California Attorney General

Data accessible on third party website

December 21st, 2014

Redding, Calif.-based Mercy Medical Center found out that physician progress notes were publically accessible on a third-party website. Potentially affected patients took the treatment at Mercy Medical. Data breach doesn’t include Social Security numbers and other financial information.

The affected information includes patient names, medical record numbers, dates of birth, ages, dates of service, diagnoses, medications, review of systems, current therapies, and treatment plans.

“We sincerely regret this incident occurred and are taking appropriate measures to prevent any similar incident in the future, including continuing efforts to educate staff and physicians on securing medical information,” Michelle Kirby, Dignity Health Service Area Compliance Director mentioned on the letter which was posted on the California Attorney General’s website.

According to the reports, patients’ information is not believed to have been accessed inappropriately. Kirby suggested that patients can contact one of the three major credit bureaus and place a fraud alert on their credit file.

According to the statement, Mercy Medical simply explained that “Upon discovery the third party removed the link from their website rendering the information no longer accessible.”

Points to be considered:

  • Facilities should be active in implementation of security measures
  • All aspects of security should be considered instead of focusing on one
  • Proper training of the staff

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

AltaMed Health Services suffers data breach

September 2nd, 2014

Sensitive data was potentially breached when an employee stole patient records in an apparent identity theft ring from AltaMed Health Services. According to the reports, 2,995 patients’ were affected by this breach. AltaMed offers a variety of healthcare services and temporary employee should not be given access to patient medical records.

Law enforcement, which was conducting an investigation of the breach informed AltaMed about the breach. Agency has a hard drive that’s believed to hold patient records. Temporary employee working with AltaMed has accessed electronic and paper records and affected patients include those who attended one of its community events in Orange and Los Angeles Counties.

The date breached includes patient names, email addresses, telephone numbers, Social Security numbers, provider information, insurance information, dates of birth, and addresses. “The organization takes the security of personal and protected health information very seriously and is undertaking efforts to mitigate the risk of this happening again,” The statement said.

AltaMed notified patients, California Department of Public Health, the California Attorney General’s office, and the Department of Health and Human Services (HHS).

Excerpts from the AltaMed Website Statement:

As part of its ongoing commitment to privacy and data security, AltaMed Health Services is issuing this updated website statement notifying affected individuals of a recent incident that may affect the security of their personal and protected health information. The organization takes the security of personal and protected health information very seriously and is undertaking efforts to mitigate the risk of this happening again. 

The organization launched an internal investigation into the matter to determine what AltaMed records this individual may have accessed during her employment.  The organization retained information privacy and data security legal counsel to assist with its investigation. This investigation is ongoing.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

 

Data breach at Kaiser Foundation Hospital

November 25th, 2013

There is not a single week which goes without a healthcare data breach incident, in which a laptop or USB flash drive is stolen. The latest data breach victim in this league is the Kaiser Foundation Hospital Orange County – Anaheim Medical Center, alerting patients that their data had been compromised when a flash drive with their information on it went missing.

The California Attorney General did not reveal the number of patients affected, but Kaiser’s letter were released to patients and explained that patients’ names, medical record numbers, and dates of birth were included on the flash drive, however Social Security numbers were not.

Patients were not even offered the usual year of credit monitoring by Kaiser, which may be considered trite at this point but should be interpreted as a good-faith effort. Instead, it stated that it respects patients’ rights to file a complaint both with Kaiser and with the Office for Civil Rights. For an organization that still isn’t done with its ongoing, extremely-public legal battle with Surefile, it would be reasonable to expect the organization to do more than say it respects patients’ abilities to complain about their privacy being breached.

Moreover, its notification letter has very little transparency. It addition to not knowing how many patients were impacted, Kaiser is not coming up with information such as whether the data was encrypted and whether it was lost or stolen from inside or outside the organization. Kaiser isn’t a “mom and pop” shop that isn’t aware of HIPAA and the degree to which patient data safety is federally-regulated. Even if its Anaheim Medical Center is just part of the organization, in comparison to other breached organizations’ responses, some may argue that Kaiser should be able to make a better effort in notifying patients from both risk mitigation and informational standpoints.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta

Laptop Stolen: 3,541 UCSF patients information at risk

October 2nd, 2013

UCSF Medical Center is recognized throughout the world for innovative patient care, advanced technology and pioneering research. It is a leading university dedicated to promoting health worldwide through advanced biomedical research, graduate-level education in the life sciences and health professions, and excellence in patient care.

A laptop belonging to an employee of UC San Francisco was stolen. Some patients were informed about this laptop theft as the laptop held patient’s personal information.

The security for the protection of health information at UCSF is of utmost importance. UCSF is taking best possible caution and concern, while there is still no evidence that there has been any attempt to access the information.

Letters have been sent informing the 3,541 patients whose information was there in the laptop. The California Department of Public Health and the California Attorney General have been alerted, and federal authorities are also being notified. A special phone line has been installed to address questions from patients who receive the notification letters.

As told by UCSF an unencrypted personal laptop was stolen from the locked vehicle of a UCSF Medical Center employee who works in the Division of Transplantation. When the employee came to know about the theft, he instantly informed San Francisco police, UCSF police and UCSF officials.

To find what information was in the laptop, UCSF immediately began an extensive technical analysis. The analysis revealed that the laptop contained personal and health information of some UCSF patients, including their name and medical record number. Social Security numbers were also involved for a small number of individuals.

Paper documents of 31 patients were also stolen, some of whose information was also on the laptop. Information in the paper documents included patient names, date of birth, medical record number and some health information.

Special phone line has been set up by UCSF to provide additional assistance to all the affected individuals.

UCSF is committed to maintaining the privacy of personal information and takes many precautions to secure that information. In response to the incident, UCSF is working to strengthen educational and operational processes to safeguard patients’ health information.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

3514 UCSF patients information on stolen laptop

September 10th, 2013

UCSF is a leading university dedicated to promoting health worldwide through advanced biomedical research, graduate-level education in the life sciences and health professions, and excellence in patient care. It includes top-ranked graduate schools of dentistry, medicine, nursing and pharmacy, a graduate division with nationally renowned programs in basic biomedical, translational and population sciences, as well as a preeminent biomedical research enterprise and two top-ranked hospitals, UCSF Medical Center and UCSF Benioff Children’s Hospital.

A laptop belonging to an employee of UC San Francisco was stolen. Some patients were informed about this theft as the laptop held patient’s personal information.

The security for the protection of health information at UCSF is of utmost importance. UCSF is taking best possible caution and concern, while there is still no evidence that there has been any attempt to access the information.

Letters have been sent informing the 3,541 patients whose information was there in the laptop. The California Department of Public Health and the California Attorney General have been alerted, and federal authorities are also being notified. A special phone line has been installed to address questions from patients who receive the notification letters.

As told by UCSF an unencrypted laptop was stolen from the locked vehicle of a UCSF Medical Center employee who works in the Division of Transplantation. When the employee came to know about the theft, he instantly informed San Francisco police, UCSF police and UCSF officials.

To find what information was in the laptop, UCSF immediately began an extensive technical analysis. The analysis revealed that the laptop contained personal and health information of some UCSF patients, including their name and medical record number. Social Security numbers were also involved for a small number of individuals.

Paper documents of 31 patients were also stolen, some of whose information was also on the laptop. Information in the paper documents included patient names, date of birth, medical record number and some health information.

Special phone line has been set up by UCSF to provide additional assistance to all the affected individuals.

UCSF is committed to maintaining the privacy of personal information and takes many precautions to secure that information. In response to the incident, UCSF is working to strengthen educational and operational processes to safeguard patients’ health information.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta