Anthem (insurance)

Two computers stolen from Arkansas Blue Cross

July 21st, 2015

Arkansas Blue Cross Blue Shield members sent out potential data breach notification letters after its computers were stolen. Computers belonged to Treat Insurance Agency, which solicits applications from individuals for insurance coverage through multiple insurers which includes Arkansas Blue Cross.  ABCBS did not reveal the details of information present on the computers.

“Treat Insurance Agency very much regrets that theft from their offices has affected Arkansas Blue Cross members and applicants,” Arkansas Blue Cross Senior Vice President Ron DeBerry said in a statement.

“To reduce the risks that any similar thefts might affect our valuable customers, we will request independent insurance agents to protect their computer records by using encryption

technology on all computers storing any applications for Arkansas Blue Cross.”

The computers contained sensitive information of 560 Arkansas Blue Cross applicants. According to the reports, affected individuals by this incident will receive one year of complimentary identity protection services. The details of the theft are not known.

“The notification required by this section shall be made after the law enforcement agency determines that it will not compromise the investigation,” the legislation states. “Notification under this section is not required if after a reasonable investigation the person or business determines that there is no reasonable likelihood of harm to customers.”

As the device is stolen, ABCBS explained that there is no way to determine if an unauthorized person attempted to access the patient information. Also, it did not specify if the stolen computers were encrypted.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

 

Unity Recovery Group suffers data breach

June 4th, 2015

Unity Recovery Group, Inc. announced the data breach but failed to specify the cause of breach. It just mentioned that it “involved the disclosure of [patients’] personal information to one or more unaffiliated recovery and/or rehabilitation service providers, without [their] prior written consent.” Affected information includes names, addresses, dates of birth, addresses, telephone numbers, Social Security numbers, email addresses, insurance information, and/or certain health-related information.

“To protect against future incidents, we have undertaken additional technological security measures and implemented additional training of our employees to ensure compliance with Unity’s Policies,” Unity said. “We have also hired outside legal counsel to assist us with our investigation and Forensic Data Services, Inc., a technology forensics firm, to enhance the security of our IT systems.”

The breach also affected affiliated companies which include Starting Point Detox, LLC, Lakeside Treatment Center, LLC, Changing Tides Transitional Living, LLC, and Unity Recovery Center, Inc.

According to the statement:

  • We are complying with our regulatory notice obligations and continue to investigate how this breach happened in light of our Privacy Policy, Client Confidentiality Policy, Conflict of Interest Policy, and IT security policies (together “Unity’s Policies”).
  • At Unity, we take patient privacy very seriously and it is important to us that you are made fully aware of a potential privacy issue that may affect you.
  • While we have not received any indication that the information disclosed has been accessed or used for any other purpose, we are required to obtain your prior written consent before disclosing your personal information, with limited exception.
  • In keeping with our commitment to patient privacy, we have arranged for a complimentary one year subscription for you to ID Experts®, a leading identity and credit protection service. Unity is not affiliated in any way with ID Experts, however, their services have come highly recommended. If you seek the benefits of their services, ID Experts will also assist you with placing a “Fraud Alert” on your credit reports.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

 

CareFirst database breached by cyber attackers

May 27th, 2015

The database which is used for members and other individuals to access CareFirst’s websites and online services was breached when cyber attackers gained access to it. The attack was discovered by the CareFirst IT security team. The company mentioned that it is working with Mandiant for IT examinations. The attack likely led to “limited unauthorized access to a database.

The affected information includes member-created user names created by individuals to access CareFirst’s website, members’ names, dates of birth, email addresses and subscriber identification numbers. Social Security Numbers, medical claims information and financial information were not affected.

“Out of an abundance of caution, CareFirst has blocked member access to these accounts and will request that members create new user names and passwords,” the statement read.

Affected individuals will receive notification with an activation code to safeguard their accounts from further damage.

“We deeply regret the concern this attack may cause”, CareFirst President and CEO Chet Burrell said in a statement. “We are making sure those affected understand the extent of the attack – and what information was and was not affected. Even though the information in question would be of limited use to an attacker, we want to protect our members from any potential use of their information and will be offering free credit monitoring and identity theft protection for those affected for two years.”

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

11M affected by Premera Health data breach

March 11th, 2015

Sophisticated cyber attack on Premera Blue Cross leads to health data breach affecting 11 million individuals. Company discovered data breach on Jan 29, 2015. Affected entities involve Premera Blue Cross, Premera Blue Cross Blue Shield of Alaska, and the health insurer’s affiliate brands Vivacity and Connexion Insurance Solutions, Inc. Also, members of other Blue Cross Blue Shield plans who sought treatment in Washington or Alaska were also affected by the cyber attack.

The breached information includes Applicants and members’ names, dates of birth, email addresses, addresses, telephone numbers, Social Security numbers, member identification numbers, bank account information, and claims information, including clinical information.

“Individuals who do business with us and provided us with their email address, personal bank account number or social security number are also affected,” according to the Premera statement. “The investigation has not determined that any such data was removed from our systems.  We also have no evidence to date that such data has been used inappropriately.”

According to the statement, letters will be sent to affected individuals, and two years of free credit monitoring and identity protection services will also be offered to those applicants and members.

“As much as possible, we want to make this event our burden, not yours, by making services available to protect you and your information moving forward,” Roe said. “All of us here at Premera have been affected by this attack and we understand and share your concerns. Please know that we’re committed to making sure you get the tools and assistance you need to help protect you.”

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

8.8 To 18.8M Individuals affected by data breach

February 22nd, 2015

The recent revelation by Anthem was the continuation of previous data breach which was caused by hacking incident. Anthem, Inc spokesperson stated that anywhere from 8.8 million to 18.8 million non-customers could be impacted. The affected information included names, birthdates, Social Security numbers, addresses, phone numbers, email addresses and employment data that may have included income information.

Credit card information, bank account numbers or other financial data were not affected. Anthem is a member of an independently run Blue Cross Blue Shield (BCBS) national network and runs the BCBS healthcare plans in 14 states. Other states’ plans are independently run. Approximately 105 million individuals have coverage under the BCBS license in 37 different companies.

The Anthem spokesperson said that the facility’s investigation is in process, but it estimated that tens of millions of personal records were stolen during the breach. Federal and State investigations are also conducted along with internal investigation. Anthem will start sending notification to the affected individuals. As per the report, the Anthem’s drive was not encrypted which aggregated the breach.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Sensitive information posted on Lone Star’s website

February 21st, 2015

Lone Star suffered data breach when sensitive data was posted on its website by the third party company working for them. According to the reports, exposed information included names, addresses, phone numbers and some dates of birth.

Lone Star CEO Rhonda Mudhenk told Roser that no financial information was compromised, and that the company at fault no longer works on Lone Star’s website.

Lone hired security expert to determine the parameters of breach. It is observed that many unauthorized individuals accessed the information. The clinic is offering one year credit monitoring services to the affected patients.

Mudhenk told Roser that Lone Star was taking the breach seriously, that the organization wanted to assure patients that no financial information was impacted, and that only five individuals had their full or partial Social Security number exposed.

Previous Lone Star breaches includes below incidents:

  • Lone Star suffered a data breach in May 2013 after an employee’s laptop was stolen affecting Protected Health Information (PHI)
  • The online exposure of information happened to the District Medical Group (DMG) affecting an unknown number of patient’s protected health information (PHI)

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Stolen server leads to data breach

February 18th, 2015

Three notices were sent to patients informing them about the data breach which was caused by burglary in California dentist Dr. Cathrine Steinborn’s office. Apparently, first notice didn’t contain enough information, as two more notices were sent.

“Your dental records and radiographs were fully backed up, so there will be no loss of continuity of care,” Steinborn wrote in the first data security notice. “However, your personal identity and insurance information is on the server and could be compromised.”

The first notification failed to notify patient’s the details of information may have been compromised by the data breach. Dr. Catherine explained that a door was forced open and the server containing patients’ electronic records was stolen.

A police report was filed and the dentist’s office is working with its property manager “to enhance the physical security of the building,” Steinborn explained.

Second letter mentioned that the dentist’s office does not store patients’ financial information, such as credit cards, or driver’s license numbers but keeps names, addresses, phone numbers, insurance information, dates of birth and group numbers on file. Also, patients’ Social Security numbers, as well as all patients’ health history and dental records are kept in office.

“Our server had two levels of password protection, but was not encrypted,” Steinborn said in the second letter. “Currently, our files are in the cloud, in an encrypted form. I will be having the new server encrypted. An IT specializing in HIPAA will complete a thorough risk evaluation and we will be implementing robust physical and IT security going forward.”

Final letter was about security aspects.

“We previously provided notice of this incident to you, and are providing you additional information about the incident and helpful information on protecting against identity theft and fraud.”

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

A box of documents spilled off of a courier truck

February 13th, 2015

Kaiser Permanente suffered possible data breach when a box of documents spilled off of a courier truck. Incident took place during transit of box from Kaiser Permanente’s Kona Medical Office to storage. The company is notifying about 6,600 patients which includes – 4,000 patients who has their prescriptions electronically filled and the information may have been printed and included in the box of documents. The other 2,600 patients had their prescription paperwork in the box.

“Swift action by Kaiser Permanente employees allowed the retrieval of many of the documents, but unfortunately, not all were recovered,” the statement explained.

The documents were expired prescriptions. Affected information includes names, addresses, dates of birth, and medical record numbers. Moreover, the type and amount of specific medications were on the papers.

“You may get a letter and still not be affected,” Kaiser spokesperson Laura Lott told the news source. “But, we’re being very cautious because it’s the right thing to do.”

According to Kaiser Permanente statement:

Organization will offer credit monitoring to members whose Social Security numbers or driver’s license numbers was potentially exposed.

We are taking this matter very seriously and will inform each of the individuals whose information may have been involved in the incident,” Kaiser Permanente said. “As part of our outreach we are advising affected individuals to contact one of the national credit reporting agencies (Equifax, Experian, or TransUnion) to place a fraud alert on their file.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Stolen laptop may lead to data breach

February 7th, 2015

Private behavioral and mental health non-profit organization may suffer data breach after it found out that several laptops were stolen from its Noblesville location, Indiana. Organization believed that laptops were not stolen for the information. The stolen laptops “may have resulted in the limited disclosure of personal information” for both employees and patients.

Affected information includes names, addresses, and Social Security numbers for employees and a few clients. Moreover, some clients’ medical record numbers and personal health information may have been on the devices. However, electronic medical records were not on the laptops. Aspire mailed notifications to approximately 45,000 individuals which included 1,500 Social Security number.

Aspire added that it is offering identity protection services to members whose information was potentially exposed.

“Our organization is committed to maintaining the privacy and security of the personal information in our control, and we sincerely regret this incident occurred,” Aspire President and CEO Rich DeHaven said. “We have taken steps to enhance our security, including upgrading our alarm and security systems. We remain committed to continually improving our IT and physical security to further protect our data and our clients.”

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Emergency bill by Maryland General Assembly

February 5th, 2015

The Maryland General Assembly passed an emergency bill which is designed to highlight and implement certain aspects of HIPAA and patient privacy. According to the new bill, forms will be made available to patients allowing them to request confidential communications with their health insurer or provider. The new bill also allows patients to send their medical information to a different address other than residence.

“The bill also specifies that certain written notices from an insurer to a claimant regarding denial of a claim made on an individual health insurance policy and certain annual summary explanations of benefits provided to an insured are subject to confidential communications requirements under HIPAA privacy rule,” stated the bill.

Simply put, HIPAA Privacy Rule explains that individual can request sending of medical information to another location if he or she is endangered because of the disclosure of certain information.

“Privacy concerns may encourage an individual to delay or avoid seeking services or to pay out-of-pocket despite insurance coverage,” the bill stated.

“This may present a barrier to care for sensitive services such as reproductive care, substance abuse, or mental health. While confidential communication protections are already required under the HIPAA privacy rule, they are not well known.”

“It is important for patients to have confidence in how clinicians and others use their sensitive health information,” Lucia Savage, chief privacy officer of the Office of the National Coordinator for Health Information Technology, told Clemson University, which helped conduct the study.

“Patient-centered decision making in electronic health information exchange can inspire trust in health IT and the papers in the journal, along with this study, give us new insights on these issues.”

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.