Check Point

Claims document found in employee storage unit

October 18th, 2016

The Virginia Department of Veterans Services (DVS) recently suffered data breach when veterans claims documents were included in the documents found in a former DVS employee’s storage unit.

According to the facility, exact amount of claims found from the employee’s storage unit was not known. Investigation is going on as technical experts are reviewing all the materials. For now, all the documents appeared to be dated between 2011 and mid-2015. Also, they are  exclusively from the DVS benefits office at McGuire VAMC.

The experts are also working to determine the number of impacted veterans, their identities and the status of their claims. Facility mentioned that the process will take time of one week.

Thomas Herthel, the agency’s director of benefits, told the Richmond Times-Dispatch that 20 to 30 boxes of documents were recovered and included “everything from claims to medical records to miscellaneous correspondence.”

Facility also mentioned that the former employee worked at the agency from January 2012 to August 25, 2015.

“Those claims were reviewed, and DVS contacted affected veterans to advise them and provide assistance,” DVS mentioned. “DVS terminated the employee at that time and has since assigned a new office manager for that location.”

Secretary of Veterans and Defense Affairs John Harvey mentioned that he was deeply concerned about the veterans whose information was mishandled. He also added that his team is working to ensure those veterans receive the necessary benefits.

“At the beginning of this administration, we identified a vulnerability in the Commonwealth’s claims process, and we began implementing a solution to this serious deficiency,” Harvey continued. “Regrettably, our fears were justified, and the danger we were working so hard to address was already a reality. We stand ready to assist any and all veterans impacted, and we are determined to prevent any similar mishandling of information from happening in the future.”

____________________________________________________________________________________________

Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers.

Prima Care suffers data breach

August 3rd, 2015

Prima CARE, P.C. recovered a binder containing personal information from the bushes in a parking lot on May 25, 2015. The document contained information of 1,651 patients. Potentially breached information includes names, addresses, phone numbers, dates of birth, medical record numbers, hospital account numbers, insurance numbers, treatment date and certain clinical information. Patients who received care from Prima healthcare providers between 2007 and 2012 were affected.

“The binders were promptly returned after being discovered and are now safely in Prima CARE’s possession,” the statement read. “An investigation determined that the binders were created by a former Prima CARE employee who used the information to track work performance, but had failed to appropriately file or discard the documents following their use.”

Prima mentioned that the improper disposal was done without its knowledge or consent, and was in violation of its practices.

“We take the privacy and security of our patients’ information seriously and have taken steps to mitigate the potential for any harm to result from this incident and to prevent a similar event from occurring in the future,” Prima explained.

According to the statement, Prima Care will review its policies and procedures. It will also review its employee training programs to ensure that a similar incident does not happen again.

“We understand the concerns of patients involved in this incident,” Orlando Health reportedly said in its letter. “The privacy and security of our patients’ health information is a top priority for us. We conducted a thorough investigation of the incident and found no evidence of malice or intent.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

 

Healthcare Data Breaches and Patients

March 23rd, 2015

Healthcare breaches affect hospitals and patients alike, says survey by TransUnion. The organization can face huge penalties from the Department of Health and Human Services (HHS) due to data breach. The lost personal information takes time to recover and leads to loss of trust.

According to the recent survey, healthcare data breaches can also push patients away from the affected organization. TransUnion conducted an online survey of around 1200 US adults who received medical care.

“The hours and days immediately following a data breach are crucial for consumers’ perceptions of a healthcare provider,” TransUnion Healthcare President Gerry McCarthy said in a statement. “With the right tools, hospitals and providers can quickly notify consumers of a breach, and change consumer sentiments toward their brand.”

According to the survey-

  • Sixty-five percent of surveyed adults said that they would avoid providers that experience a healthcare data breach
  • Forty-six percent of those surveyed said they expect a notification within one day of the breach
  • Thirty-one percent said that they expect to receive a response or notification within one to three days
  • Seventy-three percent of patients ages 18 to 34 said they were likely to switch healthcare providers after a data breach

“Older consumers may have long-standing loyalties to their current doctors, making them less likely to seek a new health care provider following a data breach,” McCarthy said. “However, younger patients are far more likely to at least consider moving to a new provider if there is a data breach. With more than 80 million millennials recently entering the healthcare market, providers that are not armed with the proper tools to protect and recover from data breaches run the risk of losing potentially long-term customers.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Sacred Heart Health Systems suffers billing data breach

March 19th, 2015

Florida facility of Sacred Heart Health Systems suffered data breach when its third party vendor experienced email hack. The affected information includes patient names, dates of service, dates of birth, diagnoses and procedures, billing account numbers, total charges, and physician names. Along with above information, 40 patients’ Social Security numbers were also compromised.

“Upon notice of the incident, Sacred Heart, in cooperation with our billing vendor, immediately launched a thorough investigation into the matter,” according to the company statement. “Sacred Heart engaged computer forensics experts who were able to conduct an analysis of what information was included in the affected e-mail account.”

According to the reports, third party billing vendor employee’s e-mail username and password were compromised because of this incident. The Facility is trying to solve the loopholes in the email system to avoid such incidents in the future. It is working with email service provider to evaluate how to enhance its “already robust security program.”

According to the statement, Sacred Heart said that it will offer complimentary identity monitoring and protection services for patients whose Social Security number was affected. As soon as the incident came to notice, the access of employee username and password were immediately shut down.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

 

Online application glitch may lead to data breach

March 7th, 2015

A nonprofit organization, Painted Turtle based in California which runs a camp for children with life-threatening diseases and their families free of charge suffered data breach when some personal information may have been exposed because of online application glitch.

The affected information includes names, addresses, Social Security numbers, driver’s license numbers, personal medical information, and employment information.An error in the database of the painted Turtle’s online application server for campers and volunteers caused the data breach. Bank account and credit card information were not present on the server.

“We immediately brought the database offline to prevent anyone from being able to access your records,” Maher wrote. “Also, in an effort to prevent similar data breaches in the future, before bringing the system back online we updated our database’s code to prevent the issue from occurring again.”

According to the statement on the website:

Your information would not have been viewable unless a specific chain of events occurred.

Specifically: (1) you would have had to identify someone as a Reference in your application in 2013–2014, and (2) that person would have had to begin filling out an application as well, and (3) while that person’s application (and your application) was still pending, (4) they would have had to access their pending application and click “show related profiles” and your name. Again, your information would not have been accessible to anyone outside of the persons you listed as References in your application.

We became aware of this issue on January 12, 2015. As soon as this error was brought to our attention, we began taking steps to address and mitigate the risk to you. We immediately brought the database offline to prevent anyone from being able to access your records.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Possible data breach in UMASS

January 27th, 2015

The University of Massachusetts (UMASS) Memorial Medical Group (UMMMG) found out that an employee allegedly accessed patient billing information outside their normal job functions. UMMMG started investigating in depth for  breach issue and and notified local law enforcement.

UMMMG mentioned that this employee no longer works for the company. According to the reports,local law enforcement also discovered an unauthorized individual in possession of copies of patient billing information. Affected information includes patient’s names, addresses, dates of birth, medical record numbers, and Social Security numbers. Other information which may get affected includes phone numbers, email addresses and credit or debit card information used for payments to UMMMG.

According to the UMMMG statement:

We deeply regret this incident and any inconvenience it may cause our patients. To help prevent this type of situation from happening again, UMMMG is further strengthening its privacy and information security program, including identifying additional measures and enhancements to existing safeguards to protect patient information. UMMMG is also re-enforcing staff education regarding our policies and procedures to safeguard patient information.

UMMMG is committed to the security of patient information and we are taking this matter very seriously. We began sending letters to potentially affected patients on January 30, 2015, and have established a dedicated call center to assist patients with any questions.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Former employee’s unauthorized access causes data breach

November 30th, 2014

Health care security breach was caused due to theft of 35 computers and 34 scanners by former IT contractor of Franciscan Health Systems. Three affected Washington hospitals are working to solve the lapses. According to the reports, the former employee Justin Page accessed one hospital six times, an administrative office 24 times, and an education and support facility eight times.

“We’re going to find the discrepancies in our system and make sure it doesn’t happen again,” Scott Thompson of Franciscan Health Systems told the news source. “We’re right now taking some internal review of all those policies and procedures, to make sure we’ve figured out why this happened and make sure it doesn’t happen again.”

Justin Page kept his active security pass months even after he had completed his work for the company. He is charged with stealing $100,000 in computers, scanners and other equipment from three Franciscan facilities. Court documents indicate Page attempted to sell the hardware to help pay for an expensive pill addiction. A man identifying himself as the suspect’s grandfather said Page was feeling sorry.

According to the preliminary reports, Patients’ Protected Health Information (PHI) might not have been affected. Organizations need more stringent administrative and technical safeguards to prevent such incidents. It is always advisable to keep track of individual’s activities having sensitive data access.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Bon Secours suffers data breach due to former employee

November 17th, 2014

Employee’s access to patient’s PHI leads can lead to unauthorized activity. Hence, companies are generally advised to monitor the system. The recent incident involves, Bon Secours Kentucky Health System where former employee had accessed PHI information from the system. The total number of affected patients stands at 700. According to the reports, the affected data includes names, dates of birth and the last four digits of their Social Security number.

For few patients, there is wider breach which includes names, dates of service, provider and facility names, patient account numbers (which may have included Social Security numbers), dates of birth, and treatment information, such as diagnosis. Bon Secours found that a user ID and password assigned to a former employee had been used to access information in the Athena health system

“Due to the nature of the access, and out of an abundance of caution to protect our patients, we approached law enforcement, specifically the Secret Service, to assist us with our investigation,” the statement read. “The Secret Service asked Bon Secours to delay notifying patients until their investigation was complete so as not to compromise their investigation.”

Bon Secours notified the affected patients by mail about the breach and one year of free credit monitoring and identity protection services is initiated.

“We are deeply sorry that this occurred,” the statement read. “In response to this matter, we are working with our vendor, Athena, to ensure that all user IDs and passwords to their system are properly and permanently disabled when Bon Secours determines that an employee should no longer have access to information in the Athena system.”

Alertsec strengthens security
Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Barriers for big data, mobility, and cloud technology in heath sector

November 6th, 2014

With the evolving technology, the healthcare security is major issue which needs due attention. Many healthcare organizations are wary of using services like big data, mobility and cloud technology mainly because of security concerns. Dell recently surveyed around 2,000 global organizations which confirm that numerous industries are not using evolving technologies because of security consideration. According to the survey:

  • 44 percent of IT decision makers consider security the biggest barrier for expanding mobility technologies
  • 52 percent of respondents said it was a hindrance to using cloud computing
  • 35 percent of surveyed IT decision makers said that security was a barrier for leveraging big data
  • 30 percent of respondents said they have the right information available to make risk-based decisions.
  • One in four organizations said they have a plan in place for all types of security breaches
  • 43 percent of respondents said that security resources are primarily spent on protecting against hackers
  • 37 percent reported that adhering to compliance regulations were the primary security expenditure

“Despite mounting security risks and increased reliance on the Internet and technology to run their businesses, many small and midsize organizations are underprepared to deal with today’s security threats, let alone those of the future,” SMB Group Partner Laurie McCabe said in a statement. “These companies know that disruptive technologies like cloud, mobility and big data can drive innovation and create competitive advantage. But it’s often difficult for them to take a strategic approach and overcome security concerns in order to fully harness the potential.”

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Touchstone Medical folder exposed on Internet

October 10th, 2014

Touchstone Medical Imaging, LLC has suffered data breach as sensitive data was exposed on the internet. It posted notice on the website stating that they didn’t think data was accessible on the internet.

Organization conducted internal investigation which revealed the breach. According to the reports, medical records weren’t included but patient names,dates of birth, addresses, telephone numbers, health insurer names, radiology procedures, diagnoses and some Social Security numbers may have been readable from the exposed folder.

According to the statement:

Touchstone Medical Imaging, LLC is committed to protecting the security and confidentiality of our patients’ information. Regrettably, this notice is regarding an incident involving some of that information.

We have no knowledge and there is no indication that any patient information has been used improperly. However, in an abundance of caution, we began sending letters to affected patients on October 3, 2014, and have established a dedicated call center to answer questions you may have.

We deeply regret any inconvenience this may cause our patients. To help prevent this from happening again, we are reinforcing the education of our employees and the monitoring of our systems regarding the protection of our patients’ information and continually reviewing and enhancing our policies and procedures.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.