Archive for the ‘Hard Disk’ category

Email hacking leads to potential data breach

September 22nd, 2015

Oakland Family Services is dealing with a potential PHI data breach after one of its employees email was reportedly hacked. The organization reported that an unauthorized individualgained access to an employee email account and possibly viewed patient PHI. According to reports, EMR databases and other agency email accounts and databases were not affected.

Statement mentioned that 16,000 clients will be sent data breach notification letters and 173 had a Social Security number present in the affected email account.

Affected information includes client names, internal client ID numbers, dates of service and types of service provided. Oakland Family Services added that in a few cases, the emails also included dates of birth, telephone numbers, addresses, diagnoses, health plan ID numbers, insurance numbers and Social Security numbers. Financial information was not included in the email account, the provider added.

An internal investigation has shown that the rogue user had access to the account for 23 minutes, it is believed with the intent of perpetuating a phishing scheme,Oakland Family Services explained in a statement. Following a phishing email sent to the employees email contacts, none of which were clients, the hacker exited the account.

The incident was discovered on the same day that the hack took place. Oakland Family Services explained that it immediately terminated the hackers access to the account.

Oakland Family Services Director of Information Technology David Partlo said in a statement that the provider maintains an extensive security program to safeguard clients PHI.” This includes annual staff trainings, regular third-party audits of the Oakland Family Services security protocol, and strong passwords.

We took action within 15 minutes of the intruder gaining access to block him or her from the affected email account and based on this incident, even stronger email protocol has been implemented,” Partlo said. “We feel reassured by the fact it doesnt appear the person gained access in search of PHI, but simply to perpetuate the phishing scheme, based on the amount of time the hacker spent in the account and the actions we know he or she took.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Sutter Health suffers data breach

September 15th, 2015

According to reports, a former employee reportedly emailed patient information without proper authorization. Around 2,582 patients are potentially affected, and that with the exception of two patients, no Social Security numbers, financial information or drivers license data were included.

A thorough review of the former employees email activity and computer access led to the discovery of the incident. Affected information includes name, date of birth, insurance identification number, date of service and billing code included in the emailed information. One patients California drivers license number was included, while another patients Social Security number and California drivers license number were included.

The employee worked for Sutter Physician Services (SPS), which handles billing for Sutter Healths physician medical foundations, the statement explained.

Our patients trust us to provide their care and protect their privacy,Sutter Health Chief Medical Officer Stephen Lockhart, M.D., Ph.D., said in a statement. We believe protecting patientshealth information is the responsibility of every employee. We require employees to sign confidentiality agreements. In addition, we train them to follow privacy and information security policies and regulations. We deeply regret this incident occurred.

Sutter Health mentioned that there is no evidence that any of the information was used inappropriately. patients who receive a notification letter mailed September 11 will be offered free credit monitoring services for one year.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

 

Phishing attack leads to data breach

May 2nd, 2015

Partners Health Care System, Inc. suffered data breach when it learned that employees had fallen victim to a phishing scheme, providing sensitive information to unauthorized individuals. Affected information includes names, addresses, dates of birth, telephone numbers, and Social Security numbers in a few cases. Moreover, patients’ clinical information, such as diagnoses, treatment received, medical record numbers, medical diagnosis codes, or health insurance information, could also have been exposed in a few cases.

“Responding to the ‘phishing’ emails created an opportunity for unauthorized access to the workforce members’ email accounts within the Partners HealthCare network,” the statement read. “When we learned of this, we took steps to secure the email accounts and contacted law enforcement.”

Partners’ affiliated hospitals and institutions are also potentially affected which includes Brigham and Women’s Hospital, Brigham and Women’s Faulkner Hospital, Massachusetts General Hospital, North Shore Medical Center, Partners Continuing Care, and Newton-Wellesley Hospital.

“We deeply regret any inconvenience this may have caused you,” Partners said in its statement. “To help prevent something like this from happening in the future, we have reinforced workforce member education regarding ‘phishing’ emails and are enhancing our existing technical safeguards to protect patient information.”

The hospital mentioned that notification letters are sent to the affected individuals. They believe that there is no indication of affected information being misused.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Healthcare Data Breaches and Patients

March 23rd, 2015

Healthcare breaches affect hospitals and patients alike, says survey by TransUnion. The organization can face huge penalties from the Department of Health and Human Services (HHS) due to data breach. The lost personal information takes time to recover and leads to loss of trust.

According to the recent survey, healthcare data breaches can also push patients away from the affected organization. TransUnion conducted an online survey of around 1200 US adults who received medical care.

“The hours and days immediately following a data breach are crucial for consumers’ perceptions of a healthcare provider,” TransUnion Healthcare President Gerry McCarthy said in a statement. “With the right tools, hospitals and providers can quickly notify consumers of a breach, and change consumer sentiments toward their brand.”

According to the survey-

  • Sixty-five percent of surveyed adults said that they would avoid providers that experience a healthcare data breach
  • Forty-six percent of those surveyed said they expect a notification within one day of the breach
  • Thirty-one percent said that they expect to receive a response or notification within one to three days
  • Seventy-three percent of patients ages 18 to 34 said they were likely to switch healthcare providers after a data breach

“Older consumers may have long-standing loyalties to their current doctors, making them less likely to seek a new health care provider following a data breach,” McCarthy said. “However, younger patients are far more likely to at least consider moving to a new provider if there is a data breach. With more than 80 million millennials recently entering the healthcare market, providers that are not armed with the proper tools to protect and recover from data breaches run the risk of losing potentially long-term customers.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Hard Drive Stolen from Employee’s home

February 10th, 2015

A medical facility in Tennessee suffered data breach when employee was burglarized and the hard drive was stolen. Reportedly, the personal electronics was also stolen from employee’s home. According to the Baskin Cancer Foundation statement, the device contained patient demographic information, dates of birth, Social Security numbers, phone numbers, and first and last dates of clinic visits. In terms of employee data, the hard drive contained titles, office location, Social Security numbers, dates of birth, pay rates, hire dates, and termination dates (if applicable).

Highlights of the data breach and statement:

  • The employee was properly authorized to work on the data at home as part of his job.
  • The hard-drive was not encrypted
  • The affected individuals are patients who were seen at each of Boston Baskin’s office locations between 2008 and July 2014.
  • All affected individuals are being notified by mail.
  • Patients and employees may wish to place a fraud alert on their credit reports. Questions may be directed to a toll-free helpline

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Orlando medical center lost flash drive

April 3rd, 2014

Orlando Health’s Arnold Palmer Medical Center reported data breach when it lost the flash drive. Flash drive contained patient’s data which included names, assigned medical record numbers, dates of birth, gestational ages, birth weights, dates of hospitalizations, and in some cases, according to the report, transfer dates of the children who were patients at either Arnold Palmer Hospital for Children or Winnie Palmer Hospital for Women & Babies between 2009 and 2013.

Arnold notified about the lost flash drive to the affected patients. The flash drive did not include patients’ Social Security numbers or financial data. Patients’ records are strictly considered as confidential under the 1996 Health Insurance Portability and Accountability Act (HIPAA) law. Orlando Health notified federal authorities regarding the data breach. They suspect that flash drive was lost and not stolen.

Steve Stallard, corporate director of compliance and information security at Orlando Health said, “Arnold Palmer Medical Center takes this incident very seriously, and we are committed to protecting patients’ health and personal information.”

Stallard added that they do not have any evidence to prove that device was used by unauthorized individual. A computer flash drive contained patient information of 586 children treated at Orlando Health’s Arnold Palmer Medical Center.

“We deeply regret any concern or inconvenience this may cause.” He added.

Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

Facts You Should Know about Cyber Insurance

March 24th, 2014

 

Cyber insurance is to protect losses against cyber threat and losses. Cyber Insurance is not a new concept but many companies don’t have cyber insurance policies still today. The growth for cyber insurance is slow because market is very complex and inconsistent.  Cyber insurance can be costly too which can go around $35,000 for a $1 million in coverage which is still less compared to costs of major breach.

It is important to know about cyber insurance and how can it benefit the organizations.

Cyber insurance is specific

Your general liability and professional indemnity insurance is not cyber insurance. General liabilities frequently cover basics like physical damage and not data breach. A simple virus can cost millions in terms of losses. Most of general liability insurer deliberately neglect the data breach clause.

All are not equal

Cyber insurance is still considered to be relatively nascent stage. It is a decade old concept to save the companies from data breach. A standard cyber insurance policy may not cover exact need of your organization. It is important to access your needs and go your proposed policy to negotiate best suitable terms.

Data loss cover

Cyber insurance policy should go beyond hacking and cover data loss. A minor data loss can cause significance damage to the company.

Example: Massachusetts General Hospital had to pay a $1 million fine to the US Department of Health and Human Services after an employee of Partners HealthCare left the records of 192 patients on a train.

Cyber insurance vs. good security

Cyber insurance is not the license to neglect security constraint of data. You have to perform assessment and audits to check the policies to secure the data.

“Being able to prove that they weren’t negligent could save organizations millions in the long-run,” explains Jamie Bouloux, a cyber insurance liability executive at AIG. “If something happens when a client loses data, they can tell the regulator that they did everything within reason to try to ensure that there was an environment of security where its employees knew how to handle client information.”

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

Office break leads to patient information breach

March 4th, 2014

The protected health information (PHI) of patients at Dr. J.M. Benson’s Sherman, Texas practice was stolen in the event of office break in which may lead to data breach. Computers and at least one hard drive were stolen from the office.

Devices contained information of patients which includes names, addresses, phone numbers, health insurance provider numbers, and Social Security numbers. Status of information whether it was encrypted or not was unavailable.

Office issued written statement and advised to check their health reports and credit reports for any illegal activity. It mentioned, “We suspect that it might be possible for the persons who stole the equipment to attempt to use the information contained therein for the purposes of committing health insurance fraud.” Office is in the process of upgrading security checks. They also said, “Sincerely apologize and regret that this situation occurred.”

Dr. Benson immediately reported the incident to the police and investigation is in the process. He further added in statement issued to the affected patients, “In addition, you should monitor your health care reports, such as your insurance Explanation of Benefit (EOB) documents, to ensure that charges included on the EOB’s are for services that are actually provided to you,”

It is possible for the person who stole the records can use the patient’s personal information for committing health insurance fraud.

The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec strengthens security

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Enhanced by Zemanta

Health data breach complaint filed by Milwaukee

November 10th, 2013

Dynacare, a clinical laboratory services company lost a USB flash drive with unencrypted patient data during data breach incident. Milwaukee handed the data over to Froedtert Health’s Workforce Health, a public health organization that had contracted with and has an ownership interest in Dynacare.

The lost flash drive contained 6,000 Milwaukee employees’ data such as names, addresses, dates of birth, Social Security numbers and gender. And it stored the names of 3,000 spouses and domestic partners as well, so there was a great amount of Milwaukee patients affected. The city’s complaint may be redundant in light of Dynacare previously reporting the breach to the Department of Health and Human Services (HHS). But here’s the statement from Milwaukee City Attorney Grant Langley.

After consultation with members of the Common Council and the Mayor, the Office of the City Attorney has decided to file a formal complaint with the federal Office of Civil Rights against Dynacare Laboratories for its admitted breach of HIPAA security requirements regarding the private information of more than 9,000 City of Milwaukee employees, their spouses and their domestic partners.

I will be taking this action on behalf of the city and its employees based on Dynacare’s recent filing of a notice of breach of unsecured protected health information, its apparent unwillingness to communicate or cooperate with city representatives or to release details of its investigation, its failure to provide information to the city in order to protect our employees and the misleading comments Dynacare provided to the media.

It is important to note that the city’s contract for its wellness program is with Froedtert Community Health/Workforce Health. That is the entity to which the city provided employee information in a secured and password-protected manner, not Dynacare. The city continues to investigate the matter, and at this time has not ruled out further litigation.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta

Organisations fear Data Theft from old laptops

September 25th, 2013

It often happens that many companies give or sell their old laptops to the computer firm from which they buy new laptops. The computer firm, such as Dell, then sells them to a firm that refurbishes laptops, which in turn sells them on eBay.

These Companies sometimes do not wipe the data from the laptops and assume that computer firm will wipe the data. But sometimes, the data wiping falls through the cracks.

That is what recently happened to U.K. film maker Glenn Swift, who returned a faulty Acer laptop to Sainsbury, where he initially bought it. Sainsbury told Swift that they needed to return the laptop to the manufacturer to have it fixed.

“But then, six days later, out the blue, I received an email from a gentleman who informed me he had just purchased a second-hand laptop on eBay. It still had my profile on it and he asked for my password to allow him to unlock it. Alarm bells started ringing,” told Swift.

Swift said “It was then I realised just how much information a Windows 8 profile can access. When you first use it you have to set up a profile. If you are an existing user your profile is automatically downloaded to the new computer–apps, settings and passwords, Facebook, Twitter, Yahoo, BlackBerry, Gmail, etc. all your information, accessible in one single place”.

Swift did not give the person the password, but contacted Sainsbury’s, who informed him that they had returned the laptop to the manufacturer for diagnostics. If the manufacturer further sold the laptop, it would first be refurbished and the data wiped, they told him.

There was a different case with Swift, Police had warned him that he was vulnerable to identity theft, so he started changing his passwords.

While Swift’s case involved an individual laptop, similar risks await for organizations that return used laptops to computer firm trusting that the data will be wiped by them.

IT security researcher, Graham Cluley advised “to prevent data from getting into the wrong hands, enterprises should ensure all laptops have hard disk encryption and that a complete erasure of data, including multiple passes across the hard drive, is performed before the used laptop is turned over to a third party”.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta