Archive for the ‘Virus’ category

Data breach due to virus

January 10th, 2017

Brandywine Pediatrics, P.A in Delaware recently suffered data breach exposing PHI for many patients. Brandone came to know about the incident when it discovered a file server which was locked due to virus.

Facility immediately recovered the files from backup tapes. Also, it started the investigation and took help of a forensic computer expert. This incident has affected certain PHI which includes name, address, and health insurance and medical information.

Brandwine mentioned that there is exposure of health information but it has not found any evidence which suggests that it was misused. It also included in statement that there is no chance of compromise of patients’ Social Security numbers or payment card information.

Affected individuals are notified about the incident and had asked to take steps to protect them. Facility has improved the security of its systems. Also, policies and procedures are reviewed.

Brandwine mentioned that the privacy and protection of the patients is a top priority.  It also deeply regret any inconvenience or concern this incident may cause. The number of affected individuals are not mentioned in the statement.

Types of attack to gain database access

Physical theft or loss of the device

Rogue employee or other insiders misusing privileges to gain financial or personal gains

Attacks on website and application by finding weaknesses in coding

Phishing to gain passwords and usernames. Legitimate-looking email are sent to employees

Installing malicious software which misdirects users to fraudulent websites

‘Dedicated Denial of Service’ attacks

Ransomware attacks

Point-of-sale intrusions

Remote attacks

Payment card skimmers

Viruses

Worms

Trojan Horses

 Data breaches also occur due to human errors which includes below –

Sending sensitive information to the wrong person by email or fax by mistake

Making information publicly available on a web server or website by mistake

Incorrect disposing of data which also includes paper data

Losing electronic device which contains sensitive data

____________________________________________________________________________________________

Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers.

Computer Virus Causes Data Breach

April 7th, 2016

Mercy Iowa City, an acute care hospital and regional referral center, recently suffered data breach  due to computer virus. Mercy Lowa City did not mention the number of affected individuals but the OCR data breach portal mentioned that 15,625 individuals were affected by the incident.

Mercy Iowa City came to know about computer virus on January 29. It had potentially infected some of its systems three days prior. The hospital now has secured the computer systems to prevent the spread of the virus.

“That’s a small percentage compared with the total number of patients the hospital serves”, said Margaret Reese, interim director of marketing and community relations and president of the Mercy Hospital Foundation. She said she did not know the total number of patients, adding that “it would be a huge number when you consider all of the many services.”

Internal investigation is carried out by forensics firm. Capturing personal data was the main motive of the computer virus. Thus it is believed that data breach has occurred.

Reese said Mercy has been working with federal law enforcement on its investigation. The hospital’s release said current safeguards have been enhanced to protect sensitive data. Reese said she could not comment on what the enhancements were.

According to the reports, unauthorized access to patients records by outside entity has resulted into the incident. which did not affect all Mercy Hospital and Mercy Clinic patients.

According to the statement, “Mercy deeply regrets any inconvenience this may have caused our patients. To help prevent something like this from happening in the future, we have enhanced our existing technical safeguards to protect patient information.”

Affected information included names, dates of birth, addresses, treatments, diagnoses, medication lists, names of health insurers, and health insurance policy numbers. Social Security numbers may also have been accessed for some patients.

“To help prevent something like this from happening in the future, we have enhanced our existing technical safeguards to protect patient information,” stated the press release.

The hospital also created a call center dedicated to answering questions about the data security event. Mercy Iowa City mentioned that there is no evidence patient information misuse.

————————————————————————————————————————————————————-

Alertsec is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.