Archive for the ‘Hard Disk’ category

Orlando medical center lost flash drive

April 3rd, 2014
20090415 USB Flash Drives

Orlando medical center lost flash drive

Orlando Health’s Arnold Palmer Medical Center reported data breach when it lost the flash drive. Flash drive contained patient’s data which included names, assigned medical record numbers, dates of birth, gestational ages, birth weights, dates of hospitalizations, and in some cases, according to the report, transfer dates of the children who were patients at either Arnold Palmer Hospital for Children or Winnie Palmer Hospital for Women & Babies between 2009 and 2013.

Arnold notified about the lost flash drive to the affected patients. The flash drive did not include patients’ Social Security numbers or financial data. Patients’ records are strictly considered as confidential under the 1996 Health Insurance Portability and Accountability Act (HIPAA) law. Orlando Health notified federal authorities regarding the data breach. They suspect that flash drive was lost and not stolen.

Steve Stallard, corporate director of compliance and information security at Orlando Health said, “Arnold Palmer Medical Center takes this incident very seriously, and we are committed to protecting patients’ health and personal information.”

Stallard added that they do not have any evidence to prove that device was used by unauthorized individual. A computer flash drive contained patient information of 586 children treated at Orlando Health’s Arnold Palmer Medical Center.

“We deeply regret any concern or inconvenience this may cause.” He added.

Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

Facts You Should Know about Cyber Insurance

March 24th, 2014

Cyber

Facts You Should Know about Cyber Insurance

Cyber insurance is to protect losses against cyber threat and losses. Cyber Insurance is not a new concept but many companies don’t have cyber insurance policies still today. The growth for cyber insurance is slow because market is very complex and inconsistent.  Cyber insurance can be costly too which can go around $35,000 for a $1 million in coverage which is still less compared to costs of major breach.

It is important to know about cyber insurance and how can it benefit the organizations.

Cyber insurance is specific

Your general liability and professional indemnity insurance is not cyber insurance. General liabilities frequently cover basics like physical damage and not data breach. A simple virus can cost millions in terms of losses. Most of general liability insurer deliberately neglect the data breach clause.

All are not equal

Cyber insurance is still considered to be relatively nascent stage. It is a decade old concept to save the companies from data breach. A standard cyber insurance policy may not cover exact need of your organization. It is important to access your needs and go your proposed policy to negotiate best suitable terms.

Data loss cover

Cyber insurance policy should go beyond hacking and cover data loss. A minor data loss can cause significance damage to the company.

Example: Massachusetts General Hospital had to pay a $1 million fine to the US Department of Health and Human Services after an employee of Partners HealthCare left the records of 192 patients on a train.

Cyber insurance vs. good security

Cyber insurance is not the license to neglect security constraint of data. You have to perform assessment and audits to check the policies to secure the data.

“Being able to prove that they weren’t negligent could save organizations millions in the long-run,” explains Jamie Bouloux, a cyber insurance liability executive at AIG. “If something happens when a client loses data, they can tell the regulator that they did everything within reason to try to ensure that there was an environment of security where its employees knew how to handle client information.”

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

Office break leads to patient information breach

March 4th, 2014
Password 'fido' ...item 3b.. Five Characters i...

Office break leads to patient information breach

The protected health information (PHI) of patients at Dr. J.M. Benson’s Sherman, Texas practice was stolen in the event of office break in which may lead to data breach. Computers and at least one hard drive were stolen from the office.

Devices contained information of patients which includes names, addresses, phone numbers, health insurance provider numbers, and Social Security numbers. Status of information whether it was encrypted or not was unavailable.

Office issued written statement and advised to check their health reports and credit reports for any illegal activity. It mentioned, “We suspect that it might be possible for the persons who stole the equipment to attempt to use the information contained therein for the purposes of committing health insurance fraud.” Office is in the process of upgrading security checks. They also said, “Sincerely apologize and regret that this situation occurred.”

Dr. Benson immediately reported the incident to the police and investigation is in the process. He further added in statement issued to the affected patients, “In addition, you should monitor your health care reports, such as your insurance Explanation of Benefit (EOB) documents, to ensure that charges included on the EOB’s are for services that are actually provided to you,”

It is possible for the person who stole the records can use the patient’s personal information for committing health insurance fraud.

The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec strengthens security

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Enhanced by Zemanta

Health data breach complaint filed by Milwaukee

November 10th, 2013
Official logo of Milwaukee

Health data breach complaint filed by Milwaukee

Dynacare, a clinical laboratory services company lost a USB flash drive with unencrypted patient data during data breach incident. Milwaukee handed the data over to Froedtert Health’s Workforce Health, a public health organization that had contracted with and has an ownership interest in Dynacare.

The lost flash drive contained 6,000 Milwaukee employees’ data such as names, addresses, dates of birth, Social Security numbers and gender. And it stored the names of 3,000 spouses and domestic partners as well, so there was a great amount of Milwaukee patients affected. The city’s complaint may be redundant in light of Dynacare previously reporting the breach to the Department of Health and Human Services (HHS). But here’s the statement from Milwaukee City Attorney Grant Langley.

After consultation with members of the Common Council and the Mayor, the Office of the City Attorney has decided to file a formal complaint with the federal Office of Civil Rights against Dynacare Laboratories for its admitted breach of HIPAA security requirements regarding the private information of more than 9,000 City of Milwaukee employees, their spouses and their domestic partners.

I will be taking this action on behalf of the city and its employees based on Dynacare’s recent filing of a notice of breach of unsecured protected health information, its apparent unwillingness to communicate or cooperate with city representatives or to release details of its investigation, its failure to provide information to the city in order to protect our employees and the misleading comments Dynacare provided to the media.

It is important to note that the city’s contract for its wellness program is with Froedtert Community Health/Workforce Health. That is the entity to which the city provided employee information in a secured and password-protected manner, not Dynacare. The city continues to investigate the matter, and at this time has not ruled out further litigation.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta

Organisations fear Data Theft from old laptops

September 25th, 2013
Desk full of laptop computers

Organisations fear Data Theft from old laptops

It often happens that many companies give or sell their old laptops to the computer firm from which they buy new laptops. The computer firm, such as Dell, then sells them to a firm that refurbishes laptops, which in turn sells them on eBay.

These Companies sometimes do not wipe the data from the laptops and assume that computer firm will wipe the data. But sometimes, the data wiping falls through the cracks.

That is what recently happened to U.K. film maker Glenn Swift, who returned a faulty Acer laptop to Sainsbury, where he initially bought it. Sainsbury told Swift that they needed to return the laptop to the manufacturer to have it fixed.

“But then, six days later, out the blue, I received an email from a gentleman who informed me he had just purchased a second-hand laptop on eBay. It still had my profile on it and he asked for my password to allow him to unlock it. Alarm bells started ringing,” told Swift.

Swift said “It was then I realised just how much information a Windows 8 profile can access. When you first use it you have to set up a profile. If you are an existing user your profile is automatically downloaded to the new computer–apps, settings and passwords, Facebook, Twitter, Yahoo, BlackBerry, Gmail, etc. all your information, accessible in one single place”.

Swift did not give the person the password, but contacted Sainsbury’s, who informed him that they had returned the laptop to the manufacturer for diagnostics. If the manufacturer further sold the laptop, it would first be refurbished and the data wiped, they told him.

There was a different case with Swift, Police had warned him that he was vulnerable to identity theft, so he started changing his passwords.

While Swift’s case involved an individual laptop, similar risks await for organizations that return used laptops to computer firm trusting that the data will be wiped by them.

IT security researcher, Graham Cluley advised “to prevent data from getting into the wrong hands, enterprises should ensure all laptops have hard disk encryption and that a complete erasure of data, including multiple passes across the hard drive, is performed before the used laptop is turned over to a third party”.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta