Archive for the ‘phishing’ category

AK healthcare data breach

July 18th, 2016

Hacking incident at Bizmatics has led to many healthcare data breaches. AK healthcare organization has  reported another data breach due to Bizmatics EHR breach. Medical record information exposed included names, addresses, dates of birth, insurance information, Social Security numbers, and clinical documentation.

Bizmatics has alerted the healthcare organization about the hacking incident and possible data breach. Arkansas Spine and Pain mentioned that some of its patient files were viewed unauthorizedly.

Pain mentioned that the intruders accessed vendor’s system by installing malware. Bizmatics could not confirm if any of the healthcare organization’s EHR files were accessed by the hackers. Facility has notified all potentially affected individuals.

AK healthcare added that Bizmatics was “taking steps to further strengthen its defenses against cyberattacks, including hardening its firewall and network configurations.”

“We have also been assured by Bizmatics that they are committed to ensuring its systems are as secure as they can be in our current environment,” the statement explained.

Earlier Bizmatics has notified many other healthcare providers of potential EHR breaches after hackers accessed its servers containing medical records. One such example include Florida-based Southeast Eye Institute, PA. It has contacted over 87,000 patients of a possible healthcare data breach. Integrated Health Solutions in Pennsylvania also suffered data breach.

According to the website:

Arkansas Spine and Pain (ASAP) is Central Arkansas’ leading program for the management, treatment and rehabilitation for spine and pain relief and sports-related injuries.At Arkansas Spine and Pain we consider the whole person and their family when treating the pain. Pain Clinic staff work with other health care professionals, physical therapists, family physicians and services that might be needed such as social workers, hospice, home care agencies, behavioral health specialists to assist with modification of life styles and to encourage retaining and regaining maximum quality of life.

___________________________________________________________________________________________

Alertsec is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Phishing Scam and Data Breach

April 27th, 2016

Wyoming Medical Center recently suffered data breach when it was hit by phishing scam. According to the reports, 3,184 individuals received the notification letter by the medical center which mentioned that their PHI may have been accessed by an unauthorized user.

Facility explained the phishing email as,

“Phishing emails are email messages appearing to come from legitimate sources, such as a bank, a trusted friend or colleague, or trusted businesses, etc.  Phishing is an attempt to acquire sensitive information such as usernames, passwords, credit card information, email addresses, or Social Security Numbers.  Many times, it is difficult to identify phishing emails. “

Earlier in this February, the medical center found out that two email accounts were accessed by an outside entity.  Phishing email was sent to one of the employee and after opening it other employees also received emails. This unauthorized access lasted for around fifteen minutes.

Affected information included data related to hospital purchasing, wound care, and patients who were on isolation precaution. Also, PHI information was exposed which included names, medical record numbers, dates of hospital services, account numbers, dates of birth, and some medical information. Medical center mentioned that  EHR systems were not compromised.

Wyoming Medical Center has also reviewed its security policies. Facility also mentioned that there is limited scope of identity risk, “No, the information accessible by the unauthorized user was limited and did not include the proper information to allow for identity theft.  If you are concerned about potential identity theft, you may contact one of the credit reporting agencies that will place fraud protection on your credit report.  All you have to do is contact one of the three credit reporting agencies and ask them to put a fraud alert on your credit file, and they should automatically inform the other two credit agencies. “

Medical Center facility also mentioned that they take privacy very seriously by educating employees on privacy. It also has firewalls and necessary safeguards to avoid such incidents. It also performs routine audit to fine loopholes in the system. Also, information security firms are given contracts to monitor and audits systems routinely.

————————————————————————————————————————————————————-

Alertsec is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.