Log in

Archive for the ‘Lawsuits and settlements’ category

Sutter Health breaches Data Protection Act exposing millions of Patient Accounts

November 28th, 2011

SAN FRANCISCO, CA - OCTOBER 27: Plaintiffs in...

Class action suit filed against Sutter Medical

Time and again we end up reading about patient data breaches. Why is patient data so easy to breach and so vulnerable? Is it that the thieves are too intelligent or the data protection practices need a overhaul?

The following story of Sutter Health is making headlines since last few days. And there is a good reason for it. Harris & Ruble, a class-action law firm based in Los Angeles filed a class-action lawsuit against Sutter Medical Foundation and Sutter Physician Services, alleging the medical provider did not protect the medical information belonging to more than 4 million patients affected. Apparently a computer that was stolen in mid-October contained sensitive information of these patients. The computer contained descriptions of diagnoses, names and addresses.

According to Sutter officials this is the largest data breach in the history of Sutter Health as it has exposed millions of patient records.

When and how was the computer stolen?

On October 17, 2011 a computer with unencrypted patient data was allegedly stolen from the administrative offices of the Sutter Medical Foundation. Sutter Medical should have immediately informed its patients but unfortunately it did not and they came to know about it via the media. Around 3.3 million patients with providers supported by Sutter Physician Services and 943,000 Sutter Medical Foundation patients were affected due to this breach. The stolen data included names, addresses, email addresses, dates of birth, telephone numbers, health insurance plans, and in some cases, descriptions of medical diagnoses or procedures.

Attorney Alan Harris of Harris & Ruble said “Securing equipment and encrypting data were not a priority for Sutter and now patients will have to worry about what medical or insurance information is out there for others to view. That Pat Fry, Sutter Health President and CEO, has acknowledged his responsibility to work harder to protect such information in the future, does not excuse the failure to safeguard the confidential information that has already been disclosed.”

Health care organizations have reported 364 incidents involving the loss or theft of information containing names and addresses to Social Security numbers and medical diagnoses on nearly 18 million patients in the past few years.

Sutter’s response – Gleeson, Spokesperson for Sutter, said that Sutter took time to send notices to patients because they first wanted to find out what was on that computer.

Alertsec and data encryption go hand in hand

Information has become highly mobile. There are netbooks, laptops, iphones and blackberries. You leave any of these unattended and the next thing you know is that they are stolen!

To lose any of the above device means losing valuable information! Especially when this information includes not only your personal data but that of hundreds and thousands of people.

Encryption is the best security solution to data breaches and laptop thefts. Alertsec helps you keep your info secure.

No comments »

Posted in Computer security, Data Protection, Lawsuits and settlements, computer security software, data breach, data encryption, laptop theft

Tags: Alan Harris Class action data breach Los Angeles Medicine Pat Fry Patient Sacramento California Social Security number Sutter Sutter Health Sutter Medical Foundation Sutter Physician Services

Coppers Cove: Police trying to track down laptop thief

October 21st, 2011

A great opportunity to make $1,000 ! Help the police track down Raheem Amaud Townsend, 21, and you are in for a reward!

Laptop thief from Copperas Cove on the run

Why is Raheem Amaud Townsend wanted by the police?

He is wanted in connection with the theft of the computers from 913 Davie Lee Street. Charges on him: misdemeanor and felony warrants. There is a strong possibility that he may have moved to another state.

How can you help?

Copperas Cove Police are reaching out to the community for locating a criminal in connection with two separate theft cases. Raheem Amaud Townsend is a resident og Copperas Cove and is alleged to have done away with two laptop computers from 913 Davie Lee Street in Copperas Cove on September 20th, 2011

Coppers Cove Police dept has offered tips related to the above case

The police would like to inform you that tips can be made anonymously through the Copperas Cove Crime Stoppers tip number (254)547-1111 .

Copperas Cove Crime Stoppers request you to help in locating the offender. Any information related to this case is valuable. Do not hesitate to get in touch with Crime Stoppers. They need your call today. Crime Stoppers are ready to pay up to $1,000.00 in cash if your information leads to the suspect. We will keep your name in the wraps. . Call Crime Stoppers today at (254)547-1111 or post a tip on-line at www.tipsubmit.com

What detectives have to say about laptop thefts in general?

Many people are under the impression that because laptops have serial numbers they can be traced as stolen property. This is a false sense of security. In real life very few stolen laptops are returned or traced.

Alertsec can save your laptops

Save your company from countless problems related to laptop thefts and data security down the road. Imagine one of your laptops containing all of your company’s current pricing structure, sales leads, and customer orders, were lost and there was no backup data! Or worse: what if your competitor got his hands on your data?

The fact that we now buy more laptops than desktops shows that the information we all store is increasingly more vulnerable to be exposed. It is a much higher risk to lose a laptop than a desktop computer.

The only way to protect information stored on a PC or laptop is by using encryption. Alertsec Xpress offers full disk encryption and is therefore superior to other encryption methods when comparing security, performance, robustness and ease-of-use for both administrators and users.

The following preventive measures can be done to increase laptop security and reduce damage if your laptop is lost or stolen:

a. Always have a fresh back-up on a server or back-up device

b. Use Laptop encryption

No comments »

Posted in Identity and Information loss, Lawsuits and settlements, Uncategorized, identity theft, laptop encryption, laptop theft

Tags: Copperas Cove Copperas Cove Texas Crimestoppers Fort Hood Harker Heights Texas IPhone laptop Law Law Enforcement Manchester Nolanville Texas Police Theft United States YouTube

SEC wants companies to disclose their data breaches

October 15th, 2011

SEC orders companies to report data breaches

Corporate giants have been handling data breaches traditionally i.e. not revealing the breaches, not offering details. They always preferred keeping mum. It won’t be an exaggeration if we say that tens of billions of dollars worth of data is compromised every year from U.S. companies and very few of it gets reported !

But that is about to change. The Securities and Exchange Commission (SEC) has formally asked corporations to report data breaches and cyber crimes. The new guidelines issued by the SEC state that publicly traded companies must report cybertheft or attack and any risks associated with data.

These guidelines have been a result of Sen. John D. Rockefeller’s initiative. “This guidance changes everything. It will allow the market to evaluate companies in part based on their ability to keep their networks secure.”

“For years, cyber risks and incidents material to investors have gone unreported in spite of existing legal obligations to disclose them,” “Intellectual property worth billions of dollars has been stolen by cyber criminals, and investors have been kept completely in the dark.”

The current regulations do not specifically talk about cyberattacks. They only expect companies to report if there is risk to their material wealth. But now companies will be forced to talk about cyberattacks, thanks to these guidelines. The guidelines might, in addition to the above, ask the companies to disclose data breaches that took place in the past.

Cyber security is being beefed up through these regulations as cyber crime is on the rise. The recent major breaches including Sony’s and Citigroup Inc have resulted into this action.

Melissa Hathaway, an ex-White House cyber coordinator said in her statement “It’ll force executives to really understand what’s going on within their corporations,”. “I think it will create the demand curve for cybersecurity.”

Which cyber-incidents will be included in the guidelines?

Cyber incidents that could materially affect products, services, relationships with customers or suppliers, or competitive conditions will be a part of these new regulations.

Here is the exact wording in the guidance:

Registrants should address cybersecurity risks and cyber incidents in their MD&A [management discussion and analysis] if the costs or other consequences associated with one or more known incidents or the risk of potential incidents represent a material event, trend, or uncertainty that is reasonably likely to have a material effect on the registrant’s results of operations, liquidity, or financial condition or would cause reported financial information not to be necessarily indicative of future operating results or financial condition

Alertsec comes to the rescue

80% of data loss is due to lost or stolen equipment. 50% of network breaches take place by using passwords from lost or stolen equipment. Laptop encryption is the solution to laptop theft problem. Small and big companies are now realizing the importance of tracking software. Alertsec offers laptop encryption service to secure your data.

Organisations are now made aware about their data security and are implementing data encryption techniques. Alertsec uses encryption software to protect data from breaches and theft.

Alertsec Xpress is backed up by Check Point Full Disk Encryption and is used by over 4 million users worldwide, with single deployments exceeding 150,000 laptops and PCs. This is the most deployed software of its kind and is seen as today’s market leader.

No comments »

Posted in Computer security, Data Protection, Lawsuits and settlements, Security Flaw, computer security software, data breach, data encryption

Tags: business Citigroup Computer crime Computer security data breach International Monetary Fund John D. Rockefeller Melissa Hathaway Public company SEC Securities and Exchange Commission Sony U.S. Securities and Exchange Commission US Securities and Exchange Commission

Contractor to be blamed for Stanford Hospital’s data theft

October 9th, 2011

Stanford Hospitals blamed for data breach

Third parties have recently been in the news for data breaches. You give your data for security purpose to a third party contractor and Bam! The next thing you know is it is stolen!

The recent case detailed below talks about a breach that exposed the personal data of some 20,000 patients, thanks to the contractor’s negligence.

Stanford Hospital Clinics class action suit

20,000 patients’ personal information was made available on a public Web site for a year. That led to the class action suit against Stanford Hospitals.

Shana Springer, one of the patients whose information was compromised, filed the class-action lawsuit against Stanford Hospital & Clinics and Multi-Specialty Collection Services. Stanford Hospital & Clinics and Multi-Specialty Collection Services is an outside vendor that was allegedly responsible for the breach. The lawsuit asks for $1,000 per patient.

Here is what the hospital spokesperson had to say: The hospital intends to vigorously defend the lawsuit that has been filed as it acted appropriately and did not violate the law as claimed in the lawsuit,’”

Case details

A spreadsheet maintained by a third party billing contractor, Multi Specialties Collection Services (MSCS), was allegedly posted on Student of Fortune website that allows students solicit homework help for a fee.

The spreadsheet apparently included names, diagnosis codes, account numbers as well as admission and discharge dates of about 20,000 patients who visited the hospital’s Emergency Room in 2009.

According to Stanford Hospitals, this data was encrypted. But looks it MSCS decrypted the data and put it into a spreadsheet. A person who had probably no clue about what he was doing and posted it on the website further managed this spreadsheet. The identity of this individual has not been divulged by MSCS.

Statements released by the hospital:“This mishandling of private patient information was in complete contravention of the law and of the requirements of MSCS’s contract with SHC and is shockingly irresponsible,”

According to the MSCS contractor, Frank Corcino, he decrypted the details and put it into a spreadsheet. He later handed off the spreadsheet to a job applicant as parts of a skills test.

It appears that the applicant was unaware the spreadsheet data was private and posted it on the homework help site in Sept. 2010. The data remained on the site until August 22, 2011 and was later discovered by a patient.

What AlertSec has to say?

Alertsec is the frontrunner in offering hard disk encryption as a fully managed service. We provide information security in a cost-effective & easy way.

By using encryption software, you greatly enhance the laptop security, as there is no way that the information is compromised if lost or stolen. A theft would simply be reduced to an insurance matter and cost of the hardware plus time to rebuild the laptop. A small price to pay compared to what can happen if you lose confidential or senstive data. Our industry news provides a few examples of this.

Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software-licensing model.

1 comment »

Posted in Computer security, Data Protection, Lawsuits and settlements, Security Flaw, Uncategorized, computer security software, data breach, data encryption

Tags: alertsec data breach Emergency department Enter your zip code here MSCS Patient Stanford Hospital Stanford Hospital Clinics Student of Fortune Website

DigiNotar forced into bankruptcy after a hack attack

September 21st, 2011

DigiNotar winds up its operations. Hackers intercept google docs

Internet security company DigiNotar, whose servers were hacked into by an Iranian hacker in July, had filed for bankruptcy. A Dutch judge has granted the bankruptcy filing Tuesday.

About DigiNotar

DigiNotar is an Internet security solutions company offering services in the field of identity management, electronic signatures, reliable document exchange and electronic archiving. DigiNotar has gained popularity and trust in the field of Internet security over the years in The Netherlands.

The hacking incident at DigiNotar

The DigiNotar site was hacked into by ‘Comodohacker’, which exposed around 300,000 Iranians to GMail and Google Docs interception. False DigiNotar certificates known as SSLs, were issued to customers and used in an apparent attempt to snoop on Google users in Iran.

Using the login cookie the hacker logged in directly to the Gmail mailbox of the victims and read the stored emails. In addition he was able to log in all other services Google offers like stored location information from Latitude or documents in Google Docs.

The hacker also succeeded in creating a fraudulent certificate for *.google.com on 10 July.

How was the hack found out?

Google’s Chrome team landed on a DigiNotar-issued certificate for google.com that didn’t match its internal certificate list for google.com. According to Roel Schouwenberg, senior antivirus researcher for Kaspersky Lab, vendors add a similar feature to their software so they could automatically confirm the legitimacy of a certificate. “You need to disincentivize actors to hack CAs. In the current system, we need to live with the fact that CAs can be hacked,” he said

Voluntary bankruptcy

According to DigiNotar’s parent company Vasco Data Security, the firm has filed for voluntary bankruptcy. The company is winding up its affairs and is being supervised by one of its trustees.

Statement by T. Kendall Hunt, VASCO’s Chairman and CEO

“Although we are saddened by this action and the circumstances that necessitated it,”. “We would like to remind our customers and investors that the incident at DigiNotar has no impact on VASCO’s core authentication technology. The technological infrastructures of VASCO and DigiNotar remain completely separated, meaning that there is no risk for infection of VASCO’s strong authentication business. In addition, we plan to cooperate with the Trustee and the Judge to the fullest extent reasonably practicable to bring the affairs of DigiNotar to an appropriate conclusion for its employees and customers. We also plan to cooperate with the Dutch government in its investigation of the person or persons responsible for the attack on DigiNotar.”

Can digital certificate disasters be prevented?

The downfall of DigiNotar has sparked debate in the digital world about preventing digital certificate disasters in the future.

Hackers are going to continue their hacking games so there are no guarantees that such a digital disaster could be prevented altogether. What can be done is that vendors could store a whitelist of proper certificates for the top 10 or 20 targets of cyberespionage, such as Facebook, Gmail, Yahoo, and Tor, as well as any high-profile sites.

Alertsec comes to the rescue

80% of data loss is due to lost or stolen equipment. 50% of network breaches take place by using passwords from lost or stolen equipment. Laptop encryption is the solution to laptop theft problem. Small and big companies are now realizing the importance of tracking software. Alertsec offers laptop encryption service to secure your data.