Check Point Full Disk Encryption

Unauthorized EHR access at medical centre

February 22nd, 2017

Dignity Health St. Joseph’s Hospital and Medical Center recently announced data breach, which has potentially affected 600 patient medical record. During routine review of employee access to the hospital’s electronic health records, St. Joseph’s came to know about the incident.

“Dignity Health and St. Joseph’s Hospital and Medical Center are committed to furthering the healing ministry of Jesus, and to providing high-quality, affordable healthcare to the communities we serve.”

As per the reports, sections of patient medical records were viewed without authorization by a part time hospital employee. Facility has sent advisory letters to impacted patients.

St. Joseph’s mentioned that the records did not contain Social Security numbers, billing, and credit card information. It also added that there is “no reason to believe these patients need to take any action to protect themselves against identity theft.”

“Dignity Health St. Joseph’s Hospital and Medical Center is deeply committed to protecting its patients,” the statement explained. “Any person who accesses medical records without a job-related reason is in violation of St. Joseph’s policy and appropriate action has been taken in response to this event.”

The individuals who were patients at St. Joseph’s between Oct. 1, and Nov. 22, 2016 are notified. Potentially affected information included patient medical records, demographic information (e.g. names and dates of birth), and clinical data, such as doctor’s orders and diagnostic information.

“St. Joseph’s regrets any inconvenience caused by this incident. Letters have been mailed to patients whose medical records may have been viewed and the hospital has established a call center to answer any questions they may have. “

An electronic health record (EHR) is a digital patient’s record. EHRs are advantageous as they are  are real-time as well as patient-centric. It also contains broader view of patient’s record and care.

___________________________________________________________________________________

Alertsec Endpoint Encrypt is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Touchstone Medical folder exposed on Internet

October 10th, 2014

Touchstone Medical Imaging, LLC has suffered data breach as sensitive data was exposed on the internet. It posted notice on the website stating that they didn’t think data was accessible on the internet.

Organization conducted internal investigation which revealed the breach. According to the reports, medical records weren’t included but patient names,dates of birth, addresses, telephone numbers, health insurer names, radiology procedures, diagnoses and some Social Security numbers may have been readable from the exposed folder.

According to the statement:

Touchstone Medical Imaging, LLC is committed to protecting the security and confidentiality of our patients’ information. Regrettably, this notice is regarding an incident involving some of that information.

We have no knowledge and there is no indication that any patient information has been used improperly. However, in an abundance of caution, we began sending letters to affected patients on October 3, 2014, and have established a dedicated call center to answer questions you may have.

We deeply regret any inconvenience this may cause our patients. To help prevent this from happening again, we are reinforcing the education of our employees and the monitoring of our systems regarding the protection of our patients’ information and continually reviewing and enhancing our policies and procedures.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Advanced Evasion Techniques

August 24th, 2014

What is Advanced Evasion Techniques?

An advanced evasion technique (AET) is a type of network attack that combines several different known evasion techniques on-the-fly to create a new technique that won’t be recognized by an intrusion detection system.

Advanced Evasion threat can cause severe damage even to the secured organization:

  • It can breach many firewalls and avoids detection
  • It inserts malicious code by slicing and dicing it into bits and pieces that arrive by different paths
  • It re-assembles on an endpoint to gain access
  • AETs are quite successful for the most part, evading the technologies deployed by next generation firewalls (NGFWs)
  • Targets intellectual property and financial resources
  • Goes unnoticed until long until the damage is done
  • Mcfee claims that most firewalls are only capable of blocking less than 10 percent of known AETs and the majority of malicious code delivered using AETs slips by unnoticed.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Unresolved Network Events

July 12th, 2014

Survey was conducted for security issues by Emulex and the result shows that 73 percent of IT staff has unresolved network events.

“An unresolved network event is one in which the root cause has not been established and therefore the risk of reoccurrence has not been mediated,” Matt Walmsley, senior marketing manager at Emulex division Endace, told SC Magazine. “These events are still unresolved because these IT pros do not have access to the right post-event forensics tools.”

Key highlights of survey are given as below –

  • Eighty-seven percent of respondents mentioned that they had reported the root cause of a network or security issue to their management but didn’t have the necessary information required to be completely accurate in their assessment.
  • Thirty nine percent mentioned that it occurred at least a few times.
  • Forty five percent of IT staff mentioned that they monitor network and application performance manually instead of using network monitoring tools
  • Eighty three percent said there has been an increase in the number of security events they’ve investigated in the past year
  • Eight one percent of security operations role mentioned their organization has experienced a network security breach.
  • Twenty-seven percent of network breaches were found through manual searches and user reporting without the use of alerting tools.
  • Seventy percent of network operations role have experienced a critical network event that took at least one full business day to diagnose.
  • More than half of U.S. counterparts said network outages or performance degradations cost their organizations more than half a million dollars in revenue per hour.

“IT is facing new challenges related to the growing use of software-defined networking, virtualization and higher performing networks, as well as increasingly more sophisticated attacks on company IT assets,” Emulex senior vice president of marketing Shaun Walsh said in a statement.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Data Breach in MaryLand DDA affects 9,700 clients

March 10th, 2014

Case management provider Service Coordination Inc.’s (SCI) computer systems of The Maryland Developmental Disabilities Administration (DDA) was hacked which compromised 9,700 patients’ protected health information (PHI). It contained client names, demographic information, DDA service provider, medical assistance number, Medicaid and Medicaid Waiver status and reason, Social Security numbers, and other SCI service information.

“We regret the occurrence of this unfortunate criminal incident and we apologize for any inconvenience this may have caused individuals who we work with. We continue our vigilant actions to safeguard the information of those who count on us for resource coordination services and we remain committed to supporting their needs,” said John Dumas, Executive Director of Service Coordination

SCI contacted a cybersecurity forensics team which confirmed unauthorized use. SCI also notified the FBI and U.S. Department of Justice (DOJ). It requested a delay in clients’ notification to avoid hindrances in their criminal investigations. Only after law enforcement seized the hackers account and equipment, SCI began notifying the clients.

SCI is offering one year free identity theft protection to those affected by the breach. In a website statement, SCI further added,

There is no current evidence of any misuse or further release of information by the hacker or others. To help protect affected Maryland residents from the possibility of identity theft and/or fraud as a result of this incident, SCI has engaged an identity theft protection firm, to provide affected individuals with a full year of identity theft protection services at SCI’s expense.

Alertsec strengthens security

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Enhanced by Zemanta

Beebe Healthcare notified 1,900 patients of a data breach through contracted employee

February 27th, 2014

Potential data breach came to notice when contracted employee did not show up for work. It was learned by the co-workers that the employee had previously been arrested for identity theft in Pennsylvania. Beebe healthcare of Delaware notified 1,900 patients of a data breach. It was observed that employee had worked at three Beebe offices in their network.

Beebe Healthcare has hired forensics team to conduct an enquiry into possible data breach. It was observed that no information is misused. In statement it explained, “Our investigation determined that during her assigned job duties, the contractor had access to patient medical records, which included patient names, dates of birth, Social Security numbers, health insurance information and clinical information.” Beebe Internal Medicine in Lewes, Beebe Family Practice in Millville, and Beebe Pulmonary Associates were affected location.

“Upon learning of this information, we immediately terminated the contractor’s engagement and began a thorough investigation, including hiring a national forensic expert firm. Our investigation determined that during her assigned job duties, the contractor had access to patient medical records, which included patient names, dates of birth, Social Security numbers, health insurance information and clinical information.

Based on our investigation and the work of the national forensic experts, we have no evidence that patient information was removed from Beebe or has been used inappropriately in any way. Although the staffing agency with whom we contracted performs background checks on all applicants, the report did not reflect any potential criminal activity for this individual,” Beebe further added in the statement, “We deeply regret any inconvenience this has caused our patients. To prevent this from happening in the future, we are performing our own background checks of all staffing agency employees and will no longer rely on staffing agencies to do so.”

Alertsec strengthens security

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Enhanced by Zemanta

UNC-Chapel Hill Data Breach affects 6000 people

December 15th, 2013

The University of North Carolina at Chapel Hill is a coeducational public research university located in Chapel Hill, North Carolina, United States. It is the second largest university in North Carolina.

According to UNC-Chapel Hill an online data breach of personal information affects more than 6,000 people, officials are investigating

As the files went online, they contained information belonging to some current and former employees, vendors, and students. Information contained names and Social Security or Employee Tax Identification numbers, and in some instances, addresses and dates of birth.

An information technology manager in the UNC Division of Finance and Administration was informed that some electronic files managed by the Division of Facilities Services became accessible on the Internet.

When university officials learned about the incident, they took steps to block access to the files and began an extensive investigation and the records are no longer accessible on the Internet.

the university began notifying affected individuals by mail.

The university also learned that as part of Google’s automated processes, these files were copied and made publicly accessible. The university asked Google to take the records down immediately, and Google complied.

UNC worked with a consultant to identify potentially affected individuals as soon as it had been confirmed that their personal information was included in the files.

in the notification letter sent to the affected people, Kevin Seitz, interim vice chancellor for finance and administration said “Other than Google’s activities described above, we have not been able to determine whether individual personal information was accessed by others or was misused as a result of this incident”.

“Please be assured that we continue to evaluate our computer and administrative systems and to implement appropriate measures to protect the sensitive information in our possession.”

According to Chris Kielt, vice chancellor for information technology, the university’s prompt, aggressive action underscores its commitment to protect sensitive data. Making sure the files were secured and notifying the affected people as quickly as possible were top priorities, he said in a statement.

To help protect personal information stored on campus servers, Information Technology Services (ITS) has a process in place for regularly scanning servers that have been identified by a unit’s system administrator as storing sensitive data.

“Furthermore, as part of a broader initiative to address the risk imposed by the exposure of sensitive data, ITS is working to formalize the process for identifying and safeguarding sensitive data university-wide,” he said.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

23% Organizations faced a Security Breach in 2013

November 8th, 2013

Modern technology has its positive as well as negative effect on individuals and businesses. On a positive side, it is designed to make life easier for individuals and businesses alike and the multiple ways in which it benefits all aspects of business are undeniable. But it also presents firms with challenges and data protection is one of the most serious ones.

A survey was conducted among 3,200 business executives and IT leaders from 16 countries, including the UK. According to this survey, data breaches are the most expensive IT problem that organizations can face. The poll, carried out by data management company EMC, found that on average organisations lose more than $860,000 (£530,000) per year as a result of data breaches. By comparison, any other IT problem that may occur in companies’ day-to-day business costs several hundred thousand less, EMC stated.

In today’s time, no organization is free from the risk of a Data loss incident. The survey showed that 29% of respondents reported experiencing data loss and 23% said they had faced a security breach. The most commonly listed consequences for businesses following these incidents included loss of employee productivity, cited by almost half of those polled, and loss of revenue, mentioned by 39%. In addition, one in three experienced loss of customer confidence or loyalty, while more than one in four reported loss of incremental business opportunity.

The poll conducted by EMC revealed that just 27% of all organizations reported that, in the event of incidents, data could be recovered within minutes or less. This highlights the fact that many organizations are unprepared to deal with data breaches.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

Adobe : 38 million accounts affected in data breach

October 31st, 2013

US-based Adobe Systems, which sells Photoshop and Acrobat software, told that accounts and passwords of 38 million users had been compromised by cyber criminals.

An Adobe spokesperson said “Our investigation has confirmed that the attackers obtained access to Adobe IDs and what were at the time valid, encrypted passwords for approximately 38 million active users”.

The California-headquartered firm said it has informed all the affected users and has reset their passwords.

As told by Adobe, the company faced two attacks from cyber criminals who stole credit card data of 2.9 million customers. Its security team had discovered the sophisticated attacks involving illegal access of customer information and source code of many Adobe products.

the spokesperson further added “We have completed email notification of these users. We also have reset the passwords for all Adobe IDs with valid, encrypted passwords that we believe were involved in the incident regardless of whether those users are active or not”.

Products made by Adobe are used by film and video makers, web and graphic designers, creative professionals, professional publishers, enterprises and individual consumers. The products are widely used on the Internet, including reading and viewing of documents.

Adobe users avail its various offerings through accounts for which they pay a particular fee depending on the services.

“Our investigation is still ongoing, and we anticipate the full investigation will take some time to complete,” the spokesperson said.

Geographies where the accounts had been compromised have still not been revealed. Adobe has offices in about 34 countries across North America, Asia, Australia and New Zealand, Europe, Middle East, Africa and South America.

It also has a significant presence in India with R&D offices in Bangalore and Noida and sales offices in Bangalore, Noida and Mumbai.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

Data breach: Effects on Business

October 29th, 2013

A data breach is a traumatic experience for every person involved, and it can have negative long-term effects. Your business may deal with loss of revenue from customer turnover and brand mistrust for months or years.

According to a survey, two-thirds of adults in US would not return to business if their personal information was stolen. The survey further provides insight into what types of businesses consumers would most likely stop doing business with if their confidential information was stolen.

“With every data breach comes a cost, including lost productivity, a damaged reputation, and most importantly, decreased revenue when customers take their business elsewhere. This research confirms that by failing to make security a priority, businesses can discourage once-loyal customers from returning. It could also stop potential customers from ever patronizing your business.” said John Otten, marketing manager at Cintas.

Banking, healthcare and lawyers as being under the most scrutiny by people When asked which types of organizations patrons would stop doing business with if their personal data were compromised. More than 55% said that they would change their banks and 39% would get a new lawyer. 46% said that they would switch insurance companies, 42% would go to a different drug store/pharmacy and 40% would get a new doctor or dentist. 35% said that they would not return to their hospital.

Consumers want to know if their money is in safe hands and going to where it is intended when they give to a cause. Accordingly, 38% said they would donate to other charity/non-profit organization, while in the event of a breach, 24% said that they would no longer donate to educational institution they attended.

The survey comes as data breaches continue to be reported, and are being perpetrated via a number of vectors.

A former Broward Health Medical Center employee took documents containing the personal information of nearly 1,000 patients from the Fort Lauderdale health system. The records contained names, addresses, dates of birth and insurance policy numbers.
About 960 patients, treated at Broward Health’s main facility, were notified via letters. These simply informed them that their registration documents had been “inappropriately removed.”

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta