Associated Press

OhioHealth’s flash drive goes missing

July 31st, 2015

OhioHealth has issued health data breach notification letters after misplacing an unencrypted flash drive. Flash drive has not yet been recovered and the OhioHealth mentioned that there is no reason to believe that the missing flash drive was stolen or has been misused.

The affected information includes patient names, medical record numbers, names of insurance companies, physician names, addresses, dates of birth, referral and treatment dates, the type of procedures conducted, and in a few cases, clinical information and Social Security numbers.

As per the OhioHealth statement, few numbers of patients are affected. Specifically, only patients who were to receive valve replacements or those who participated in valve replacement studies at Riverside Methodist Hospital between July 2010 and December 2014 may have been affected by the health data breach.

The OhioHealth statement did not mention the number of affected patients. According to an article by The Columbus Dispatch, there were 1,006 patients affected and potentially 30 Social Security numbers compromised.

OhioHealth believes the flash drive has simply been misplaced by an employee.  It has still decided to send out data breach notification to all those who may have potentially been affected.

“OhioHealth is deeply committed to the sacred trust that we hold in providing quality care to our patients and families, including as it relates to the protection of their confidentiality,” OhioHealth said in a statement. “We sincerely apologize and regret that this incident has occurred.”

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

 

Medical document found in confetti

July 15th, 2015

The incident involves confetti during the world cup victory parade of U.S. Women’s soccer team. According to the New York news station, some of the confetti used in the victory parade for the US Women’s soccer team contained medical information.

The incident came to notice when a reporter tweeted a photo with confetti strips which made up an entire prescription after pieced together. Affected information includes patient names and the doctor’s office address.

The incident could be a case of official confetti versus confetti made by local businesses and residents. In similar incident during year 2012 Thanksgiving Day, the official confetti supplied by Downtown Alliance was just colored paper while police department reports mention documents ended up as confetti containing information. Also, Downtown Alliance reported that it provided two tons of confetti in 2012, yet its cleaning crew picked up 34 tons of confetti.

In the current incident, news station also reported that Atlas Packaging Company provided two tons of strip cut, blank, news roll which can be considered as the official confetti for the victory parade. It seems that good intentions like victory parades potentially led to health data security issues, which is not entirely uncommon.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Beacon Health attacked by phishing scam

May 30th, 2015

Beacon Health System in South Bend, Indiana suffered a data breach when it was attacked by sophisticated phishing attack and unauthorized individuals gained access to employee emails. The affected information includes patient names, doctor names, internal patient ID numbers, and patient status (either active or inactive).  According to the reports, Social Security numbers, dates of birth, driver’s license numbers, diagnoses, dates of service, and treatment and other medical record information could also have been accessed for some individuals.

“Beacon continued an extensive review to determine if sensitive information was affected,” Beacon explained in the statement. “On May 1, 2015, Beacon was advised that protected health information was contained in the affected emails. While there is no evidence that any sensitive information was actually viewed or removed from the email boxes, Beacon confirmed that patient information was located within certain email boxes.”

Notification letters are sent to the affected individuals. According to beacon, there is no evidence of attempted or actual misuse of information. The statement fails to mention the number of people affected by the incident.

“Beacon is reviewing its policies and procedures and is implementing additional measures to prevent an incident like this from happening again,” the health system explained.

According to the statement:

Individuals are encouraged to regularly review any Explanation of Benefits statements received from insurers for suspicious activity. If an individual does not receive a regular Explanation of Benefits statements, he or she can contact his or her insurer and request copies. Individuals may want to order copies of credit reports and check for any unrecognized medical bills. If an individual finds anything suspicious, he or she can call the credit reporting agency at the phone number on the report.Individuals should keep a copy of notices in case future problems arise. Individuals may also want to request a copy of medical records from providers, to serve as a baseline.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Medical billing company suffers data breach

May 20th, 2015

University of Pittsburgh Medical Center (UPMC) suffered a data breach when third party working with the facility reported that approximately 2,200 UPMC patients may have had their records exposed by an employee.

After the incident, a Medical Management LLC employee, no longer works for the company. It was found that the employee copied certain items of personal information from the billing system over the past two years and then illegally disclosed that information to a third party.

Affected information includes names, dates of birth and Social Security numbers. Statement mentioned that there is no evidence that information about medical histories or treatments was disclosed.

According to the statement:

“We apologize for any anxiety or inconvenience that this incident may cause for our patients,” John Houston, UPMC’s vice president of privacy and information security, said in a statement. “We hold our vendors to the same high privacy standards that we have for ourselves. Based upon the ongoing investigation, we will make whatever changes might be necessary to further enhance our already stringent privacy protections, especially those that apply to our business partners.”

“UPMC has been informed by law enforcement authorities based on their ongoing investigation that more employee information was stolen than they originally knew,” Gloria Kreps, a UPMC spokeswoman, wrote in an email to the Pittsburgh Post-Gazette. “This new information has indicated that employee names, Social Security numbers, addresses, salaries, bank account numbers and bank routing numbers may have been accessed.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Improper disposal of paper documents leads to Lawsuit

May 12th, 2015

A lawsuit was filed against a Chicago area storage company, after it allegedly exposed sensitive patient information by dumping paper records in a public dumpster. Illinois Attorney General Lisa Madigan filed a lawsuit when improper disposal of paper records breached patient names, dates of birth, Social Security numbers and other sensitive personal information.

FileFax Inc. “failed to provide safe, secure and proper collection, retention, storage and destruction of Suburban Lung records, Madigan explained.

“This company brazenly violated the law and jeopardized the personal information and privacy of thousands of Illinois residents,” she said.

Earlier, Suburban Lung Associates had contracted with FileFax to maintain and destroy patient medical records. Affected individuals had been patients at Suburban Lung Associates. The facility operates in numerous north and northwest suburban Chicago locations.

According to Madigan, FileFax violated Illinois’ Personal Information Protection Act. The act was passed to ensure consumers’ personal information protection in the state. The lawsuit states that the company violated Illinois’ Consumer Fraud and Deceptive Business Practices Act. According to the lawsuit statement, in some instances, FileFax disposed of Suburban Lung records in an unlocked garbage dumpster outside of its facility that was accessible to the public.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Medical Records exposure leads to data breach

April 29th, 2015

LAC+USC Medical Center (LAC+USC) – Augustus F. Hawkins (Hawkins) Mental Health Center mentioned  that patients’ records were found in the home of a facility employee, when a search warrant was being served at the residence. Authorities reportedly found confidential patient information for 900 Hawkins patients in the nurse’s home. The search was unrelated to County business.

“The incident has been reported to the Health Authority Law Enforcement Task Force (HALT), and we are also actively working with other law enforcement agencies,” the LAC+USC and Hawkins statement read. “We will notify the California Department of Public Health, the California Attorney General, and federal authorities in accordance with statutory requirements LAC+USC Medical Center is conducting a review of its privacy and security practices and will revise them as needed based on the findings.”

The affected information includes information such as names, medical record numbers, addresses, phone numbers, dates of birth, diagnoses, dates of admit, insurance carriers, insurance identification numbers, and Social Security numbers. Other personal data, including driver’s license information, may also have been compromised.

According to the reports, the nurse who allegedly took the documents has resigned and is no longer working at the hospital.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Washington’s attorney general and two lawmakers’ favors stronger data breach laws

April 22nd, 2015

Washington’s attorney general and two lawmakers are calling for stronger data breach laws after the recent incidents of Premera Blue Cross and Anthem, Inc. data breaches. Attorney General Bob Ferguson, Sen. John Braun, and Rep. Zack Hudgins wrote an opinion piece in The Olympian this week.

As per the statement, current state data breach law is a decade old and obsolete and more meaningful and timely notification laws are necessary. They are trying to close current loopholes. The proposed legislation would require that individuals and the attorney general be notified within 45 days of a data breach occurring.

“In the present statute, there are too many loopholes about when notification must be provided, leaving consumer’s vulnerable to financial fraud and identity theft,” the opinion piece said. “The current law is alarmingly vague on the timeline to notify consumers when data has been compromised. And unlike other states, our current statute does not require notification to the Attorney General when a data breach puts state residents at risk.”

The proposed legislation states that HIPAA covered entities are “deemed to have complied with the notice requirements” if they have “complied completely with section 13402(f) of the federal health information technology for economic and clinical health act, Public Law 111-5.”

Murray discussed the data breach notification process as he was upset with the Premera data breach. He said that it was troubling that it took Premera so long to notify individuals, the media, and lawmakers that an incident took place.

“These failures are particularly troubling given the scope of the attack,” Murray wrote. “It is my hope that Premera can move with great speed and efficiency to ensure that my constituents receive prompt notice and information about the services that are being made available to them.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Stolen cellphone causes data breach

January 18th, 2015

 

Albany, New York-based St. Peter’s Health Partners revealed that its manager cellphone got stolen and may lead to potential healthcare data breach.  The affected entity involved emails from the cellphone. After the investigation by St. Peter’s officials, it was determined that the cellphone was not encrypted.

 

According to the reports, the stolen cellphone may have contained emails that included patient appointment scheduling information for St. Peter’s.  Emails within the stolen device did not include any health record information or information on inpatient hospital treatment or emergency care.

 

Officials at the healthcare facility said there is no indication that emails have been accessed or viewed at this time. According to the news source, they believed the theft was random. After the incident, St. Peter’s reviewed all mobile devices networked to its corporate email system to ensure security compliance in response to this incident.

 

Steps to prevent data breach – cellphones:

 

  • Proper antivirus should be installed on cellphones
  • Periodically change the password to the corporate accounts
  • Encryption of the cellphone
  • Don’t install malicious software
  • Visual notifications for abnormal activity
  • Biometric identification
  • Using secured network access
  • Conducting security audit
  • User awareness about the proper usage

 

Alertsec strengthens security

 

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

 

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

 

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Settlement of $12,000

January 6th, 2015

Indiana’s Attorney General finalized a settlement with Dr. Joseph Beck. Earlier 60 boxes of Beck’s patient records were found in a dumpster. Beck agreed to pay a $12,000 penalty in a consent agreement with the state. Dr. Joseph Beck works as a dentist who was accused of mishandling 5,600 patients’ medical records.

“In an era when online data breaches are top of mind, we may forget that hard-copy paper files, especially in a medical context, can contain highly sensitive information that is ripe for identity theft or other crimes,” Attorney General Greg Zoeller told. “This file dump was an egregious violation of patient privacy and safety.”

There are series of charges against beck which includes fraudulent billing and negligence. The affected information includes Patient names, medical records, phone numbers, dates of birth, Social Security numbers, insurance cards, insurance information and state ID numbers. The incident happened when Beck hired the third-party company.

“The amount of sensitive, personal data that is stored online is growing every day, and the risks are obvious as more people are impacted by massive corporate data breaches or individual identity theft that can imperil a consumer’s good name and credit rating,” Zoeller said, according to the Indiana Attorney General website. “Our existing laws are proving inadequate to address this global crime, and we must sharpen our legal tools and take action to keep Indiana on the forefront of protecting consumers.”

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Cyber Security breach affects 485K USPS Workers

January 2nd, 2015

The breach in United States Postal Service (USPS) has affected around 750, 000 employees, as well as the data of 2.9 million customers. According to the reports, breach also potentially compromised 485,000 employees’ health information. Injury diagnoses, procedure codes, and the physical location of bodily harm were possibly exposed in the breach.

The affected information also includes names, dates of birth and Social Security numbers. The affected individuals include employees, former employees, and retirees who filed for workers compensation.

“The Postal Service took steps to obtain current addresses for as many affected employees as possible through private contractors who used, among other sources, the Postal Service’s own National Change of Address database,” USPS spokesman David Partenheimer said in a statement.

Partenheimer also told that all employees, former employees and retirees whose medical information may have been exposed received a notification letter last month.

According to the statement:

“The privacy and security of employee and customer data is of the utmost importance to us. Despite devoting a lot of time and attention to the security of our information systems, the Postal Service joins the list of major companies and government agencies that have had similar cyber intrusions,” the company said in its November statement. “The remediation efforts we took to address the cyber breach have resulted in an even stronger system to protect our data.”

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.