Archive for the ‘Hard Disk’ category

Phishing attack leads to data breach

May 2nd, 2015

Partners Health Care System, Inc. suffered data breach when it learned that employees had fallen victim to a phishing scheme, providing sensitive information to unauthorized individuals. Affected information includes names, addresses, dates of birth, telephone numbers, and Social Security numbers in a few cases. Moreover, patients’ clinical information, such as diagnoses, treatment received, medical record numbers, medical diagnosis codes, or health insurance information, could also have been exposed in a few cases.

“Responding to the ‘phishing’ emails created an opportunity for unauthorized access to the workforce members’ email accounts within the Partners HealthCare network,” the statement read. “When we learned of this, we took steps to secure the email accounts and contacted law enforcement.”

Partners’ affiliated hospitals and institutions are also potentially affected which includes Brigham and Women’s Hospital, Brigham and Women’s Faulkner Hospital, Massachusetts General Hospital, North Shore Medical Center, Partners Continuing Care, and Newton-Wellesley Hospital.

“We deeply regret any inconvenience this may have caused you,” Partners said in its statement. “To help prevent something like this from happening in the future, we have reinforced workforce member education regarding ‘phishing’ emails and are enhancing our existing technical safeguards to protect patient information.”

The hospital mentioned that notification letters are sent to the affected individuals. They believe that there is no indication of affected information being misused.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Healthcare Data Breaches and Patients

March 23rd, 2015
Cryptographically secure pseudorandom number g...

Healthcare Data Breaches and Patients 

Healthcare breaches affect hospitals and patients alike, says survey by TransUnion. The organization can face huge penalties from the Department of Health and Human Services (HHS) due to data breach. The lost personal information takes time to recover and leads to loss of trust.

According to the recent survey, healthcare data breaches can also push patients away from the affected organization. TransUnion conducted an online survey of around 1200 US adults who received medical care.

“The hours and days immediately following a data breach are crucial for consumers’ perceptions of a healthcare provider,” TransUnion Healthcare President Gerry McCarthy said in a statement. “With the right tools, hospitals and providers can quickly notify consumers of a breach, and change consumer sentiments toward their brand.”

According to the survey-

  • Sixty-five percent of surveyed adults said that they would avoid providers that experience a healthcare data breach
  • Forty-six percent of those surveyed said they expect a notification within one day of the breach
  • Thirty-one percent said that they expect to receive a response or notification within one to three days
  • Seventy-three percent of patients ages 18 to 34 said they were likely to switch healthcare providers after a data breach

“Older consumers may have long-standing loyalties to their current doctors, making them less likely to seek a new health care provider following a data breach,” McCarthy said. “However, younger patients are far more likely to at least consider moving to a new provider if there is a data breach. With more than 80 million millennials recently entering the healthcare market, providers that are not armed with the proper tools to protect and recover from data breaches run the risk of losing potentially long-term customers.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Hard Drive Stolen from Employee’s home

February 10th, 2015
Inner view of a Seagate 3.5 inches hard disk d...

Hard Drive Stolen from Employee’s home  

A medical facility in Tennessee suffered data breach when employee was burglarized and the hard drive was stolen. Reportedly, the personal electronics was also stolen from employee’s home. According to the Baskin Cancer Foundation statement, the device contained patient demographic information, dates of birth, Social Security numbers, phone numbers, and first and last dates of clinic visits. In terms of employee data, the hard drive contained titles, office location, Social Security numbers, dates of birth, pay rates, hire dates, and termination dates (if applicable).

Highlights of the data breach and statement:

  • The employee was properly authorized to work on the data at home as part of his job.
  • The hard-drive was not encrypted
  • The affected individuals are patients who were seen at each of Boston Baskin’s office locations between 2008 and July 2014.
  • All affected individuals are being notified by mail.
  • Patients and employees may wish to place a fraud alert on their credit reports. Questions may be directed to a toll-free helpline

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Orlando medical center lost flash drive

April 3rd, 2014
20090415 USB Flash Drives

Orlando medical center lost flash drive

Orlando Health’s Arnold Palmer Medical Center reported data breach when it lost the flash drive. Flash drive contained patient’s data which included names, assigned medical record numbers, dates of birth, gestational ages, birth weights, dates of hospitalizations, and in some cases, according to the report, transfer dates of the children who were patients at either Arnold Palmer Hospital for Children or Winnie Palmer Hospital for Women & Babies between 2009 and 2013.

Arnold notified about the lost flash drive to the affected patients. The flash drive did not include patients’ Social Security numbers or financial data. Patients’ records are strictly considered as confidential under the 1996 Health Insurance Portability and Accountability Act (HIPAA) law. Orlando Health notified federal authorities regarding the data breach. They suspect that flash drive was lost and not stolen.

Steve Stallard, corporate director of compliance and information security at Orlando Health said, “Arnold Palmer Medical Center takes this incident very seriously, and we are committed to protecting patients’ health and personal information.”

Stallard added that they do not have any evidence to prove that device was used by unauthorized individual. A computer flash drive contained patient information of 586 children treated at Orlando Health’s Arnold Palmer Medical Center.

“We deeply regret any concern or inconvenience this may cause.” He added.

Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

Facts You Should Know about Cyber Insurance

March 24th, 2014

Cyber

Facts You Should Know about Cyber Insurance

Cyber insurance is to protect losses against cyber threat and losses. Cyber Insurance is not a new concept but many companies don’t have cyber insurance policies still today. The growth for cyber insurance is slow because market is very complex and inconsistent.  Cyber insurance can be costly too which can go around $35,000 for a $1 million in coverage which is still less compared to costs of major breach.

It is important to know about cyber insurance and how can it benefit the organizations.

Cyber insurance is specific

Your general liability and professional indemnity insurance is not cyber insurance. General liabilities frequently cover basics like physical damage and not data breach. A simple virus can cost millions in terms of losses. Most of general liability insurer deliberately neglect the data breach clause.

All are not equal

Cyber insurance is still considered to be relatively nascent stage. It is a decade old concept to save the companies from data breach. A standard cyber insurance policy may not cover exact need of your organization. It is important to access your needs and go your proposed policy to negotiate best suitable terms.

Data loss cover

Cyber insurance policy should go beyond hacking and cover data loss. A minor data loss can cause significance damage to the company.

Example: Massachusetts General Hospital had to pay a $1 million fine to the US Department of Health and Human Services after an employee of Partners HealthCare left the records of 192 patients on a train.

Cyber insurance vs. good security

Cyber insurance is not the license to neglect security constraint of data. You have to perform assessment and audits to check the policies to secure the data.

“Being able to prove that they weren’t negligent could save organizations millions in the long-run,” explains Jamie Bouloux, a cyber insurance liability executive at AIG. “If something happens when a client loses data, they can tell the regulator that they did everything within reason to try to ensure that there was an environment of security where its employees knew how to handle client information.”

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta