Archive for the ‘Healthcare’ category

Data breach due to stolen laptop

November 30th, 2016

Kineto Rehab PHysical Therapy, PLLC based in New York recently suffered data breach due to stolen laptop.  As per the reports, a bag containing a work laptop was stolen by the individual. Facility got hold of the footage which identifies thief. It also found out the bag later without laptop in it. Police are still working to track down the thief.

As per the statement, “We sincerely apologize for this incident and we regret any inconvenience it may cause you. Should you have questions or concerns regarding this matter, please do not hesitate to contact us.”

Affected information includes patient names, dates of birth, addresses, Social Security numbers, insurance information and clinical/physical therapy notes.

“There is no indication that your information has been accessed or used by an unauthorized individual,” read the Kineto statement, which was signed by CEO Shirley Agapito, DPT. “Please be assured that we have taken every step necessary to address the incident, and that we are committed to fully protecting all the information that has been entrusted to us.”

As per the OCR data breach reporting tool, the incident affected 665 individuals. Facility mentioned that affected Individuals will be offered a complimentary one-year membership identity protection services.

Website statement provides guidelines as below:

Fraud Alert

Place fraud alert when someone else tries to open a credit account in your name, get add on card or increase the credit limit.

Security Freeze

One can place security freeze on credit report which will stop lenders and others from accessing credit report completely.

Review Reports

Order free annual credit report and look for any discrepancies and spendings.

Credit providers and tools

Create message /email alerts on credit cards and bank accounts to notify you of any transaction or activity. Report the bank if you have not carried out that activity.

____________________________________________________________________________________________

Alertsec helps you comply with HIPAA, PCI and SOX requirements.

Delaware facility affected by business associate

November 26th, 2016

A remote-monitoring labor service for cardiac devices has resulted in the data breach for Delaware facility. It has also affected another healthcare provider. Wentworth-Douglass Hospital (WDH) had been working with Ambucor Health Solutions. Ambucor recovered thumb drives from one of its former employees which reportedly contained personal information of thousands of patients nationwide. privacy

As per the reports, information of 775 WDH patients was present on the drive. It did no include Social Security numbers, credit card, insurance, Medicaid/Medicare or other financial information. But some personal data may have been exposed which included patients’ names, dates of birth, home addresses, phone numbers, medications, race, testing data, patient identification numbers, medical device information such as the manufacturer, diagnosis, Ambucor enrollment numbers, Ambucor enrollment dates, Ambucor technician names, physician name(s), and the name and address of the practice where the patient was seen.

“While WDH was not directly involved in the breach, it appreciates the importance of protecting the privacy and security of personal information and deeply regrets any inconvenience or concern this incident may cause its patients. Ambucor officials are cooperating with federal investigators and have confirmed they are taking steps to prevent this type of incident from occurring again, including a thorough review of and updates to all HIPAA security processes.”

Ambucor mentioned that there is no indication that the data has been misused. It has offered affected patients with one year of identity protection services. Also, one million of identity theft insurance is offered by Ambucor along with any necessary related recovery services.

Ambucor started investigating activities of a former employee just before his employment ended. It came to know that the former employee had downloaded information to personal storage device from a company-issued computer.

____________________________________________________________________________________________

Alertsec Endpoint Encrypt is a cloud-based service that provides password-protected data encryption for all of your business storage devices, whether they are internal to the computer or laptop (like hard drives or Solid State Drives [SSDs]) or external (like thumb drives, external hard drives, writable CDs and DVDs, and memory sticks).

Data breach due to billing service provider

November 24th, 2016

A physical therapy provider recently suffered data breach which involves personal information. The security incident may have affected 1,100 patients at Best Health Physical Therapy. secure-data

Best Health is owned by Travis Lombardi, PT, MSPT.  It provides solution and services to meet rehabilitation goals of individuals. It provides solution for orthopedic and sports medicine, neurological, arthritis, fracture and other issues.

Facility came to know that one of the computer from its billing services provider was inappropriately accessed. The person who got access to the accounts writes blogs on internet security. The individual was reportedly looking for data vulnerabilities. He said that he has no intention of misusing any of the accessed information.

Potentially affected information includes names, addresses, dates of birth, insurance information, driver’s license information and health information. Best Health said that there is no evidence that the data was misused. It also highlighted the fact that the vulnerability was not on its computer system. Billing provider’s system failed to secure its system.

“Best Health took immediate steps to investigate and determine the source and extent of any access to our patients’ information,” Best Health said. “The vulnerability was identified and closed by the billing service provider immediately. Updated access controls are now in place to secure the account. Best Health has terminated its relationship with the billing service provider.”

Best Health did not mention the number of affected individuals but as per the OCR data breach reporting tool,  total 1,100 patients’ information were affected.

“Best Health takes the privacy and protection of its patients very seriously and we sincerely apologize for any concern that this may cause. If you are a patient of Best Health and have questions or concerns regarding this matter and/or the protections available to you, please do not hesitate to call.”

____________________________________________________________________________________________

Alertsec Endpoint Encrypt helps you protect your valuable data from falling into the wrong hands by encrypting it at the source.

Data breach due to stolen laptop

November 6th, 2016

MGA Home Healthcare Colorado, Inc. recently suffered data breach  after a laptop was stolen from an employee’s locked vehicle. Facility is notifying 3,119 patients about the incident.

As per the statement, ‘MGA is committed to the privacy of its patients’ and employees’ information and regrets any concerns or inconveniences that this incident may have caused.For further information and assistance, potentially affected individuals may contact MGA’s incident response service provider, AllClear ID.’

Theft reportedly took place sometime between August 19, 2016 and August 20, 2016 while MGA came to know about it on August 20. Facility notified law enforcement.

MGA said that it is conducting a thorough review of the potentially affected records to confirm what information was exposed. Affected information included names, addresses and other demographic information. Information about MGA-provided healthcare services may have also been exposed. for some patients. Also, thirty two patients had their Social Security number or driver’s license number included in the laptop.

“MGA has no evidence that the information on the laptop has been accessed or used,” MGA maintained. “As a precaution, MGA is offering identity theft protection services to affected individuals. MGA is committed to the privacy of its patients’ and employees’ information and regrets any concerns or inconveniences that this incident may have caused.”

Ways to secure your laptop:

Login Password

Provide a login name and password to access your system

Authentication Gestures

Some laptop comes with authentication gestures. It is part of hardware solution which can be utilised to secure your laptop

Encrypted File Systems

First understand what is a file system. Each operating system uses some algorithm to store and retrieve data from your hard disk. Encrypted File Systems layer themselves on top of an existing file system

Encryption

Through this method encrypting individual files or directories manually is carried out. There are various tools available in the market to do so.

Tracing and Tracking

 With the help of tracking feature/companies you can know the location of the laptop. The laptop must be connected to the internet to send the location pointer.

 ___________________________________________________________________________________

Alertsec Endpoint Encrypt is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Anthem data breach

November 3rd, 2016

Anthem, Inc. based in Indiana recently reported data breach which affected 3,500 Medicare members. According to the reports, certain personal information was exposed after company policies were violated by the employees. Medicare sales department employee emailed company information to his personal email address.

“The individual is no longer employed with our company,” Anthem wrote. “When questioned, the individual advised that he was using the data to validate his commission payments. The information obtained by the individual is the property of the company, and he, like all employees, was prohibited from sending such information outside of the company.”

Affected information included names, dates of birth, addresses, health plan information and, in some cases, Medicare ID numbers. Facility believes that there is no indication of information misuse or identity theft.

Facility mentioned that affected individuals should routinely review accounts statements from time to time and get credit report from one or more of the national credit reporting companies.

Facility mentioned that, ‘We have worked diligently since the discovery of this matter to identify all individuals whose information may have been impacted by the actions of the former sales employee. We have identified Medicare-eligible individuals impacted and we are in the process of contacting these individuals for whom we have valid addresses by U.S. Postal Service addresses. For those whose Medicare ID numbers (which may include a Social Security number) may have been included, we will offer free identity theft protection and credit repair/monitoring services through AllClear Credit and Identity Theft Monitoring and AllClear Identity Repair.’

Earlier Anthem suffered data breach which was considered one of the largest healthcare data breaches. Hackers broke into one of its databases which potentially compromised 78.8 million individuals. This incident breached names, dates of birth, medical IDs or Social Security numbers, street addresses, and email addresses of millions.

____________________________________________________________________________________________

The Alertsec service protects everything stored on the computer such as Word, PowerPoint, Excel, Outlook, Gmail, Photos, Credit Card data files etc. Perhaps, most importantly, your login credentials to cloud applications are protected.

Integrity Transitional Hospital data breach

November 2nd, 2016

Integrity Transitional Hospital based in Texas recently suffered a hacking attack. As per the Office for Civil Rights data breach reporting tool, this incident may have affected 29,514 patients.

The statement on the website began with following, ‘Integrity Transitional Hospital (“Integrity”) is deeply committed to protecting the security and confidentiality of the information in its care. Regrettably, this notice concerns an incident involving some of that information.’

Facility mentioned that it stores certain patient information on laboratory specimens from companies that work with various healthcare providers. Then specimens are submitted to laboratories for testing. The data is kept for billing purposes.

Affected information included some of the lab results, lab testing information, health insurance information, and scanned driver’s licenses associated with laboratory services. Social Security numbers and other financial information were not included in the breach.

“Integrity is committed to the security of the sensitive information it maintains and is taking this matter very seriously,” the hospital said. “To help prevent a similar incident from reoccurring, we are enhancing existing security on our systems related to the laboratory information we maintain.”

Facility belives that there is no such evidence which concludes that breached information is misused. It has began mailing letters to affected individuals. Dedicated call centre is established by the Integrity to answer queries regarding the incident.

Integrity Hospital adheres to the following values(as mentioned on its website):

Compassion: Provide the best care, treating patients and family members with sensitivity and empathy.

Integrity: Adhere to the highest standards of professionalism, ethics and personal responsibility, worthy of the trust our patients place in us.

Respect: Treat everyone in our diverse community, including patients, their families and colleagues, with dignity.

Excellence: Deliver the best outcomes and highest quality services through the dedicated effort of every team member.

 ___________________________________________________________________________________________

Alertsec helps you comply with HIPAA, PCI and SOX requirements.

Data breach at CalOptima

October 20th, 2016

CalOptima based in the California recently suffered data breach. It has reported the second breach in a month. According to the reports, PHI data breach has affected 56,000 individuals.

Incident involves former CalOptima employee who downloaded data to an unencrypted USB flash drive. Affected information includes patient names, other demographic information, and other health plan-related information. Also, Social Security numbers, and the Social Security numbers of children were included for few cases.

Different notification letters were posted to the California Attorney General’s Office based on whether Social Security numbers were included or not.

“While we are still investigating this matter, CalOptima felt it was important to notify you promptly of this incident,” explained one of the notification letters. “We regret that this occurred and want to assure you that we are changing our procedures and practices to minimize the risk of it happening again.”

CalOptima spokeswoman Bridget Kelly mentioned that the investigation is going on. She also added that there is no reason to believe that the information was misused.

“We have implemented several additional safeguards to better protect members against this type of incident in the future,” Kelly said.

As per the statement, facility has asked the affected individuals to follow guidelines.

 We recommend that you monitor your credit using the free service from IDT911. CalOptima is providing you with access to Triple Bureau Credit Monitoring services at no charge. These services provide you with alerts for twelve months from the date of enrollment when changes occur to any of one of your Experian, Equifax or TransUnion credit files. This notification is sent to you the same day that the change or update takes place with the bureau. These services will be provided by IDT911, a company that specializes in identity theft education and resolution.

____________________________________________________________________________________________

 Alertsec is used by organizations that have recognized the need to protect their information.

Vendor error leads to data breach

October 16th, 2016

Arkansas-based Baxter Regional Home Health Facility (Baxter Home Health) recently suffered data breach affecting patients and employees. The incident may have resulted in exposing some of their information. According to the Baxter Home Health, break-in took place at its Cotter facility overnight. Hard copy files which contained certain patients and employees information was present in the facility.

“We have no information to suggest that any records were viewed or removed from the facility, and none of our electronic records or computer systems were impacted,” Baxter Home Health said in its statement. “We are nonetheless providing notice to potentially-affected patients and employees out of an abundance of caution.”

Affected information includes names, addresses, phone numbers, dates of birth, Social Security numbers, government identification numbers, insurance identifiers and diagnostic information. Employee information may have included names, addresses, phone numbers, dates of birth, licensure information, and information about previous employers.

Facility contacted Law enforcement. It also mentioned that it has conducted an internal investigation and assessment of its own security practices. It is also offering 12 months of complimentary identity protection services. The services taken from identity monitoring services company helps to detect possible misuse of personal information and provide identity protection support focused on immediate identification and resolution of identity theft.

“We are currently working to increase security measures at the facility, and to that end, have changed locks and will be installing cameras and alarm systems to better secure this facility,” the facility said.

Baxter Home Health did not mention number of affected individuals. As per the OCR data breach reporting tool, total 2,124 individuals’ information was impacted by the incident.

As per the statement mentioned on the website, affected individuals are asked to do following:

We want to make potentially affected individuals aware of steps they can take to guard against fraud or identify theft. We recommend that individuals carefully check their credit reports for accounts they did not open or for inquiries from creditors they did not initiate, and to call the credit agency immediately if they see something they do not understand. Any suspicious activity on a credit report should be reported to the local police or sheriff’s office. Individuals should file a police report for identity theft and get a copy of it, since it may be necessary to give copies of the police report to creditors to clear up fraudulent records.

____________________________________________________________________________________________

Alertsec helps you comply with HIPAA, PCI and SOX requirements. The implemented encryption is powered by CheckPoint and has the highest security certifications: FIPS 140-2, Common Criteria EAL4 and BITS.

Sensitive information on internet affects 300k

October 9th, 2016

Central Ohio Urology Group (COUG) recently suffered data breach. The incident may have exposed the information of patients, employees, and individuals who got the services from the facility.

As per the statement, “We want to make affected individuals aware of steps they can take to guard against fraud or identify theft. Individuals can carefully check their credit reports for accounts they did not open or for inquiries from creditors they did not initiate, and should call the credit agency immediately if they see something they do not understand. Any suspicious activity on a credit report should be reported to the local police or sheriff’s office. When contacting law enforcement, individuals should file a police report for identity theft and get a copy of it, since it may be necessary to give copies of the police report to creditors to clear up fraudulent records.”

Affected information included names, addresses, telephone number(s), emails, dates of birth, Social Security numbers, driver’s license/state identification numbers, patient identification numbers, medical and health plan information, account information, diagnoses or treatment information, health insurance information and identifiers, and employment-related information.

According to the reports, an unauthorized individual made the files and documents live on the internet. Online drive was accessible on August 2, 2016. As per the OCR data breach reporting tool, data of 300,000 individuals was breached.

COUG removed the information from the drive within hours and local law enforcement were contacted. Facility also hired a forensics firm to investigate the incident.

“We carefully reviewed the posted files and documents to determine what types of information had been put online and which individuals may have been affected,” the statement reads. “Additionally, we installed network monitoring software, implemented a new firewall, added access restrictions and began updating system protections to help prevent this type of incident from recurring in the future.”

One year of complimentary identity protection services to individuals is provided to the potentially affected individuals.

____________________________________________________________________________________________

Alertsec is used by organizations that have recognized the need to protect their information.

HHS funding for cybersecurity efforts

October 5th, 2016

Health and Human Services (HHS) was awarded a total of $350,000 in corporate agreements to improve further information sharing in the industry. It will also improve to tackle cybersecurity threats in both private and public health sector.  cyber-security

It is found out that many smaller healthcare organizations do not have the same facilities and methods to prevent or respond to cybersecurity attacks. HHS streamlined cyber threat information sharing will improve the situation. The process will help facilities send cyber threat data to a single entity. Stake holders affected by the attack are then informed.

“The agreements also will help build the capacity of NH-ISAC to receive cyber threat information from member healthcare entities,” HHS wrote. “Information about any system breaches and ransomware attacks will be relayed through a more robust cyber information sharing environment, as will information about steps healthcare entities should take to protect their health information technology systems.”

The National Health Information Sharing and Analysis Center (NH-ISAC) of Ormond Beach, Florida reported that they received corporate agreement for $250,000 from the National Coordinator for Health Information Technology (ONC).

Funding of $100,000 from HHS’ Office of the Assistant Secretary for Preparedness and Response (ASPR) was given to NH-ISAC.This corporate agreement will help to build the infrastructure necessary to eliminate cyber threat.

National Coordinator for Healthcare Information Technology Dr. Vindell Washington said in a statement, “Electronic health information security is essential to the evolving healthcare ecosystem. The HHS funding will assist organizations of all sizes share pertinent information to the latest healthcare cybersecurity issues.”

“Creating a more robust exchange about cybersecurity threats will help the industry prevent, detect and respond to these threats and better protect patients’ privacy and personally identifiable information.” HHS’ Assistant Secretary for Preparedness and Response Dr. Nicole Lurie said.

____________________________________________________________________________________________

Alertsec is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.