Archive for the ‘Hard Disk’ category

Half of the third party softwares are outdated

June 13th, 2017

Synopsys conducted a study of 128,782 software applications which shows that almost fifty percent are old.

“Over time, vulnerabilities in third-party components are discovered and disclosed, leaving a previously secure software package open to exploits,” Synopsys Software Integrity Group general manager Andreas Kuehlmann said in a statement. “The message to the software industry should not be whether to use open source software, but whether you are vigilant about keeping it updated to prevent attacks.”

The survey also showed that some of the vulnerability dates back to 1999.

“Coming on the heels of last month’s WannaCry outbreak, the insights in the report serve as a wake-up call that not everyone is using the most secure version of the available software,” Synopsys security strategist Robert Vamosi said. “The update process does not end at the time of software release, and an ongoing pattern of software updates must be implemented throughout the product lifecycle.”

“As new CVEs are disclosed against open source software components, developers need to know whether their products are affected, and organizations need to prevent the exploit of vulnerabilities with the latest versions when they become available,” Vamosi added.

Vanson Bourne survey mentioned that companies are not up to date considering patches and new versions. Half of the user mentioned that they have to bring a team for patches or to deal with a security issue.

“We can see with the recent WannaCry outbreak — where an emergency patch was issued to stop the spread of the worm — that enterprises are still having to paper over the cracks in order to secure their systems,” Bromium CTO and co-founder Simon Crosby said in a statement. “The fact that these patches have to be issued right away can be hugely disruptive to security teams, and often very costly to businesses, but not doing so can have dire consequences.”

“WannaCry has certainly shined a spotlight on a problem that has plagued enterprises for years,” Crosby added. “It is simply impractical to expect enterprise organizations to continually upgrade — even when they have licenses, the actual deployment creates huge disruption, or in some instances would require an entire hardware refresh and result in huge upfront capital costs.”

____________________________________________________________________________________________

Alertsec helps you comply with HIPAA, PCI and SOX requirements. 

Stolen Laptop and Data Breach

February 12th, 2016

Around 30,000 individuals were affected due to recent data breach in auditing company Seim Johnson. According to the reports, Nebraska-based Community Hospital might be one of the affected facilities. A stolen laptop may have contained patients’ personal information.

Community Hospital receives auditing services from Seim Johnson. A Seim Johnson employee laptop was stolen in Nashville, Tennessee. Laptop was not encrypted.

Affected information includes patient names, a personal identifier such as a patient account number, and medical record number or visit number. Social Security numbers may also have been on the laptop for a few cases. However, credit card information was not included.

“Any patients who were potentially impacted by this situation have received letters from Seim Johnson notifying them of the event,” Community Hospital Director of Health Information Management and Privacy Officer Rachel Berry told the news source. “”We are not aware of any activity that would make us believe the information has actually been accessed or viewed on the stolen laptop computer.”

According to the McCook Gazette Report –

Community Hospital is taking added precautions to verify an individual’s identity before disclosing additional personal, medical, or financial information.

Although Seim Johnson took steps to encrypt the information on the laptop computer, Seim Johnson cannot confirm the encryption software was functioning correctly. Out of an abundance of caution, identity protection services are being offered at no charge to the patients through AllClear ID.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

————————————————————————————————————————————————————-

Alertsec is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec’s Check Point Full Disk Encryption.

Unauthorized PII access and Data Breach

February 10th, 2016

Florida-based Jackson Health System fired an employee after it was found that she may have stolen confidential patient information.

Former hospital unit secretary Evelina Reid may have stolen confidential patient information including names, dates of birth, Social Security numbers, and home addresses. The incident happened over the last five years. Local law enforcement is investigating the alleged incident.

“Jackson Health System is committed to patient confidentiality,” the statement reads. “The safety and security of our patients is top priority. In order to protect our patients’ rights and private information, we enforce strict rules for those who handle patient information.”

The hospital added that currently “in the process of acquiring and implementing a more robust security system to monitor access to patient records.” Employees are also regularly educated on privacy rules and regulations, according to Jackson Health.

According to the reports, approximately 24,000 patient records may have been inappropriately accessed.

As per the statement:

Any allegations about a breach in security and patient privacy are taken extremely seriously. Jackson Health System continually educates all employees on privacy rules and regulations and has zero tolerance for violations.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

————————————————————————————————————————————————————-

Alertsec is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Human behaviour and Security Threat

January 2nd, 2016

In-depth interviews were conducted with 28 corporate security officials. According to the survey,  93 percent of respondents said human behavior presents the biggest threat to their organizations’ security.

“Defending Data: Turning Cybersecurity Inside Out With Corporate Leadership Perspectives on Reshaping Our Information Protection Practices,” was written by Ari Kaplan Advisors and sponsored by Nuix.

The report states that –

  •   Seventy-one percent of respondents said their organization has an insider threat program policy
  •   Fourteen percent said they allocate 40 percent or more of their budget to insider threats
  •   Ninety three percent of respondents said they were able to identify their critical value data
  •   Sixty nine percent said they knew what people did with that data after accessing it
  •   Ninety percent have designated a senior official to provide oversight
  •   Seventy percent offer their employees training to minimize risk

“There’s been a shift in allocation toward looking internally, rather than at the perimeter,” one respondent said.

“We’re seeing a lot more hands-on training, employee monitoring, and testing to address the issue,” report author Ari Kaplan said in a statement.

According to other survey conducted by Cybrary of 435 senior level technology professionals, 68 percent of respondents believes that there’s a global shortage of skilled cyber security professionals.

  • Eighty percent of respondents said they always or sometimes have trouble recruiting skilled cyber security professionals
  • Forty Seven percent of respondents said their company plans to hire between one and 10 cyber security employees in 2016

“Companies with pressing cyber security needs are finding that there’s a major lack of qualified professionals to fill their positions, which makes them vulnerable to cyber attacks,” Cybrary co-founder Ryan Corey said in a statement.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

————————————————————————————————————————————————————-

Alertsec is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec’s Check Point Full Disk Encryption.

 

MaineGeneral Health suffers data breach

December 6th, 2015

MaineGeneral Health suffered healthcare data breach recently. It is now sending notification letters to individuals who fell victim to the cyberattack.FBI notified that much of MaineGeneral Health data was on a website not affiliated with the system.

MaineGeneral and a third-party forensics team found that personal information had been breached for patients who were referred by a treating physician to radiology. Some MaineGeneral employee information was also breached along with personal information for potential donors.

Affected information includes names, addresses, and telephone numbers. MaineGeneral confirmed that no Social Security numbers, patient medical or health information, health records, driver’s license numbers, or financial information had been disclosed.

Data breach could include patients at all of MaineGeneral’s subsidiary clinics, including MaineGeneral Medical Center, MaineGeneral Rehabilitation and Long Term Care, MaineGeneral Retirement Community, and MaineGeneral Community Care.

Fraud Prevention Tips

MaineGeneral encourages everyone to remain vigilant against incidents of identity theft, especially this time of year. 

  • Reviewing account statements, medical bills, and health insurance statements regularly for suspicious activity, to ensure that no one has submitted fraudulent medical claims using your name and address. Report all suspicious or fraudulent charges to your account and insurance providers.  If you do not receive regular Explanation of Benefits statements, you can contact your health plan and request them to send such statements following the provision of services.
  • Contacting the IRS at www.irs.gov to request a PIN to file your taxes, so that no one can use your information to submit a fraudulent tax return. The IRS will begin offering PINs in mid-January 2016.

Ordering and monitoring your credit reports for suspicious activity. Under U.S. law, everyone is entitled to one free credit report annually from each of the three major credit bureaus.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Health Care CyberSecurity

November 14th, 2015

The Institute for Critical Infrastructure Technology (ICIT) Co-founder and Senior Fellow Parham Eftekhari had the discussion with HealthITSecurity about Cybersecurity Awareness.

According to Eftekhari, its currently imperative for organizations to understand that theyll never be able to prevent breaches from happening.

The best way to protect their organization is to focus on detect and response strategies, and create as many roadblocks and obstacles as possible so network administrators can quickly identify unauthorized access or suspicious activity on the network,he explained. [It will] slow down the attackers ability to successfully exfiltrate data and really give the network administrator time to stop the attack.

According to Eftekhari, behavior analytics, dual-factor authentication, and encryption are critical pieces when it comes to creating a virtual tar pitenvironment within the network to slow down the attacker.  

The other key takeaway for Cybersecurity Awareness is the human factor, he explained.

[ICIT] acts as an educator for the legislative community, federal agencies and critical infrastructure sector stakeholders because they need access to cutting edge research and knowledge of cyber trends.Eftekhari said. In that same context, we also need to guide our children and our families, and of course consumers and employees, in cybersecurity best practices without being Orwellian about it. Thats how were going to become a more cyber conscious nation and ultimately improve security.

Montana Williams, Senior Manager, Cybersecurity Practices, ISACA mentioned that it is important that everybody in an organization understand their role in increasing the resiliency of that organization.

Cybersecurity has evolved slowly because technology has outpaced the security aspect of cybersecurity,Williams stated. So it has struggled to keep up with the newest technical advances. The security aspect has struggled to keep up with the threat vectors, and then also it has struggled from an awareness perspective because I believe people are still very naive about the threat of cybersecurity.

Employee training as a whole is the most critical thing for organizations, according to Williams.

The technologies exist out there that can do a great job against a threat, but that training component doesnt exist because the professionals who are managing those technologies dont know how to integrate them the most effective way on their enterprises against that threat thats out there,Williams said.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Unencrypted email and data breach

November 10th, 2015

An unencrypted email resulted in potential health information data breach for over 500 patients in North Carolina. The North Carolina Department of Health and Human Services (DHHS) has experienced a health data breach second time due to an unencrypted email. Earlier, the incident involved the health data breach of 524 state Medicaid patients.

DHHS mentioned that the email that compromised the information was sent to the correct recipient but was unencrypted which is against the policy. Affected information includes Medicaid patients, including patient names, addresses, Medicaid recipient ID numbers, genders, ethnicity, race, insurance information, provider names, Social Security numbers, and dates of birth.

DHHS has plans to overhaul the email encryption process by updating email software. The said software will block any email containing patient information from being sent until the information has been encrypted. DHHS believes that software eliminates the risk of human error.

We take very seriously our responsibility to secure the personal information entrusted to us,said Dave Richard, DHHS deputy secretary in charge of Medicaid. This technology adds a safety net and a layer of protection that goes beyond the human element. This is an important, necessary addition to our workflow.

DHHS also suffered health data security issues back in 2014. DHHS officials believes that it was the agencys responsibility to protect patient information.

I deeply apologize for the impact that this has caused to the citizens of the state,DHHS secretary Aldona Wos explained at the time. First and foremost, I firmly believe as secretary, that it is my obligation to ensure that the children and families we serve receive their health care in a protected and secure environment.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

OU Medicine Suffers Data Breach

October 17th, 2015

As per the reports, OU Medicine suffered data breach when a laptop potentially storing a spreadsheet containing limited patient information was stolen from a former OU physician. The spreadsheet  in the laptop contained limited information for approximately 9,300 pediatric patients.

Affected Health information includes patient name, diagnosis, treatment code, date of treatment, date of birth, description of urologic medical treatment or procedure, medical record number, and physician name. According to OU Medicine, no addresses, Social Security numbers

, or other billing information was included.

The hospital took precautionary steps by notifying the 9,300 potentially affected individuals via data breach notification letters even though it was not sure whether spreadsheet was present on the laptop. OU Medicine stated that it will provide one year of free credit monitoring to potentially affected individuals.

The physician who owned the stolen laptop had left the department prior to the laptop being stolen. The hospital also mentioned that it does not allow physicians to take medical documents with them after leaving the facility.

The University has policies that generally prohibit the removal of documents that contain patient information from its premises and that require employees to protect patient information on laptops at all times, including by storing it securely,OU Medicine said in its statement.

Facility also expressed regret for the situation.

The University of Oklahoma takes patient privacy seriously,OU said in its statement. The Department is taking additional steps to help prevent similar incidents from occurring and is providing additional training to employees on the importance of securing patient information.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

 

 

BCBS facility suffers data privacy breach

October 3rd, 2015

 

The affected information for first incident included names, addresses, internal BCBSNC account numbers, group numbers, coverage dates and premium amounts due. The internal BCBSNC account numbers printed were not the BCBSNC member identification numbers.

BCBSNC explained in a statement that a printing error caused some members’ billing invoice information to be printed on the backs of other members’ invoices. BCBSNC mentioned that its printing vendor has reviewed standard operating procedures and implemented a new quality control process.

Second data breach occurred when some BCBSNC members received payment letters that included incorrect information. A spreadsheet error reportedly led to the wrong information being printed. A new quality review process has been put into place.

Affected information for second breach that was sent to the wrong members included health plans purchased, effective dates, health insurance marketplace identification numbers, payment amounts, telephone numbers and payment identification numbers.

BCBSNC regrets these situations and any inconvenience they have caused,the statement read. Letters to affected individuals regarding the incidents were mailed on September 10, 2015.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Identity theft and data breach

September 25th, 2015

 

Affected PHI included full name, CVS ID, CVS ExtraCare Health Card number, Rx plan number, Rx plan state, and plan start and end dates.

Molina Healthcare mentioned that this health data breach may lead to identity theft. It also advised all potentially affected individuals to put a fraud alert on his or her credit file. The health insurer also decided to provide the importance to carefully inspecting credit reports.

According to the statement:

Look at your reports when you get them. Look for accounts you do not remember opening. Look requests from creditors that you do not know about. Check for any medical bills that you do not about. Look at all your personal information. Make sure it is correct. Call the credit agency if you any questions about your report.

 If there is something wrong with your report, call your local police or sheriffs office. File an identity theft report. Get a copy of this report. You may need to give a copy to other creditors. This will help clear your records.

If your credit report is OK, you should still check your credit. Check your credit report every three months for the next year. Call one of the numbers above to get your report.

Keep a copy of this letter for your records. It can help if you have future problems with your medical records. You may want to ask for a copy of your medical records from your healthcare providers. It good to have a copy that you can look at in case you ever have problems. You can also get a copy claims or other PHI held by Molina Medicare Options Plus HMO SNP (Molina Healthcare). To get it please call our Member Services department at the toll-free number listed below.

Molina Healthcare regrets this problem. CVS is replacing CVS ExtraCare Health Cards for affected individuals who are current Molina Healthcare members with an OTC benefit, unless your CVS ExtraCare Health Card was already replaced due to a change in your benefits plan. To further help protect your identity, we are offering you a free one-year membership of identity theft protection. 

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.