Archive for the ‘laptop encryption’ category

Ransomware attack and data breach

February 24th, 2016

Hollywood Presbyterian Medical Center (HPMC) was on the verge of data breach but paid $17,000 after a ransomware attack. According to the reports, the cyber attack encrypted its EHR files and demanded the sum of money in exchange for the encryption key.

HPMC believes that there is no sign of information misuse stored on the EHR. HPMC discovered the breach after staff members got issues accessing parts of the hospital network. After a thorough investigation, hospital believed that it had fallen victim to a malware attack that kept them from accessing patient medical files stored in their EHR.

Forty bitcoins, an equivalent of $17,000 was asked as a ransom amount. As per HPMC, It paid the $17,000 ransom because that was typically the quickest and easiest way to regain access to its EHR files.

Hospital gained full access to the files. It was completely cleansed of the malware and checked for adequate security standards.

According to the  CEO and president Allen Stefanek –

I am very proud of the dedication and hard work of our staff who have maintained the highest level of service, compassion and quality of care to our patients throughout this process,” Stefanek wrote. “I am also thankful for the efforts of the technical staff as the EMR systems were restored, and their continued efforts as other systems are brought back online.

Phil Lieberman, a cybersecurity expert mentioned that –

I have never heard of this kind of attack trying to shut down a hospital. This puts lives at risk, and it is sickening to see such an act,he said. Health management systems are beginning to tighten their security.

According to Parham Eftekhari, ICIT co-founder and senior fellow –

As we have seen in the recent attack on Hollywood Presbyterian, hackers are able to completely paralyze an organization until it pays a ransom which may or may not unlock their systems and data,he said earlier this week in an interview with HealthITSecurity.com. The hundreds of thousands or millions of dollars paid in ransom is a small price to pay for an organization when faced with the alternative of losing everything and threat actors know it.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

————————————————————————————————————————————————————-

Alertsec is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec’s Check Point Full Disk Encryption.

 

Phishing Scam and Data Breach

February 22nd, 2016

Saint Joseph’s Healthcare System in New Jersey suffered data breach when it was attacked by phishing scam. According to the statement, more than 5,000 employees at some of its facilities may have affected by identity theft.

According to St. Joseph’s Vice President of External Affairs Kenneth Morris Jr., facilities in Paterson, Wayne and Cedar Grove locations were affected. Patient data and medical information are safe, but employees’ names, social-security numbers and employee earnings for 2015 and 2016 were potentially accessed. However, dates of birth, home addresses, and banking information were not affected.

According to the Morris, there was no indication that the phishing scam was an internal crime. Attack came from external source. He added that the scam included a named company executive using an internal email.

“There was no intrusion or breach of our internal IT system,” he explained. “None of that data was compromised.”

HealthCare system mentioned that affected employees will be receiving free credit monitoring. Local and federal authorities were notified along with system’s insurance carrier.

“Our primary focus is really protecting our employees and their credit health,”he said. “In addition, we’re putting the proper protocols in place so that this doesn’t happen again.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

————————————————————————————————–

Alertsec is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Impersonation Scam leads to data breach

February 20th, 2016

Magnolia Health Corporation (MHC) has reportedly suffered a potential data breach. The incident may have likely affected all active MHC employees and its affiliated facilities.

According to a official statement by MHC, a third-party individual impersonated MHC’s CEO Kenny Moyle. Using email address of Moyle, the person reportedly obtained employment information for all of MHC’s active employees.

Individuals those employed at Twin Oaks Assisted Living, Inc., Twin Oaks Rehabilitation and Nursing Center, Inc., Porterville Convalescent, Inc., Kaweah Manor, Inc., and Merritt Manor, Inc suffered data breach.

Affected information includes employee number, name, address, city, state, zip code, sex, date of birth, Social Security number, hire date, seniority date, salary/hourly, salary/rate, department, job title, last data paid, and the name of the employee’s MHC facility.

Law enforcement were notified about theincident and data breach notification letters were sent to  potentially affected individuals,.

According to statement:

We are offering to provide, at no cost to you, identity theft prevention and mitigation services, with a one-year membership in Experian’s® ProtectMyID® Elite. This product helps detect possible misuse of your personal information and provides you with identity protection support focused on immediate identification and resolution of identity theft.

If you do find suspicious activity on your credit reports, call your local police or sheriff’s office and file a police report of identity theft. Get a copy of the police report. You may need to give copies of the police report to creditors to clear up your records. 

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

————————————————————————————————————————————————————-

Alertsec is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec’s Check Point Full Disk Encryption.

Alliance Health affected by Data Breach

February 18th, 2016

Alliance Health found that one of its customer databases had been left accessible via the internet. According to the reports, the incident didn’t affect all Alliance Health customers. The database contained some customer information for those who submitted their data online before July 2013.

Affected information includes customer names, addresses, telephone numbers, email addresses, medications, and some clinical information. No Social Security numbers, billing or financial information was included on the data base.

Alliance Health removed the database from public view after the incident came to notice. Data breach letters are sent to affected individuals.Alliance Health believes that there is no indication that the information stored on the healthcare database has been misused.

According to the reports:

We apologize for this and want our customers to know that we take the protection of customers’ personal data very seriously. We have enhanced our security measures and performed an extensive audit of all of our databases.

Below may cause Internet Database threat

  • Improper data retention on databases – Example includes hackers accessing old data even when customers are not using the service
  • Sensitive data in testing environment of database
  • Improper deletion of database
  • Database login set to unlimited credentials
  • Admin access to too many people
  • Unprotected password
  • No or faulty firewall protection
  • Database are not monitored by encryption softwares
  • Untested database for live portal

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

————————————————————————————————————————————————————-

Alertsec is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization

Mobile Authentication and System

February 16th, 2016

Biometrics and multi-factor screen authentication are two ways to access sensitive enterprise systems via mobile devices. Security plays a larger role in the mobile devices used in our daily lives. Todays authentication is evolving tech with more and more security layers being added.

Biometric Authentication

Biometric authentication is a system that relies on the unique biological characteristics which includes retina, voice, fingerprint, signature of individuals to verify identity for secure access to mobile systems.

Advantages:

  • With biometrics for authentication, user never has problem of forgotten password.
  • It is easy to use
  • It is reliable

Disadvantages:

  • It includes high level of dependencies in your organization
  • It is expensive and inconvenient, as initial provisioning of users requires a tamper-proof process to link identity and biometric data
  • Employees may no longer be able to login from devices other than their company-issued devices

Multi-factor Authentication

Adaptive multi-factor authentication (MFA) in the mobile device uses a systems like user name, password.

Advantage:

  • It limits the hacker’s possibilities to compromise the system
  • Employees can always carry their device with them

Disadvantages:

  • It has painful enrollment process

It has still some level of dependency, with users relying on a modem or Web dispatch service to function and send codes.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

 

Apps for Iphone Security

February 14th, 2016

Apple blocks full anti-virus apps from its App Store. According to the company, “Every iOS device combines software, hardware and services designed to work together for maximum security and a transparent user experience”. But still there are Apps which can improve security.

Iphone

Find My iPhone (free) within iCloud is crucial to ensuring the security of your iOS device. You can activate it on your device at Settings -> iCloud -> Find My iPhone.

McAfee Mobile Security

McAfee Mobile Security (free) let users to back up and restore contacts, locate a lost or stolen iOS device on a map, wipe contacts remotely on a lost or stolen device and trigger a loud alarm on a lost or stolen device.

iDiscrete

iDiscrete (Paid) is a digital safe which enables iPhone users to secure a wide variety of file types so that an unauthorized user sees fake “loading” screen.

Spam Arrest

Spam Arrest (Paid) requires everyone who sends you an email to respond to a query to confirm their identity.

SplashID Safe

SplashID Safe (free) enables secure storage of online passwords, credit card data, account numbers, registration codes etc.

Private Internet Access

Private Internet Access (free) provides an encrypted VPN service to protect user privacy and security at Wi-Fi hotspots.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

————————————————————————————————————————————————————-

Alertsec is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec’s Check Point Full Disk Encryption.

Stolen Laptop and Data Breach

February 12th, 2016

Around 30,000 individuals were affected due to recent data breach in auditing company Seim Johnson. According to the reports, Nebraska-based Community Hospital might be one of the affected facilities. A stolen laptop may have contained patients’ personal information.

Community Hospital receives auditing services from Seim Johnson. A Seim Johnson employee laptop was stolen in Nashville, Tennessee. Laptop was not encrypted.

Affected information includes patient names, a personal identifier such as a patient account number, and medical record number or visit number. Social Security numbers may also have been on the laptop for a few cases. However, credit card information was not included.

“Any patients who were potentially impacted by this situation have received letters from Seim Johnson notifying them of the event,” Community Hospital Director of Health Information Management and Privacy Officer Rachel Berry told the news source. “”We are not aware of any activity that would make us believe the information has actually been accessed or viewed on the stolen laptop computer.”

According to the McCook Gazette Report –

Community Hospital is taking added precautions to verify an individual’s identity before disclosing additional personal, medical, or financial information.

Although Seim Johnson took steps to encrypt the information on the laptop computer, Seim Johnson cannot confirm the encryption software was functioning correctly. Out of an abundance of caution, identity protection services are being offered at no charge to the patients through AllClear ID.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

————————————————————————————————————————————————————-

Alertsec is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec’s Check Point Full Disk Encryption.

Unauthorized PII access and Data Breach

February 10th, 2016

Florida-based Jackson Health System fired an employee after it was found that she may have stolen confidential patient information.

Former hospital unit secretary Evelina Reid may have stolen confidential patient information including names, dates of birth, Social Security numbers, and home addresses. The incident happened over the last five years. Local law enforcement is investigating the alleged incident.

“Jackson Health System is committed to patient confidentiality,” the statement reads. “The safety and security of our patients is top priority. In order to protect our patients’ rights and private information, we enforce strict rules for those who handle patient information.”

The hospital added that currently “in the process of acquiring and implementing a more robust security system to monitor access to patient records.” Employees are also regularly educated on privacy rules and regulations, according to Jackson Health.

According to the reports, approximately 24,000 patient records may have been inappropriately accessed.

As per the statement:

Any allegations about a breach in security and patient privacy are taken extremely seriously. Jackson Health System continually educates all employees on privacy rules and regulations and has zero tolerance for violations.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

————————————————————————————————————————————————————-

Alertsec is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Third Party Security Risks

February 8th, 2016

According to the PWC’s 2015 U.S. State of Cybercrime Survey –

  • Sixty two percent of companies evaluate the security risks of third-party vendors
  • Fifty Seven percent evaluate security risks for contractors
  • Forty two percent consider supplier risks
  • Twenty three percent don’t evaluate third-party security at all

“I’ve seen a change happen where in the beginning, the vendors would say, ‘No, we’re secure, trust us. We don’t have to show you our security process, we don’t have to show you the results of testing,’ to today we’re seeing vendors having to provide assurances to their customers about their security programs,” Veracode co-founder and CTO Chris Wysopal said

Steps to consider:

Audit your company

As per Joe Schorr, director of advanced security solutions at Bomgar, the first step should be to focus on yourself.

“A lot of the third-party access seems to be kind of ‘fire and forget.’ ‘We decided to outsource this function, so let’s nail up the VPN, get these guys in, get them working’ — and then people tend to walk away from it,” Schorr said.

“Go back, do a good internal audit of who’s accessing what at the very least, and then get a little bit deeper: why are they accessing that, who gave them that, who’s the internal sponsor for this activity?” Schorr said. “Start peeling that onion a little bit.”

Audit third party vendors

Any vendor should be capable of providing you with that kind of information, Wysopal said. “If they say, ‘No, we don’t do that,’ or ‘We don’t share results on our internal security,’ they probably do, and they’re just trying to make you go away,” he said. “One of the things we’ve learned is that if you push hard enough, they say, ‘Yeah, you’re right. We have had a third party audit, and we can show you the results.'”

Regular Audit

Too many companies, Schorr said, examine these issues, both internally and externally, once in detail — but fail to follow up on a regular basis.

“Even when they do it right, they tend to leave those activities in the dust and just hope they’re good for another 11 months and three weeks until they launch that audit again,” he said. “The most effective thing I’ve seen is to do it quarterly.”

Use of Technologies

“I call it the three Ps: Property, something that’s Profitable or something that’s Personal,” he said. “When you need to protect that, you should probably be talking about encryption. I’m not a fan of encrypting everything on network — I think that’s crazy — but the stuff that keeps you awake at night that you’re trying to protect, that’s the stuff for which you should be looking at some kind of an encryption scheme.”

Get It in Writing

Contracts do not need to be complex, he said. “It can be something as simple as ‘Here’s what your system should look like to connect to us, you’re going to have to go through this special connection we’ve set up, you’re going to be recorded while you’re doing all of that, and here’s our recourse if something bad happens and we find out it came through you,'” Schorr said. “That may be just enough to get people to take the extra couple of steps to do some basic security stuff on their end.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

————————————————————————————————————————————————————-

Alertsec is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Security Survey

February 6th, 2016

As per the recent survey of 207 U.S. security professionals –

  • Thirty Four percent of respondents expressed concern over not having enough budget for the right tools to defend against advanced malware
  • Thirty Seven percent of security analysts don’t have enough highly-skilled security staff to defend their networks from advanced malware
  • Twenty percent of respondents said their defenses against hackers have improved over the past year
  • Sixty two percent of respondents said they could “personally guarantee” their company’s customers that their data will be safe in 2016
  • Twenty-six percent of respondents have been asked to remove malware from a computer or device used by a member of their senior leadership team after it was used to visit an infected porn site
  • Fifty nine percent have been asked to remove malware after the user clicked on a malicious link in a phishing email
  • Twenty nine percent have been asked to remove malware after the computer or device was used by a family member of the user
  • Thirty three percent of have been asked to remove malware after an infected USB drive or smartphone was attached to the user’s computer
  • Fifty six percent believe that the most difficult technical challenges they face in defending their networks are complexity of malware
  • Twenty four percent believe that their is inability to correlate data or threat intelligence to specific attacks

The survey was conducted by Opinion Matters on behalf of ThreatTrack Security.

“With high-profile data breaches emerging one after the other, growing security accountability within enterprises and the exponential growth in cybersecurity investments, the last two years have been transformational for the security industry,” ThreatTrack president John Lyons said in a statement. “But despite access to more tools, security analysts — the most critical resource within an enterprise’s cyber defense — remain ill-equipped, underfunded and understaffed in their daily battle against advanced malware.”

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

————————————————————————————————————————————————————-

Alertsec is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.