Alliance Health found that one of its customer databases had been left accessible via the internet. According to the reports, the incident didn’t affect all Alliance Health customers. The database contained some customer information for those who submitted their data online before July 2013.
Affected information includes customer names, addresses, telephone numbers, email addresses, medications, and some clinical information. No Social Security numbers, billing or financial information was included on the data base.
Alliance Health removed the database from public view after the incident came to notice. Data breach letters are sent to affected individuals.Alliance Health believes that there is no indication that the information stored on the healthcare database has been misused.
According to the reports:
We apologize for this and want our customers to know that we take the protection of customers’ personal data very seriously. We have enhanced our security measures and performed an extensive audit of all of our databases.
Below may cause Internet Database threat
- Improper data retention on databases – Example includes hackers accessing old data even when customers are not using the service
- Sensitive data in testing environment of database
- Improper deletion of database
- Database login set to unlimited credentials
- Admin access to too many people
- Unprotected password
- No or faulty firewall protection
- Database are not monitored by encryption softwares
- Untested database for live portal
Get your personal as well as office laptops encrypted by Alertsec
Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.
Alertsec is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization