BIOS

Medical records found in dumpster

August 7th, 2015

Personal documents including medical records were found in a dumpster in Taylorsville, Utah. The incident may cause potential data breach. According to the reports, the records appear to have come from Positive Adjustments, an out-of-business drug and alcohol rehabilitation clinic.

Dr. Scott Cold, DDS, mentioned that his contractor found the documents in a dumpster being used for construction waste.

“These documents for these records were complete with patients names, addresses, phone numbers, dates of birth, Social Security numbers, court documents, treatment documents, all dumped in my dumpster illegally,” Cold said.

As per the other tenants in the building where Positive Adjustments was located, the clinic has been empty for about six months. Cold notified police after finding the documents, but law enforcement said that it would be difficult to pursue charges beyond illegal dumping.

It is essential that PHI security remain a top priority even when a facility changes location. While a specific disposal method is not outlined in the HIPAA Privacy and Security Rules, putting PHI – in any form – in easily accessible areas is not acceptable.

“Covered entities must review their own circumstances to determine what steps are reasonable to safeguard PHI through disposal, and develop and implement policies and procedures to carry out those steps,” according to HHS. “In determining what is reasonable, covered entities should assess potential risks to patient privacy, as well as consider such issues as the form, type, and amount of PHI to be disposed.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Malware hits Advantage dental database

March 13th, 2015

Oregon based Advantage Dental suffered data breach when its internal database was attacked by malware. The unauthorized access affected 151,626 Advantage patients. The compromised information includes names, dates of birth, phone numbers, Social Security numbers, and home addresses. According to the reports, treatment, payment, and other financial data were not accessed.

“Since terminating the illegal access, Advantage has been reviewing and improving its safeguards, implemented mitigation steps to prevent further access and has been working with law enforcement to properly determine the scope of the incident and any additional steps that might be required,” the statement read. “At this time, Advantage has no indication that the stolen information has been used for criminal activity, to include identity theft.”

Advantage Compliance Manager Jeff Dover told that the theft happened after the malware accessed an Advantage employee’s computer. Username and password that allows access to the membership database was stolen from there. This is a separate database from the one that contains financial and treatment information.

“Unfortunately this happened,” Dover said, adding that Advantage computers are equipped with anti-virus software, but sometimes new variations of a virus are not detected. “What you can do is be as transparent as you can, take responsibility for it, learn from it and then move on.”

After this incident, Advantage is no longer allowing access to its internal patient database from computers that are not within company clinics or its Redmond headquarters.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Hardware giant narrowly averts PC security nightmare

April 6th, 2013

American Megatrends, a company that specializes in PC hardware and firmware, has attempted to calm the rising trend of the panic attacks over the cryptographic signing keys leak as well as the source code for its UEFI (Unified Extensible Firmware Interface) BIOS, the code that starts up millions of computers around the world. On account of the code leak that took place, a security researcher and penetration tester Adam Caudill from United States received a warning from his research partner Brandon Wilson regarding a Taiwanese vendor who had left a FTP (File Transfer Protocol) server open for public browsing and downloading. This called for again new challenge regarding the computer protection which was more baneful after this security leak as by keeping the encryption software they could have easily averted such mishaps.

The take-off also included few more things among internal emails and other data – those were the source code for American Megatrends Incorporated’s UEFI BIOS and cryptographic signing keys used for verification of it. Therefore it was in the keen interest of the American Megatrends company to enable the proper encryption software for their computer protection in order to stop the security leak threatening them, every now and then. The company was afraid to access the source code for the UEFI BIOS and the cryptographic signing keys to verify the absolute binary programs, this led researchers to the development of the fear that attackers might create and/ or disseminate malicious updates which in turn, could be used to compromise and control millions and millions of computers worldwide for a long time to come. According to the researcher Caudill, “this kind of leak is a dream come true for advanced corporate espionage or intelligence operations. The ability to create a nearly undetectable, permanent hole in a system’s security is an ideal scenario for covert information collection,” He continued.

BIOS or the basic input/output system is a code stored in read-only memory which is non-volatile on personal computers as well as on other similar devices. It is assumed to run only when devices start up and loads operating systems, initialising of the hardware such as their keyboard, storage and videos beforehand. The company started developing a Unified Extensible Firmware Interface since 2005 to overcome the limitations of the original Basic Input Output System (BIOS) specifications – which was designed to suit the basic 16-bit computers decades ago, also to provide further features such as the cryptographic security for booting up. The hardware company, American Megatrends claims to the largest BIOS vendor in the world. It said so in response to the researchers Caudill and Wilson’s findings when it was revealed that the security keys on the FTP server were in fact meant for the testing and not used for the production systems.

Chief Executive and Co-founder of the American Megatrends, Subramonian Shankar stated in an interview after the security that “while today’s news is certainly distressing, AMI would like to reassure its customers and partners in no uncertain terms that this should not be a security concern for them.” Security Researcher Caudill after whatever happened noted that while AMI instructed all its vendors regarding the usage of its UEFI BIOS to change the key initially, before building a production environment, and it is not known till now that if the customer with the open FTP server was following that practice or not. Caudill did not reveal that which Taiwanese vendor had leaked the information.

Get your personal as well as office laptops encrypted by Alertsec

With so much vulnerability on public networks Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen. Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta