches is simple theft of unsecured paper or electronic records,” he continued. “Nonetheless, the potential for hacking to result in a large number of compromised records tends to be higher than for other sources of data breaches.”

Einstein Healthcare Network has now secured the website database and removed it from public view. Internal investigation is also ordered by Einstein Health.

A call center was created to answer questions related to this incident. Einstein Healthcare Network also mentioned that it is committed to improving security measures on its website. Healthcare believes that they have no knowledge that any patient information has been used improperly. Notification letters are sent to affected individuals.

According to the statement by Einstein, “To help prevent something like this from happening in the future, we have secured the website database and are enhancing our security measures for the website. We deeply regret any concern this may cause our patients.”

The breach was not result of hacking but due to technical error. Albert Einstein Healthcare Network is a system based in Philadelphia. Healthcare operates as Einstein Medical Center in Philadelphia, MossRehab with locations throughout Philadelphia and Montgomery Counties, Einstein Medical Center Elkins Park, and Einstein Medical Center Montgomery in East Norriton. Rehabilitation beds and skilled nursing beds as well as primary care and specialty physician practices are available in it’s facilities.

————————————————————————————————————————————————————-

Alertsec is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Computer glitch and Data Breach

March 26th, 2016

Laborers’ Health & Welfare Trust Fund for Northern California discovered that a computer glitch caused certain consumer health information to be processed incorrectly. The incident affected the processing of IRS Form 1095-B which included some patient health data in California.

According to the reports, some personal health information of workers were sent to other plan
participants and beneficiaries. Affected information included beneficiary names and names of dependents, Social Security numbers, and health plan coverage information. According to a press release, the Fund Office has notified potentially affected individuals personally, and will provide free credit monitoring to them.

The Fund Office mentioned that it will be taking steps to strengthen training processes and tighten security measures.

According to the press release –
The Fund Office has notified participants and provided credit monitoring services to all those participants and beneficiaries affected.The Fund Office has also instituted stronger security measures to guard against future mishaps.

According to the Wikipedia –
A computer glitch is the failure of a system, usually containing a computing device, to complete its functions or to perform them properly.In public declarations, glitch is used to suggest a minor fault which will soon be rectified and is therefore used as a euphemism for a bug, which is a factual statement that a programming fault is to blame for a system failure.

————————————————————————————————————————————————————-

Alertsec is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.