Archive for the ‘laptop theft’ category

Alliance Health affected by Data Breach

February 18th, 2016

Alliance Health found that one of its customer databases had been left accessible via the internet. According to the reports, the incident didn’t affect all Alliance Health customers. The database contained some customer information for those who submitted their data online before July 2013.

Affected information includes customer names, addresses, telephone numbers, email addresses, medications, and some clinical information. No Social Security numbers, billing or financial information was included on the data base.

Alliance Health removed the database from public view after the incident came to notice. Data breach letters are sent to affected individuals.Alliance Health believes that there is no indication that the information stored on the healthcare database has been misused.

According to the reports:

We apologize for this and want our customers to know that we take the protection of customers’ personal data very seriously. We have enhanced our security measures and performed an extensive audit of all of our databases.

Below may cause Internet Database threat

  • Improper data retention on databases – Example includes hackers accessing old data even when customers are not using the service
  • Sensitive data in testing environment of database
  • Improper deletion of database
  • Database login set to unlimited credentials
  • Admin access to too many people
  • Unprotected password
  • No or faulty firewall protection
  • Database are not monitored by encryption softwares
  • Untested database for live portal

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

————————————————————————————————————————————————————-

Alertsec is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization

Mobile Authentication and System

February 16th, 2016

Biometrics and multi-factor screen authentication are two ways to access sensitive enterprise systems via mobile devices. Security plays a larger role in the mobile devices used in our daily lives. Todays authentication is evolving tech with more and more security layers being added.

Biometric Authentication

Biometric authentication is a system that relies on the unique biological characteristics which includes retina, voice, fingerprint, signature of individuals to verify identity for secure access to mobile systems.

Advantages:

  • With biometrics for authentication, user never has problem of forgotten password.
  • It is easy to use
  • It is reliable

Disadvantages:

  • It includes high level of dependencies in your organization
  • It is expensive and inconvenient, as initial provisioning of users requires a tamper-proof process to link identity and biometric data
  • Employees may no longer be able to login from devices other than their company-issued devices

Multi-factor Authentication

Adaptive multi-factor authentication (MFA) in the mobile device uses a systems like user name, password.

Advantage:

  • It limits the hacker’s possibilities to compromise the system
  • Employees can always carry their device with them

Disadvantages:

  • It has painful enrollment process

It has still some level of dependency, with users relying on a modem or Web dispatch service to function and send codes.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

 

Apps for Iphone Security

February 14th, 2016

Apple blocks full anti-virus apps from its App Store. According to the company, “Every iOS device combines software, hardware and services designed to work together for maximum security and a transparent user experience”. But still there are Apps which can improve security.

Iphone

Find My iPhone (free) within iCloud is crucial to ensuring the security of your iOS device. You can activate it on your device at Settings -> iCloud -> Find My iPhone.

McAfee Mobile Security

McAfee Mobile Security (free) let users to back up and restore contacts, locate a lost or stolen iOS device on a map, wipe contacts remotely on a lost or stolen device and trigger a loud alarm on a lost or stolen device.

iDiscrete

iDiscrete (Paid) is a digital safe which enables iPhone users to secure a wide variety of file types so that an unauthorized user sees fake “loading” screen.

Spam Arrest

Spam Arrest (Paid) requires everyone who sends you an email to respond to a query to confirm their identity.

SplashID Safe

SplashID Safe (free) enables secure storage of online passwords, credit card data, account numbers, registration codes etc.

Private Internet Access

Private Internet Access (free) provides an encrypted VPN service to protect user privacy and security at Wi-Fi hotspots.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

————————————————————————————————————————————————————-

Alertsec is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec’s Check Point Full Disk Encryption.

Stolen Laptop and Data Breach

February 12th, 2016

Around 30,000 individuals were affected due to recent data breach in auditing company Seim Johnson. According to the reports, Nebraska-based Community Hospital might be one of the affected facilities. A stolen laptop may have contained patients’ personal information.

Community Hospital receives auditing services from Seim Johnson. A Seim Johnson employee laptop was stolen in Nashville, Tennessee. Laptop was not encrypted.

Affected information includes patient names, a personal identifier such as a patient account number, and medical record number or visit number. Social Security numbers may also have been on the laptop for a few cases. However, credit card information was not included.

“Any patients who were potentially impacted by this situation have received letters from Seim Johnson notifying them of the event,” Community Hospital Director of Health Information Management and Privacy Officer Rachel Berry told the news source. “”We are not aware of any activity that would make us believe the information has actually been accessed or viewed on the stolen laptop computer.”

According to the McCook Gazette Report –

Community Hospital is taking added precautions to verify an individual’s identity before disclosing additional personal, medical, or financial information.

Although Seim Johnson took steps to encrypt the information on the laptop computer, Seim Johnson cannot confirm the encryption software was functioning correctly. Out of an abundance of caution, identity protection services are being offered at no charge to the patients through AllClear ID.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

————————————————————————————————————————————————————-

Alertsec is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec’s Check Point Full Disk Encryption.

Unauthorized PII access and Data Breach

February 10th, 2016

Florida-based Jackson Health System fired an employee after it was found that she may have stolen confidential patient information.

Former hospital unit secretary Evelina Reid may have stolen confidential patient information including names, dates of birth, Social Security numbers, and home addresses. The incident happened over the last five years. Local law enforcement is investigating the alleged incident.

“Jackson Health System is committed to patient confidentiality,” the statement reads. “The safety and security of our patients is top priority. In order to protect our patients’ rights and private information, we enforce strict rules for those who handle patient information.”

The hospital added that currently “in the process of acquiring and implementing a more robust security system to monitor access to patient records.” Employees are also regularly educated on privacy rules and regulations, according to Jackson Health.

According to the reports, approximately 24,000 patient records may have been inappropriately accessed.

As per the statement:

Any allegations about a breach in security and patient privacy are taken extremely seriously. Jackson Health System continually educates all employees on privacy rules and regulations and has zero tolerance for violations.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

————————————————————————————————————————————————————-

Alertsec is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Third Party Security Risks

February 8th, 2016

According to the PWC’s 2015 U.S. State of Cybercrime Survey –

  • Sixty two percent of companies evaluate the security risks of third-party vendors
  • Fifty Seven percent evaluate security risks for contractors
  • Forty two percent consider supplier risks
  • Twenty three percent don’t evaluate third-party security at all

“I’ve seen a change happen where in the beginning, the vendors would say, ‘No, we’re secure, trust us. We don’t have to show you our security process, we don’t have to show you the results of testing,’ to today we’re seeing vendors having to provide assurances to their customers about their security programs,” Veracode co-founder and CTO Chris Wysopal said

Steps to consider:

Audit your company

As per Joe Schorr, director of advanced security solutions at Bomgar, the first step should be to focus on yourself.

“A lot of the third-party access seems to be kind of ‘fire and forget.’ ‘We decided to outsource this function, so let’s nail up the VPN, get these guys in, get them working’ — and then people tend to walk away from it,” Schorr said.

“Go back, do a good internal audit of who’s accessing what at the very least, and then get a little bit deeper: why are they accessing that, who gave them that, who’s the internal sponsor for this activity?” Schorr said. “Start peeling that onion a little bit.”

Audit third party vendors

Any vendor should be capable of providing you with that kind of information, Wysopal said. “If they say, ‘No, we don’t do that,’ or ‘We don’t share results on our internal security,’ they probably do, and they’re just trying to make you go away,” he said. “One of the things we’ve learned is that if you push hard enough, they say, ‘Yeah, you’re right. We have had a third party audit, and we can show you the results.'”

Regular Audit

Too many companies, Schorr said, examine these issues, both internally and externally, once in detail — but fail to follow up on a regular basis.

“Even when they do it right, they tend to leave those activities in the dust and just hope they’re good for another 11 months and three weeks until they launch that audit again,” he said. “The most effective thing I’ve seen is to do it quarterly.”

Use of Technologies

“I call it the three Ps: Property, something that’s Profitable or something that’s Personal,” he said. “When you need to protect that, you should probably be talking about encryption. I’m not a fan of encrypting everything on network — I think that’s crazy — but the stuff that keeps you awake at night that you’re trying to protect, that’s the stuff for which you should be looking at some kind of an encryption scheme.”

Get It in Writing

Contracts do not need to be complex, he said. “It can be something as simple as ‘Here’s what your system should look like to connect to us, you’re going to have to go through this special connection we’ve set up, you’re going to be recorded while you’re doing all of that, and here’s our recourse if something bad happens and we find out it came through you,'” Schorr said. “That may be just enough to get people to take the extra couple of steps to do some basic security stuff on their end.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

————————————————————————————————————————————————————-

Alertsec is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Security Survey

February 6th, 2016

As per the recent survey of 207 U.S. security professionals –

  • Thirty Four percent of respondents expressed concern over not having enough budget for the right tools to defend against advanced malware
  • Thirty Seven percent of security analysts don’t have enough highly-skilled security staff to defend their networks from advanced malware
  • Twenty percent of respondents said their defenses against hackers have improved over the past year
  • Sixty two percent of respondents said they could “personally guarantee” their company’s customers that their data will be safe in 2016
  • Twenty-six percent of respondents have been asked to remove malware from a computer or device used by a member of their senior leadership team after it was used to visit an infected porn site
  • Fifty nine percent have been asked to remove malware after the user clicked on a malicious link in a phishing email
  • Twenty nine percent have been asked to remove malware after the computer or device was used by a family member of the user
  • Thirty three percent of have been asked to remove malware after an infected USB drive or smartphone was attached to the user’s computer
  • Fifty six percent believe that the most difficult technical challenges they face in defending their networks are complexity of malware
  • Twenty four percent believe that their is inability to correlate data or threat intelligence to specific attacks

The survey was conducted by Opinion Matters on behalf of ThreatTrack Security.

“With high-profile data breaches emerging one after the other, growing security accountability within enterprises and the exponential growth in cybersecurity investments, the last two years have been transformational for the security industry,” ThreatTrack president John Lyons said in a statement. “But despite access to more tools, security analysts — the most critical resource within an enterprise’s cyber defense — remain ill-equipped, underfunded and understaffed in their daily battle against advanced malware.”

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

————————————————————————————————————————————————————-

Alertsec is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Patient Privacy Violation

February 4th, 2016
Patient Privacy Violation

Patient Privacy Violation

According to the reports, a former Wayne Memorial nurse’s aide reportedly accessed 390 individuals’ records. The hospital believe that the data was not used maliciously or inappropriately.

Affected information includes Social Security numbers, diagnoses and insurance information. Patients who may have had their Social Security numbers accessed will be offered a free one-year membership in a credit monitoring service, according to the hospital.

CEO David Hoff mentioned that the employee was terminated, and that the incident had been reported to the police.

“This incident has prompted us to further review all levels of employee access to patient medical records, to enhance our HIPAA training for all employees and to research software programs that might help us better detect unauthorized access,” Hoff explained.

Hoff added that Wayne Memorial “is considering expanding restrictions for particular groups of employees.”

“Wayne Memorial Hospital was one of the first in the region to implement electronic medical records, which help reduce the potential for human error and often accelerate diagnosis and treatment,”said Hoff. “We have been ahead of the technology curve, and I can assure you that we will do all that we can to make sure something like this does not happen again.”

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

————————————————————————————————————————————————————-

Alertsec is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec’s Check Point Full Disk Encryption.

 

Medical Fraud Charges Against Employee

February 2nd, 2016

The Louisiana Attorney General’s office mentioned that an individual who worked at a doctor’s office used another individual’s information to get into LHCC’s provider website. According to the reports, an individual was arrested on Medicaid fraud charges. The  stolen information is related to Louisiana Healthcare Connections (LHCC).

Culprit downloaded a list of LHCC members and gave it to another provider who should not have received it. Affected information includes names, Medicaid ID numbers, dates of birth, Medicaid effective dates, phone numbers, addresses, and in some cases, information on how current members’ are with provider visits, the number of emergency room visits, and current medical conditions. Credit card information, financial information and Social Security numbers were not included in the stolen data.

According to the statement, 13,000 Medicaid recipients enrolled in LHCC in the Acadiana region were affected. “We appreciate the efforts of the Attorney General and local law enforcement to bring those responsible to justice,” LHCC said. “We regret any concern or inconvenience this incident may have caused and are dedicated to protecting our members’ health information. We are also reviewing existing information security protocols and taking steps to prevent this type of event from happening in the future.”

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

————————————————————————————————————————————————————-

Alertsec is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec’s Check Point Full Disk Encryption.

Credential Misuse and Data Breach

January 24th, 2016

Brigham and Womens Faulkner Hospitals (Brigham) experienced data breach when an unauthorized user obtained an employees network credentials.

According to the reports, the credentials were used to access an employees email account.

Affected information includes full names, dates of birth, medical record numbers, provider name, dates of service, and some clinical information, such as diagnoses and treatments received. However, health insurance information, health insurance numbers, or other financial or account information were not included.

The incident caused data breach to approximately 1,000 individuals as per OCR data breach reporting tool. Brighams patients and patient electronic medical records system were not affected. Only discrete information contained in the single compromised email account was potentially affected.

As per the statement:

We are committed to the security of the sensitive information we maintain and are taking this matter very seriously,Brigham explained in its notification letter. To help prevent a similar incident from reoccurring, we are taking steps to enhance our existing technical safeguards regarding network credentials, and we are re-educating workforce members.

Although to date, we have no evidence that any patient information contained in the emails has been misused, as a precaution we began mailing letters to affected individuals on January 11, 2016, and we have established a dedicated call center to answer any questions they may have. 

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

————————————————————————————————————————————————————-

Alertsec is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.