Bergen County

Routine audit reveals data breach

June 25th, 2015

A Maryland medical center discovered that a PHI data breach had taken place, affecting approximately 1,000 patients during routine audit. Affected information includes patient names and demographic information, such as dates of birth, ages, gender, medical record numbers and health insurance information in a few cases. Clinical information, such as treatment and/or diagnosis information, may also have been included.

According to the reports, Meritus Health was running routine compliance and self-audit efforts. It found out that an employee at one of the company’s vendors may have accessed patient information outside of normal job functions.

The company added that few patients may have had their Social Security number accessed but believes that financial information, such as credit card or bank account numbers, was not affected.

“We deeply regret any concern this may cause you,” Meritus said. “To help prevent something like this from happening again, we are working to further strengthen controls related to vendor access to patient information and we are enhancing our existing system monitoring capabilities with regard to vendor access.”

Meritus Health spokeswoman Mary Rizk mentioned that there is no evidence of information misuse.

“The letters were prepared and sent as quickly as possible; as soon as the incident was discovered by our security/privacy audit and a thorough investigation conducted to determine any individuals who may have been affected,” Rizk said. “As soon as the investigation was complete, and the names of potentially affected individuals determined, the letters were prepared and sent.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

 

 

Heart Group suffers computer breach

June 2nd, 2015

 

New York’s Buffalo Heart Group, LLP suffered data breach which potentially affected 500 to 600 patients. The exposed information includes patient names, dates of birth, addresses, telephone numbers, e-superbills, and appointment schedules. However, Social Security numbers, health information and financial information were not included.

“The recently completed internal investigation indicated insider wrongdoing resulted in the access of certain health information by unnamed third parties operating under the direction of a physician then associated with the medical practice and used by the physician to solicit patients in connection with the physician’s new employment,” according to a statement by the law firm Hurwitz-Fine that was published by WKBW Buffalo.

According to the statement:

The medical practice is working with the NYS Department of Health, Office of Professional Medical Conduct, on the matter, but emphasized that the computer system is secure, there has been no unauthorized access since June, 2014 and that it is unlikely that any precautionary or preventative measures are required to be taken by affected individuals.

Buffalo Heart Group has begun sending patient notification letters this week to affected individuals and has notified the federal Department of Health & Human Services.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

 

Beacon Health attacked by phishing scam

May 30th, 2015

Beacon Health System in South Bend, Indiana suffered a data breach when it was attacked by sophisticated phishing attack and unauthorized individuals gained access to employee emails. The affected information includes patient names, doctor names, internal patient ID numbers, and patient status (either active or inactive).  According to the reports, Social Security numbers, dates of birth, driver’s license numbers, diagnoses, dates of service, and treatment and other medical record information could also have been accessed for some individuals.

“Beacon continued an extensive review to determine if sensitive information was affected,” Beacon explained in the statement. “On May 1, 2015, Beacon was advised that protected health information was contained in the affected emails. While there is no evidence that any sensitive information was actually viewed or removed from the email boxes, Beacon confirmed that patient information was located within certain email boxes.”

Notification letters are sent to the affected individuals. According to beacon, there is no evidence of attempted or actual misuse of information. The statement fails to mention the number of people affected by the incident.

“Beacon is reviewing its policies and procedures and is implementing additional measures to prevent an incident like this from happening again,” the health system explained.

According to the statement:

Individuals are encouraged to regularly review any Explanation of Benefits statements received from insurers for suspicious activity. If an individual does not receive a regular Explanation of Benefits statements, he or she can contact his or her insurer and request copies. Individuals may want to order copies of credit reports and check for any unrecognized medical bills. If an individual finds anything suspicious, he or she can call the credit reporting agency at the phone number on the report.Individuals should keep a copy of notices in case future problems arise. Individuals may also want to request a copy of medical records from providers, to serve as a baseline.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.