Archive for the ‘laptop theft’ category

Stolen laptop results in data breach

February 2nd, 2017

Children’s Hospital Los Angeles (CHLA) and Children’s Hospital Los Angeles Medical Group (CHLAMG) recently suffered data breach when one of its unencrypted laptop was stolen. The laptop contained personal health information of 3,600 patients.

According to the reports, laptop was taken away by thief from the locked vehicle of a CHLAMG physician at CHLA. Investigation conducted by the facility found that the laptop was encrypted to up-to-date institutional standards along with password-protection. But later review mentioned the possibility of unencrypted status of laptop.

Facility is notifying patients whose information was stored on the laptop. Affected information includes names, addresses, medical record numbers, and certain clinical information.

“Following the notification regarding the burglary, an investigation took place to determine whether patient health information existed on the laptop,” CHLA spokesman Lorenzo Benet said in a statement. “Based on the investigation, the laptop has not been used to access the internet. From that information, we believe that all data may have been erased from the device without any patient data being accessed.”

Also, a protocol is created to erase data from the laptop when it logs onto the internet next time. Notification letters sent by facility will instruct individuals to review health insurance documents for evidence of misuse or identify theft.

Facility also asked patients to review their Explanation of Benefits statements in case of any unusual behavior . Also, they are advised to notify the hospital immediately for any issues.

About Childrens Hospital Los Angeles

“Children’s Hospital Los Angeles has been named the best children’s hospital in California and among the top 10 in the nation for clinical excellence with its selection to the prestigious U.S. News & World Report Honor Roll. Children’s Hospital is home to The Saban Research Institute, one of the largest and most productive pediatric research facilities in the United States. Children’s Hospital is also one of America’s premier teaching hospitals through its affiliation with the Keck School of Medicine of the University of Southern California since 1932.”

___________________________________________________________________________________

Alertsec Endpoint Encrypt is certified according to Common Criteria AEL4 and FIPS 140-2.

Stolen laptop and data breach

September 14th, 2016

A U.S. HealthWorks employee’s laptop was stolen which resulted in data breach. It contained patient information which affected 1,400 US HealthWorks patients. As per the reports, the device was encrypted but the laptop’s password was also stolen. Hence thief can access the information on the device.

Facility mentioned that emails on the computer had information for a limited number of individuals.It do not include Financial or account information. But full names and possibly some limited medical information, including diagnoses and visit dates, and limited health insurance information may have been affected.

U.S. Healthcare also specialise in urgent healthcare. It mentioned that there convenient Urgent Care centers offers quality medical care, excellent customer service, and a knowledgeable staff to the  patients.

Facility has established a dedicated call center to answer patients queries related to data breach.

“To help prevent something like this from happening again, we are enhancing our existing procedures related to the security of laptops and user passwords, as well as providing additional information security training for all U.S. HealthWorks employees,” the statement  mentioned.

According to the OCR reports, 1,400 individuals may have had their information compromised.

“We sincerely regret any inconvenience or concern about this incident. We began mailing letters to affected individuals on September 2, 2016, and have established a dedicated call center to answer any questions they may have. If you believe you may be affected and have not received a letter by September 17, 2016.”

As mentioned on the website:

U.S. HealthWorks, a subsidiary of Dignity Health, was founded in 1995 and is the leading national provider of occupational medicine and urgent care services. With more than 200 locations in 21 states, and more than 4,000 employees, including approximately 800 medical providers, U.S. HealthWorks serves more than 13,000 patients each day. U.S. HealthWorks Medical Group offers programs and services that can help prevent illnesses, maintain good health and provide early intervention and rehabilitation whenever injuries or health problems occur.

 ___________________________________________________________________________________________

Alertsec is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Stolen laptop and Data breach

May 4th, 2016

EqualizeRCM Systems, a billing and collection services vendor recently suffered healthcare incident when one of its
laptop was stolen. Laptop contained patients information which included names, addresses, phone numbers, dates of birth, insurance information, genders, healthcare provider information, billing and diagnosis codes, medical record numbers, internal reference numbers, dates and types of service, locations of services received, and other administrative data.

Affected facilities included-

  • Northstar Healthcare Surgery Center (Scottsdale, Houston, Dallas)Microsurgery Institute (Houston, Dallas)Hermann Drive Surgical HospitalVictory Medical Center Houston
  • Central Dallas Surgery Center
  • Southwest Freeway Surgery Center
  • Kirby Surgical Center
  • Plano Surgical Hospital

Stolen laptop belonged to one of its employees. EqualizeRCM Systems launched investigation after the incident. Financial information and Social Security numbers were not affected. Number of affected individuals were not specified by the facility. But the letter to the New Hampshire Department of Justice mentioned that two individuals from the state were affected.

Facility believes that the information is not misused. But it has offered affected individuals with complimentary identity theft monitoring and remediation services.Notification letters are also sent to affected individuals. EqualizeRCM Systems mentioned that it has developed and implemented additional security measures.

“The privacy and protection of patient information is a top priority for EqualizeRCM, and we deeply regret any inconvenience or concern this incident may cause,” explained the statement. “We are working closely with the affected facilities in our response to this event, and have taken steps to help prevent this type of incident from happening in the future including reviewing our policies and procedures, implementing additional safeguards to ensure information in our control is appropriately protected, and retraining employees on existing policies for the proper handling of sensitive information.”

“EqualizeRCM provides a variety of scalable services to healthcare entities across many segments including ambulatory surgery centers (ASC), durable medical equipment manufacturers (DME), Mental Health Facilities, physicians and providers, hospitals, and urgent care facilities.”

————————————————————————————————————————————————————-

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software

Stolen laptop and data breach

April 14th, 2016

Laptop theft can lead to data breach. OptumRx, the pharmacy care branch of a health services and technology company in Minnesota suffered data breach due to the theft incident. An unencrypted laptop was stolen from an employee’s vehicle in Indianapolis, Indiana as per the reports. OptumRx mentioned that laptop belonged to an unnamed vendor who provides home delivery services to patients.

Affected information included names, health plan names,addresses, prescription drug information, and prescribing provider information. For some individuals, dates of birth may have been exposed.

It also confirmed that Social Security numbers, credit cards, and other financial information was not involved.

Company did not specify the number of affected individuals. Also, Office of Civil Rights data breach portal didn’t mention the number of individuals affected by the security incident.

OptumRx has now contacted local authorities and launched an outside investigation. It has also mailed notification letters to potentially affected individuals.

“In addition, we have worked with the vendor to put immediate and additional protections in place to prevent the occurrence of similar incidents in the future,” explained OptumRx’s notification letter. “These measures include additional security requirements on laptops they use for OptumRx work, training and reinforcement of existing policies and practices, and further evaluation of additional safeguards.”

The company is also working with local law enforcement. Vendor is asked to put in place additional levels of protection for its laptops. One free year of identity theft protection services is also offered to individuals. It is supplying each with a one-year subscription to LifeLock.

LifeLock subscription includes following facilities to users:

  • Identity Threat Detection and Alerts:

With this service, LifeLock actively monitors an extensive online network for attempts to use your personal information. Whenever suspicious activity is detected, user will receive an alert via email or phone.

  • Wallet Protection

It also provides services for missing wallet. It has asked users to just call— anytime, anywhere—and LifeLock will help cancel or replace the contents to stop fraudulent activities. Coverage under this scheme includes credit and debit cards, Social Security cards, driver’s licenses, insurance cards, checkbooks and travelers checks.

  • Address & Verification

Impersonating can be done and Identity thieves can redirect your mail, containing financial information and providing a fraudulent new address. LifeLock monitors these such kinds of requests and notifies the user.

  • Black Market Surveillance

Identity thieves also get involved in illegal buy, sell and trade sensitive personal information on black market Internet sites. LifeLock now patrols over 10,000 criminal websites. Any suspicious activity is  notified to the user.

  • Pre-Approved Credit Card Offers

LifeLock works with bank to reduce emailing to affected individuals to avoid identity theft.

  • LifeLock Member Service 24/7/365

Sign in to your secure member portal at LifeLock.com is available all the time.

————————————————————————————————————————————————————-

Alertsec is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Oncology database and data breach

March 12th, 2016

21st Century Oncology database was inappropriately accessed by an unauthorized third party. According to the reports, Oncology immediately hired a leading forensics firm to support the investigation, assess its systems and bolster security. Affected information includes patient names, Social Security numbers, physicians’ names, diagnosis and treatment information, and insurance information. There is no indication that medical records were accessed.

According to the FBI, there may be a delay in data breach notification. There is no indication that information was potentially misused. Affected patients are offered one year credit monitoring services.

“We continue to work closely with the FBI on its investigation of the intrusion into our system” 21st Century stated. “In addition to security measures already in place, we have also taken additional steps to enhance internal security protocols to help prevent a similar incident in the future.”

The facility asked their patients to closely monitor their explanation of benefits that they receive from their health insurer to make sure that they have received all of the services listed.

“We deeply regret any concern this may cause our patients, and we want to emphasize that patient care will not be affected by this incident.”

————————————————————————————————————————————————————-

Alertsec is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Hackers and Sensitive Data

March 4th, 2016

In today’s hacking world, hackers can gain access to sensitive data with little efforts. “It’s a bit depressing,” said Chandra Rangan, vice president marketing, HPE Security Products at Hewlett Packard Enterprise, discussing some of the findings published in HPE’s Cyber Risk Report 2016.

“Attackers are lazy. They want maximum bang for the buck, so they will go for low-hanging fruit,” Rangan said, noting that the most exploited bug in 2015 was over five years old. It was also the top bug in 2014.

As per the new findings, the top 10 vulnerabilities leveraged by attackers in 2015 are more than a year old. Half of them are at least five years old.

According to Rangan, there is a shift in which applications, rather than servers or operating systems, are used as a primary attack vector.

Mobile Insecurity

As per the recent survey:

  • 95 percent of newly discovered malware samples are found on Microsoft Window
  • 42 percent of exploits targeting Microsoft Window
  • 18 percent of the total exploits targeting Android
  • 12 percent of exploits on Java
  • Microsoft Office 11 percent
  • Adobe attacked by 14 percent, evenly divided between Flash and Reader exploits
  • 75 percent of the mobile apps scanned by HPE had at least one vulnerability

Some software developers “seem to be making a tradeoff between speed and security,” Rangan said. “There is a whole new crop of app developers, and they are saying ‘how quickly can I get this app to market and how quickly can I monetize it?’ When you are in that mode, you are less likely to use the development processes and methodologies that include multiple security checks.”

“You do not need to make a tradeoff, and you do not need to use the old-school waterfall development model. There are plenty of technologies out there where you can build security into the very fabric of your apps.”

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

————————————————————————————————————————————————————-

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Cybersecurity Insights from SC Congress

March 2nd, 2016

Recent SC Congress emphasised on Cyber insurance and new approaches to security patches.

Experts discussed some of the current and emerging issues in cybersecurity.

Cyber Insurance

Most of the panel on cyber insurance believed that the legal wording of policies, exclusions and other factors tend to make it a pricey policy which may not provide the expected benefits in the event of a data breach.

“I’ve never been a fan of insurance; getting the right coverage is always an uphill fight,” said Winn Schwartau, CEO of The Security Awareness Company. “We’ve been at war, but acts of nation-states are excluded by insurance, as are acts of war and acts of God. Is ISIS a nation-state?”

Same Old Cybersecurity Threats

Even though there are new, deeper threats, many cybersecurity vulnerabilities have existed for years which also exists today.

According to Jeffery Ingalsbe, CISO of broker management firm Flexible Plan Investments, in many way, there is nothing new under the sun.

Security Patches

“The problem is that companies are continuing to patch the same way. They’ve had problems with organization and prioritization of patches. They need to understand how to patch and unpatch so as not to impact the users,” Rushing said.

High Cybersecurity Standards

When it comes to securing the network, companies need to score closer to 99.9999 percent in order to be considered safe.

Test Security Software

Don’t try to integrate during proof of concept, or there could be other network issues, Richard Lafosse, CISO for Cook County, Ill added. “Evaluate more than one vendor and remember that the contract terms are king.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

————————————————————————————————————————————————————-

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Ransomware attack and data breach

February 24th, 2016

Hollywood Presbyterian Medical Center (HPMC) was on the verge of data breach but paid $17,000 after a ransomware attack. According to the reports, the cyber attack encrypted its EHR files and demanded the sum of money in exchange for the encryption key.

HPMC believes that there is no sign of information misuse stored on the EHR. HPMC discovered the breach after staff members got issues accessing parts of the hospital network. After a thorough investigation, hospital believed that it had fallen victim to a malware attack that kept them from accessing patient medical files stored in their EHR.

Forty bitcoins, an equivalent of $17,000 was asked as a ransom amount. As per HPMC, It paid the $17,000 ransom because that was typically the quickest and easiest way to regain access to its EHR files.

Hospital gained full access to the files. It was completely cleansed of the malware and checked for adequate security standards.

According to the  CEO and president Allen Stefanek –

I am very proud of the dedication and hard work of our staff who have maintained the highest level of service, compassion and quality of care to our patients throughout this process,” Stefanek wrote. “I am also thankful for the efforts of the technical staff as the EMR systems were restored, and their continued efforts as other systems are brought back online.

Phil Lieberman, a cybersecurity expert mentioned that –

I have never heard of this kind of attack trying to shut down a hospital. This puts lives at risk, and it is sickening to see such an act,he said. Health management systems are beginning to tighten their security.

According to Parham Eftekhari, ICIT co-founder and senior fellow –

As we have seen in the recent attack on Hollywood Presbyterian, hackers are able to completely paralyze an organization until it pays a ransom which may or may not unlock their systems and data,he said earlier this week in an interview with HealthITSecurity.com. The hundreds of thousands or millions of dollars paid in ransom is a small price to pay for an organization when faced with the alternative of losing everything and threat actors know it.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

————————————————————————————————————————————————————-

Alertsec is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec’s Check Point Full Disk Encryption.

 

Phishing Scam and Data Breach

February 22nd, 2016

Saint Joseph’s Healthcare System in New Jersey suffered data breach when it was attacked by phishing scam. According to the statement, more than 5,000 employees at some of its facilities may have affected by identity theft.

According to St. Joseph’s Vice President of External Affairs Kenneth Morris Jr., facilities in Paterson, Wayne and Cedar Grove locations were affected. Patient data and medical information are safe, but employees’ names, social-security numbers and employee earnings for 2015 and 2016 were potentially accessed. However, dates of birth, home addresses, and banking information were not affected.

According to the Morris, there was no indication that the phishing scam was an internal crime. Attack came from external source. He added that the scam included a named company executive using an internal email.

“There was no intrusion or breach of our internal IT system,” he explained. “None of that data was compromised.”

HealthCare system mentioned that affected employees will be receiving free credit monitoring. Local and federal authorities were notified along with system’s insurance carrier.

“Our primary focus is really protecting our employees and their credit health,”he said. “In addition, we’re putting the proper protocols in place so that this doesn’t happen again.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

————————————————————————————————–

Alertsec is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Impersonation Scam leads to data breach

February 20th, 2016

Magnolia Health Corporation (MHC) has reportedly suffered a potential data breach. The incident may have likely affected all active MHC employees and its affiliated facilities.

According to a official statement by MHC, a third-party individual impersonated MHC’s CEO Kenny Moyle. Using email address of Moyle, the person reportedly obtained employment information for all of MHC’s active employees.

Individuals those employed at Twin Oaks Assisted Living, Inc., Twin Oaks Rehabilitation and Nursing Center, Inc., Porterville Convalescent, Inc., Kaweah Manor, Inc., and Merritt Manor, Inc suffered data breach.

Affected information includes employee number, name, address, city, state, zip code, sex, date of birth, Social Security number, hire date, seniority date, salary/hourly, salary/rate, department, job title, last data paid, and the name of the employee’s MHC facility.

Law enforcement were notified about theincident and data breach notification letters were sent to  potentially affected individuals,.

According to statement:

We are offering to provide, at no cost to you, identity theft prevention and mitigation services, with a one-year membership in Experian’s® ProtectMyID® Elite. This product helps detect possible misuse of your personal information and provides you with identity protection support focused on immediate identification and resolution of identity theft.

If you do find suspicious activity on your credit reports, call your local police or sheriff’s office and file a police report of identity theft. Get a copy of the police report. You may need to give copies of the police report to creditors to clear up your records. 

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

————————————————————————————————————————————————————-

Alertsec is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec’s Check Point Full Disk Encryption.