California

OhioHealth’s flash drive goes missing

July 31st, 2015

OhioHealth has issued health data breach notification letters after misplacing an unencrypted flash drive. Flash drive has not yet been recovered and the OhioHealth mentioned that there is no reason to believe that the missing flash drive was stolen or has been misused.

The affected information includes patient names, medical record numbers, names of insurance companies, physician names, addresses, dates of birth, referral and treatment dates, the type of procedures conducted, and in a few cases, clinical information and Social Security numbers.

As per the OhioHealth statement, few numbers of patients are affected. Specifically, only patients who were to receive valve replacements or those who participated in valve replacement studies at Riverside Methodist Hospital between July 2010 and December 2014 may have been affected by the health data breach.

The OhioHealth statement did not mention the number of affected patients. According to an article by The Columbus Dispatch, there were 1,006 patients affected and potentially 30 Social Security numbers compromised.

OhioHealth believes the flash drive has simply been misplaced by an employee.  It has still decided to send out data breach notification to all those who may have potentially been affected.

“OhioHealth is deeply committed to the sacred trust that we hold in providing quality care to our patients and families, including as it relates to the protection of their confidentiality,” OhioHealth said in a statement. “We sincerely apologize and regret that this incident has occurred.”

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

 

Information Technology, PHI security and Access to records

February 26th, 2015

In today’s demanding world, it is important to provide speedy access to clinician, staffs etc. to treat their patients. But Protected Health Information (PHI) security should also remain top most priority. The data breach not only puts patients at risk but also tarnishes the image of the institution. It’s better to follow below guidelines:

  • Protection of clinician workstations using  IT security measures
  • Restricting unauthorized access to PHI
  • Follow real world examples of most secured facilities
  • Use encryption software like Alertsec to protect your devices
  • Avoiding the pitfalls of online access
  • Recognizing malware by installing genuine anti virus
  • Preventing and responding to identity theft
  • Recovering from computer viruses
  • Understanding your computer and their use like email accounts, sharing, chats etc for sensitive information
  • Using secure connections
  • Use of desktop firewalls
  • Backing up data and refreshing affected systems
  • Work with people to understand importance of security
  • Thinking like an attacker and implementing security measures
  • Be wary of how much authority you give to a consultant
  • Record as much activity you can
  • Destroy discarded documents efficiently
  • Destroy and recycle electronics correctly

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Data accessible on third party website

December 21st, 2014

Redding, Calif.-based Mercy Medical Center found out that physician progress notes were publically accessible on a third-party website. Potentially affected patients took the treatment at Mercy Medical. Data breach doesn’t include Social Security numbers and other financial information.

The affected information includes patient names, medical record numbers, dates of birth, ages, dates of service, diagnoses, medications, review of systems, current therapies, and treatment plans.

“We sincerely regret this incident occurred and are taking appropriate measures to prevent any similar incident in the future, including continuing efforts to educate staff and physicians on securing medical information,” Michelle Kirby, Dignity Health Service Area Compliance Director mentioned on the letter which was posted on the California Attorney General’s website.

According to the reports, patients’ information is not believed to have been accessed inappropriately. Kirby suggested that patients can contact one of the three major credit bureaus and place a fraud alert on their credit file.

According to the statement, Mercy Medical simply explained that “Upon discovery the third party removed the link from their website rendering the information no longer accessible.”

Points to be considered:

  • Facilities should be active in implementation of security measures
  • All aspects of security should be considered instead of focusing on one
  • Proper training of the staff

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Children Art Project and Data Breach

December 12th, 2014

A healthcare data breach was caused by what started as goodwill attempt when a health system employee mistakenly donated CDs having patients’ protected health information (PHI) for children’s projects.

According to the reports, Virginia Commonwealth University Health System (VCUHS) employee took CDs that were no longer needed for the organization’s services and gave it to Children as a reference for art project.  The affected information includes patients’ full name, and one or more of the following: home addresses, dates of birth, medical record numbers, clinical information and health insurance information. A few of the CDs also contained Social Security numbers.

The website statement didn’t mention about the number of individuals affected but likely more than 1,000 medical information records were involved.

“What began as a well-intentioned philanthropic effort by a staff member wanting to help turned into a serious mistake that we are working very hard to remedy,” John Duval, CEO of MCV Hospitals and Clinics, said in a statement. “This error brought to light a vulnerability in our system that developed over time and that we are working to correct, and we are deeply sorry for the inconvenience this may have caused some of our patients.”

VCUHS has revised its protocols regarding media destruction and will intensify its efforts to protect all sensitive information, Duval added. VCUHS said that it also re-collected most of donated CDs.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

 

Subcontractor mishandled sensitive information

December 10th, 2014

A potential data breach was caused because of information mishandling by  a health insurance subcontractor. According to the reports, WellCare Health Plans notified 47 Medicare subscribers at the end of November that their protected health information (PHI) was breached. Around 500 people were affected by this incident.

Social security numbers and other financial information were not exposed. Also, information regarding specific diagnosis was not revealed. A total of 47 people were notified in Monroe County along with more than 500 people in New York.

“When the error was discovered, WellCare sent postage-paid envelopes to the members who were believed to have received the inadvertent mailings,” the Democrat & Chronicle stated.

According to the reports,

The insurer said it was not aware of misuse of anyone’s information. Nevertheless, it urged the 47 individuals to review their credit card bills and other financial statements. The insurer is providing one-year credit protection.

The breach was a violation of the Health Insurance Portability and Accountability Act. Crystal Walker, director of public relations, said WellCare learned on Nov. 3 that a vendor had a computer coding error, which caused denial letters to be sent to the wrong members. The information included the person’s name, address, member ID number and general descriptions of the procedure, such as evaluation, radiology or administrative. No specific diagnoses were revealed.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

PHI exposed on emails

November 22nd, 2014

Anthem Blue Cross members in California received emails from their health insurer having their own PHI in the subject line. It is not known whether the act of sending PHI in email is considered as data breach. The email was related to routine checkups and preventative screenings with their doctors. But the email also included information like age range and language along with possible medical screening tests – marked “Y” for recommended tests and “N” for tests not listed in the email.

This information is certainly sensitive, as you can imagine, because a call for certain tests, and frequency, could indicate a health problem,” wrote one female Anthem patient who received the email.

The woman said she received the following subject line from her health insurer:

Don’t miss out — call your doctor today; PlanState: CA; Segment: Individual; Age: Female Older; Language: EN; CervCancer3yr: N; CervCancer5yr: Y; Mammogram: N; Colonoscopy: N

“We know that patient privacy and security is just as important as having the most comprehensive medical records,” Mark Morgan, president of Anthem Blue Cross, told a reporter at the time of the HIE announcement. The incident occurred when the Anthem Blue Cross is working to further expand in the health IT world.

Blue Shield of California and Anthem Blue Cross has combined strength of 9 million customers in a new comprehensive network, Cal INDEX.

“Hospitals have moved away from using ordinary email because there are all sorts of ways in which it can be compromised, intercepted in transit, or seen by your email provider,” said Jonathan Mayer, a computer scientist and lawyer at Stanford who specializes in data security and privacy.

He added, “It’s especially bad when the information is in the subject line because who knows where that could pop up — on a desktop, a phone.”

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Health information of 729,000 patients at risk

October 21st, 2013

Two laptops were stolen from an administration building of a Gabriel Valley-based hospital group. This laptop theft resulted in compromise of health information of 729,000 patients.

The stolen laptop contained data of patients treated at AHMC hospitals: Garfield Medical Center in Monterey Park, Monterey Park Hospital, Greater El Monte Community Hospital in South El Monte, Whittier Hospital Medical Center, San Gabriel Valley Medical Center and Anaheim Regional Medical Center.

The laptops were swiped from a video-monitored office on a medical campus that according to officials is gated and patrolled by security. The suspects broke into the office and stole two password-protected laptops.

AHMC spokesman Gary Hopkins, said the Alhambra police was called by the hospital group as soon as the theft was discovered.

The stolen laptops contained data including patients’ names, Medicare/insurance identification numbers, diagnosis/procedure codes and insurance/patient payment records, According to the information given by hospital group. Some of the files contained the Social Security numbers of Medicare patients.

As there was no evidence that the information was accessed, but that cannot be ruled out. “We regret any inconvenience or concern this incident may cause our patients” AHMC Healthcare Inc. officials said in a statement.

AHMC Healthcare had already hired an auditing firm to perform a security risk assessment and it was following the recommendations, officials said. Administrators will now follow a policy of encrypting all laptops.

“Affected patients may want to place fraud alerts on their credit files and order their credit reports to look for fraudulent activity” said hospital officials.

Under federal law, hospitals with medical data breach involving more than 500 people needs to be reported. The breach of 729,000 files would rank as the 11th largest in the nation when compared to data on the U.S. Department of Health & Human Services website. In California, two other medical groups have had larger data compromises involving more patients.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

California AG reports 131 Data Breaches in 2012

July 17th, 2013

Data breach incidents are increasing at fast pace and their impact is affecting millions of people. California being one of its victims, the personal information of millions of individuals were exposed in data breaches last year.

Personal information of 2.5 million residents of California were exposed in 131 online data breaches in 2012, as indicated by a recent study done by Attorney General of California. However, more than half of these incidents were easily avoidable.

In a report released by the Attorney General Kamala Harris she revealed that out of 2.5 million California residents affected by data breaches in 2012, 1.4 million would have been fine if the companies had encrypted their data. If the exposed data had been cloaked earlier these incidents would have never been reported under existing state law.

According to some other findings in 2012, average of 22,500 people were affected in each breach. Majority of data leakage incidents were reported in retail industry followed by the insurance and financial sectors. More than 100,000 people were involved in five of the reported data breaches, more than half of breaches involved SSN.

“Data breaches are a serious threat to individuals’ privacy, finances and even personal security. Companies and government agencies must do more to protect people by protecting data.” Harris said in a release.

Harris gave some suggestions for companies and agencies, explaining them that data encryption should always be used to secure the data. She asked them to train their employees and contractors to improve the overall security in an organization. However, some experts in IT security industry declared awareness training to be a waste of money and time.

She further proposed to improve the readability of breach notices, better the access to resources for victims of breaches involving Social Security and driver’s license numbers, and the passage of legislation mandating notifications of breaches involving the exposure of online credentials, such as usernames and passwords.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta