Log in

Archive for the ‘Hackers’ category

Backup discs containing personal and health information missing from Emroy Healthcare Data

April 22nd, 2012

Emory Healthcare loses 10 backup disks containing sensitive patient data

How can healthcare companies be so negligent? There is so much sensitive data lying around in a healthcare company that there is simply no excuse but to preserve it well. Unfortunately most of data theft and data breach cases are related to hospital and the healthcare industry. The latest case just affirms the above!

News in brief:

According to Emory Healthcare, a company based in Atlanta, 10 backup disks containing data on 315,000 patients went missing from a hospital storage facility. These disks contained info about surgical patients treated between September 1990 and April 2007.

The news in detail:

The health care system provides clinical care as part of the Robert W. Woodruff Health Sciences Center of Emory University.

The data breach was reported on April 18. The 10 disks contained information on surgical patients treated between September 1990 and April 2007. The disks seem to have vanished from a storage location at Emory University Hospital.

The exact locations were Emory University Hospital Midtown and the Emory Clinic Ambulatory Surgery Center.

228,000 records included Social Security numbers. Rest of the files had patient names, dates of surgery, diagnoses, procedure codes, names of surgeons and anesthesiologists that the patients had seen. The cabinet that contained these discs was not locked even though the office was locked and the hallway had restricted access.

The disks had old data in a software application that Emory had deactivated in 2007. According to the healthcare company, the hospital’s IT systems were not hacked into.

John T. Fox, president and CEO of Emory Healthcare’s statement

“We sincerely regret this incident and want to assure our patients that we are committed to safeguarding their personal information,” , said in a statement. “While we have no evidence at this time that any personal information has been misused as a result of this incident, we want to take all precautions to ensure our patients’ information is safe.”

Ironical is the fact that Fox’s data could also have been hacked into as he underwent surgery during the same period!

What security measures are being implemented post theft?

Emroy’s letter to its patients says “We have taken immediate steps to fortify the protective measures that are already in place,” “New and enhanced data control measures have been implemented accordingly. Those affected by the theft will receive free identity protection services. In addition, the health care system is revamping its current security and privacy policy.

So far there is no evidence to show any of the missing data has been misused. The possibility that the discs could have been simply misplaced cannot be completely rules out at this point of time.

Prevent data theft with Alertsec encryption services

Alertsec is the leader in the field of hard disk encryption as a fully managed service. It provides protection for all information stored on laptops and PCs in an easy, convenient, and cost-effective way.

Alertsec’s mission is to continuously improve its products and services in order to deliver the easiest and most cost-effective managed encryption service on the market.

No comments »

Posted in Data Protection, Encryption, Hackers, Identity and Information loss, data breach, data encryption, identity theft

Tags: alertsec April 2007 Atlanta business Cloud computing data breach Data theft Emory Healthcare Emory University Emory University Hospital Emory University Hospital Midtown Health care Health Insurance Portability and Accountability Act Healthcare Information Technology Patient September 1990 Social Security number

Former Intel engineer, Biswamohan Pani, pleads guilty to data theft charges

April 12th, 2012

Ex-Intel employee charged with Data theft

IT employees have been taking data theft and IT security policies lightly. They think they need not follow them and at times believe they can get away by stealing data. We are not talking about petty thieves here but white-collar employees who can go to lengths to earn money and brand name.

The latest data theft case involves such an IT employee who thought he would get away by stealing data worth $400 billion!

Here goes the story

An ex-Intel engineer, Biswamohan Pani, stole documents worth $200 million – $400 million from Intel. He has pled guilty to stealing the documents and for 5 counts of fraud. Currently he is waiting to hear his sentence.

The case

The case will be heard in US District Court by Judge F. Dennis Saylor in Worcester, Massachusetts. Mr. Biswamohan worked at Intel’s Hudson, Massachusetts location in 2008. He put down his resignation at Intel on May 29, 2008 and requested his last day of work be June 11, 2008. At that time he was already employed by rival AMD and had access to the Intel computer systems.

As he had access to Intel computer systems, he started downloading confidential documents from Intel related to design and manufacture of computer processors. The moment Intel found out, it reported the theft and AMD cooperated with the investigation. What is bizarre is that AMD never asked Mr.Pani to steal the documents, nor were these used by anyone at AMD. Pani is looking at 20 years in prison on each of the five counts of fraud. Pani’s sole purpose for this theft was to boost his career!

AMD official’s statement

“AMD respects the intellectual property of other companies. AMD was completely unaware of Mr. Pani’s actions until we were contacted by the FBI, and we provided our full and prompt cooperation with the investigation.”

The documents were seized by Intel from Mr.Biswamohan’s home.

The justice department’s statement

‘The FBI was able to recover these documents quickly, before Pani could use them to Intel’s disadvantage, largely because Intel reported the theft quickly and assisted the investigation,’.

Corporate espionage and intellectual property theft, in the form of trade secrets, schematics, or other proprietary information is a treasure cove in the wrong hands and a recipe for disaster.

Pani’s lawyer has refused to comment about Pani’s defense.

More about intellectual property theft

More than often intellectual property theft goes unnoticed simply because it cannot be seen the way other thefts are visible. It involves stealing or misusing proprietary information of a company. Intellectual property theft can result in serious financial loss.

Alertsec protects intellectual property theft

It is clear that the security of world’s large corporations is at risk. In the absence of full disk encryption, valuable files can be accessed. To keep your sensitive data safe from thefts and hacking, it is vital to use Data encryption software. Data loss prevention systems can also reduce the loss of information. Investing $13/month gives an organization peace of mind. A very small price to pay compared to losing high-quality or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model.

No comments »

Posted in Computer security, Data Protection, Hackers, Hard Disk, Identity and Information loss, Lawsuits and settlements, Security Flaw, computer security software, data breach, data encryption, identity theft

Tags: Advanced Micro Devices AMD Biswamohan Pani Computer security Data theft Employment FBI Federal Bureau of Investigation Hudson Massachusetts Intel Theft United States district court

The casino city latest victim of identity theft – 13 California residents face indictment

April 10th, 2012

Identity theft at the Casino city of Las Vegas. Suspects behind bars

13 California based residents are behind the identity theft scheme that came to light in Las Vegas recently. This scheme had employed electronic devices in Las Vegas and it gathered information from credit cards and debit cards bit by bit.

The report in detail

The incident took place on 13th March in Las Vegas and the indictment was then handed over in U.S district court but was sealed till Tuesday so that the thieves could be arrested. The crime involved installation of “skimmers” into exterior door readers at JP Morgan Chase bank branches around the valley. The defendants also used the pinholes on the ATM pin pads and fixed a camera on it to access the account holders’ personal identification number (PIN). Usually all ATMs are open for customers after the bank timings also to avail the ATM services. Anyone can swipe the bank or debit cards to enter the ATM cabin.

The thieves obtained account holders data, including account numbers, names and card expiration dates. They further took undue advantage of credit cards as they had their respective PINs with them.

The U.S. Attorney’s Statement

“We are working vigilantly with our federal, state and local law enforcement partners to identify, arrest and prosecute criminals who are stealing personal information and using it to manufacture counterfeit credit and debit cards,” Bogden said. “If you are involved in this type of criminal activity and are convicted, you are going to federal prison.”

Actual incident

The data skimmed from debit and credit cards was used at JP Morgan Chase ATMs on Sky Pointe Drive, West Flamingo Road, West Craig Road, West Sahara Avenue, South Fort Apache, Camino Al Norte, East Charleston Boulevard and South Rainbow Boulevard.

According to the indictment, the thefts had started from November 2009. The indictment does not state the exact amount of loss.

The suspects are said to be in the age group ranging from 21 to 44. Some of them are charged with conspiracy, some with aggravated identity theft. On Tuesday six suspects were arrested in California, out of which five were already in custody for other charges. And more two suspects are yet to be arrested as per the source.

Court appearances of these suspects are being scheduled.

Protect your identity with Alertsec

The above news items clearly shows how important it is to protect your identity these days, especially your e-identity i.e. digital identity. Credit cards, ATM cards, debit cards etc are more vulnerable than you know. Comapnies like Alertsec are here to protect your identities.

Alertsec Xpress uses Check Point Full Disk Encryption software. The software encrypts and decrypts data on the fly making it transparent to the user and to applications. One of the issues with traditional disk encryption software is that access time increases. In independent tests, Check Point Full Disk Encryption delivered the best performance results when compared with other major products on the market, with less than 2% degradation in disk performance.

No comments »

Posted in Computer security, Hackers, Hard Disk, Identity and Information loss, computer security software, identity theft

Tags: AlertSec Xpress ATM ATM card Automated teller machine Check Point Full Disk Encryption Credit card Debit card disk encryption identitytheft JPMorgan Chase Personal identification number

Utah Medicaid breach much bigger than initially reported

April 7th, 2012

Centers for Medicare and Medicaid Services - Medicaid breach much higher than reported

Why don’t firms educate their employees about data protection? Why aren’t data security policies updated and awareness increased among staff regarding data thefts? These questions need to be answered and answered fast!

Today’s news story talks about Medicaid records that were stolen due to an employee’s negligence.

Story as it unfolds

Medicaid patients in Salt Lake City, Utah, are facing identity theft.

Hackers (from an Eastern European country) hacked into a state server that had data of 24,000 Medicaid claims as on Friday, March 30. The hackers accessed client names, addresses, birth dates, Social Security numbers, physician’s names, national provider identifiers, addresses, tax identification numbers, and procedure codes designed for billing purposes.

The problem was identified on April 2 and immediately the servers were pulled down. As to how the hackers managed to break into the system, is still unknown. As of now the danger seems to have passed and the data is said to be safe. Victims are being contacted and hotlines have been set up for more information.

An update

As of Wednesday, 24000 claims were identified as hacked. But the picture is rapidly changing. There is a strong possibility that the number of people affected is much higher as 24000 files have been stolen. That means each file has more than 100 records of patient data.

Michael Hales, the Health Department’s Medicaid director, said “This is some external party maliciously attacking a server,” Hales said. “It just looks like processes broke down.” ”We understand clients are worried about who may have accessed their personal information, and that many of them feel violated by having their information compromised,” Hales said. “But we also hope they understand we are doing everything we can to protect them from further harm.”

Who is in charge of the computers?

The Department of Technology Services is in charge of the state’s computer systems. On Thursday, Boyd Webb, the agency’s chief information security officer, said he was aware and knew the individual who had put the server online without its proper security. No name was divulged, though. “I believe it was just a mistake,” he said.

Troubleshooting

Clients whose Social security numbers were stolen are being contacted immediately. This was confirmed by Health Department spokesman Tom Hudachko .The Health department is offering free credit monitoring for a year to the victims and an hotline is in place for those who are affected.

What is more difficult here is protecting children’s identity as they do not have a credit report, credit cards or bank accounts. The state, with the credit bureau TransUnion’s help, is providing a way for a child’s Social Security number to be registered and their credit is essentially frozen till they become adults.

The website http://www.idtheft.utah.gov has been set up to allow victims of fraud to file an affidavit.

AlertSec’s security services

Organisations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Alertsec Xpress’s Check Point Full Disk Encryption is used by over 4 million users worldwide.

No comments »

Posted in Computer security, Data Protection, Encryption, Hackers, Identity and Information loss, computer security software, data breach, data encryption, identity theft

Tags: Check Point Databases DTS Eastern Europe Health Health department identity theft Medicaid Salt Lake City Server (computing) Social Security number TransUnion Utah

Gaming Website ‘RockYou’ to pay $250k over Data Breach

March 31st, 2012

Rockyou reaches settlement with FTC over data breach

RockYou, a social gaming website, settled the pending charges of $250,000 towards the U.S Federal Trade Commission (FTC). The data breach that happened in 2009 where ‘RockYou’ exposed personal information of thirty two million users to the hackers rocked the data world. The pending charges included the civil penalty and other concessions. Violation of Children’s Online Privacy Protection Act (COPPA), not engaging in deceptive claims regarding privacy and data security and maintaining a data security program are included in the other concessions charged.

What did RockYou do?

The FTC suspected that RockYou collected information from 179,000 children. According to the federal law, collection, use or exposing the personal information of children below 13 years of age is not allowed. They need to take their parent’s consent. The information collected by RockYou contained date of birth of children. FTC in an agency’s wider campaign took action against Rock You. This campaign was to ensure that companies live up to their promises on data security of their customers. Along with FTC, there was an Indiana man, Alan Claridge who also filed suit against Rock You for the massive data breach in November 2009. However, the case got settled out of the court for $2000 and legal fees which amounted to $290,000.

Rock You proved to be a good example for weak passwords. A study showed that RockYou members had bad password practices like RockYou, 12345,123456 and so on.

A study indicated that passwords like names, slang words dictionary words are very popular. If a hacker tries to guess the first 5000 words from the dictionary, it is very obvious that he would likely have access to many accounts. At this rate, a hacker will gain access to 1000 accounts in less than 17 minutes.

To avoid data theft

RockYou should have had a strong data security policy and they should encourage people to keep strong passwords when they sign in. Companies like gaming sites or social networking sites should educate people on the importance of having strong passwords. There should be a set of password policies. Encryption is necessary for the confidentiality and security of the customers. FTC has a new publication to help the teens in navigating internet safely known as Living Life Online. A regular data security program should be implemented by organisations like RockYou and audited by third party. RockYou will also need to delete the information collected from children under 13 years of age as stated by FTC and will need to pay $250,000 as a penalty towards COPPA violations.

Alertsec Rocks

Organisations and individuals are being trained to handle their data security in a better way. Names like Sarbanes-Oxley, PCI Data Security Standard, HIPAA, and the Data protect Act are all examples of guides for different industries and sectors. Companies are expected to have an information security policy in place to safeguard the information.

With Alertsec, your data can remain safe. It uses encryption software to protect your data from breaches and theft.

Alertsec Xpress is backed up by Check Point Full Disk Encryption and is used by over 4 million users worldwide, with single deployments exceeding 150,000 laptops and PCs. This is the most deployed software of its kind and is seen as today’s market leader.