AlertSec Xpress

Duke University Health System breached due to stolen thumb drive

September 4th, 2014
Duke Chapel, a frequent icon for the universit...

Duke University Health System breached due to stolen thumb drive

Duke University Health System suffered data breach when thumb drive was stolen from an administrative building by an unauthorized person. According to the reports, an unknown number of patients treated in the Duke Children’s Health Center and Lenox Baker Children’s were affected by the breach.

After the incident, Duke conducted investigation which revealed that thumb drive held spreadsheets with patient names, medical record numbers, physicians’ names, and some Duke University Hospital locations visited. No Social Security numbers, clinical data or financial data were involved.

According to the Duke University Health System website statement:

We have no reason to believe that the information on the thumb drive has been used in any way.  However, out of an abundance of caution, we began notifying patients on August 29, 2014 and have established a dedicated call center to answer any questions that potentially affected patients may have.

We deeply regret any inconvenience this may cause our patients.  To help prevent something like this from happening in the future, we are enhancing our encryption processes and re-enforcing staff education on the use of encryption and the importance of handling patient information secure.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Possible Credit Card breach in Dairy Queen

August 30th, 2014
2007–present, notice that the curved lines are...

Possible Credit Card breach in Dairy Queen

U.S. Secret Service had earlier alerted Dairy Queen for a possible data breach related to the Backoff point-of-sale malware. According to the reports, Dairy Queen acknowledges that “customer data at a limited number of stores may be at risk.”

“We are gathering information from a number of sources, including law enforcement, credit card companies and processors,” the company told as they don’t know the affected number of locations.

At one credit union in the Midwest, more than 50 customers suffered with credit card fraud soon after using their credit and debit cards at Dairy Queen locations.

Dairy Queen spokesman Dean Peters  that the company has no policy in place requiring that franchisees notify Dairy Queen in the case of a security breach. “At this time, there is no such policy,” Peters said. “We would assist them if [any franchisees] reached out to us about a breach, but so far we have not heard from any of our franchisees that they have had any kind of breach.”

“Franchise owners and operators will have a harder time locating malicious software — those equipped to detect, contain, and eradicate miscreants from their systems are the exception, not the rule,” he said.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Advanced Evasion Techniques

August 24th, 2014
English: A candidate icon for Portal:Computer ...

Advanced Evasion Techniques

What is Advanced Evasion Techniques?

An advanced evasion technique (AET) is a type of network attack that combines several different known evasion techniques on-the-fly to create a new technique that won’t be recognized by an intrusion detection system.

Advanced Evasion threat can cause severe damage even to the secured organization:

  • It can breach many firewalls and avoids detection
  • It inserts malicious code by slicing and dicing it into bits and pieces that arrive by different paths
  • It re-assembles on an endpoint to gain access
  • AETs are quite successful for the most part, evading the technologies deployed by next generation firewalls (NGFWs)
  • Targets intellectual property and financial resources
  • Goes unnoticed until long until the damage is done
  • Mcfee claims that most firewalls are only capable of blocking less than 10 percent of known AETs and the majority of malicious code delivered using AETs slips by unnoticed.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Healthcare sub contractor fails to secure server

August 13th, 2014
English: Icon from Nuvola icon theme for KDE 3...

Healthcare subcontractor may have compromised up to 570 patients’ data

Healthcare subcontractor may have compromised up to 570 patients’ data due to recent data breach. At this point name of the sub contractor is not known. According to the reports, sub contractor inadvertently failed to secure a computer server containing patient account information.

Breached information includes patient invoice numbers, charge amounts, balance due, policy numbers and billing-related status comments. It was noticed that Social Security numbers and medical records were not part of the breach.

Free patient identity protection services for affected patients are offered by the physicians. According to the HIPAA Omnibus Rule more responsibility falls on sub contractor to help out with breach notification and other breach-related activities. Terms and status of HIPAA business associate agreement (BAA) is not known.

“There is no indication that personal information has been acquired or used,” the company said. It is not known whether any people in or around Guilford County were affected. A company spokeswoman did not immediately return a request for comment.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

- See more at: http://blog.alertsec.com/#sthash.GEAE5nsG.dpuf

Chinese hackers use malware to access data

August 6th, 2014
Cryptographically secure pseudorandom number g...

Community Health Systems, Inc. reported data breach

Community Health Systems, Inc. reported data breach which affected 4.5 million patients which was cause by Chinese hacking into the computer network using malware. Patient data includes names, addresses, birth dates, telephone numbers and Social Security numbers, but no credit card or medical data were involved. Community Health Systems manages 206 hospitals across 29 states and is among the largest publicly-traded hospital companies in the U.S.

Highlights of the data breach –

  • It was HIPAA violation so organization is alerting all 4.5 million affected patients.
  • Organization is providing free identity-theft protection services.
  • Chinese “Advanced Persistent Threat” group was the culprit.
  • The group was able get through Community Health’s network security with advanced malware.
  • Organization will update its network security to avoid future attacks.

According to the statement:

Since first learning of this attack, the Company has worked closely with federal law enforcement authorities in connection with their investigation and possible prosecution of those determined to be responsible for this attack. The Company also engaged Mandiant, who has conducted a thorough investigation of this incident and is advising the Company regarding remediation efforts.

The Company carries cyber/privacy liability insurance to protect it against certain losses related to matters of this nature. While this matter may result in remediation expenses, regulatory inquiries, litigation and other liabilities, at this time, the Company does not believe this incident will have a material adverse effect on its business or financial results.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.