Chicago

Improper disposal of paper documents leads to Lawsuit

May 12th, 2015

A lawsuit was filed against a Chicago area storage company, after it allegedly exposed sensitive patient information by dumping paper records in a public dumpster. Illinois Attorney General Lisa Madigan filed a lawsuit when improper disposal of paper records breached patient names, dates of birth, Social Security numbers and other sensitive personal information.

FileFax Inc. “failed to provide safe, secure and proper collection, retention, storage and destruction of Suburban Lung records, Madigan explained.

“This company brazenly violated the law and jeopardized the personal information and privacy of thousands of Illinois residents,” she said.

Earlier, Suburban Lung Associates had contracted with FileFax to maintain and destroy patient medical records. Affected individuals had been patients at Suburban Lung Associates. The facility operates in numerous north and northwest suburban Chicago locations.

According to Madigan, FileFax violated Illinois’ Personal Information Protection Act. The act was passed to ensure consumers’ personal information protection in the state. The lawsuit states that the company violated Illinois’ Consumer Fraud and Deceptive Business Practices Act. According to the lawsuit statement, in some instances, FileFax disposed of Suburban Lung records in an unlocked garbage dumpster outside of its facility that was accessible to the public.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Laptop stolen from Car

December 25th, 2014

According to the company statement, DJO Global employee’s laptop was stolen from a locked car in Roseville, Minnesota. While the laptop was password protected but it contained personal patient’s information. According to the company, apart from password protection, the laptop had firewalls, anti-virus software, logical access control and tracking/remote management software.

The affected information includes patient names, phone numbers, diagnosis codes, DJO products received by patients and the dates that products were ordered or shipped. According to the reports, information about doctors that tended to patients may have been included in the laptop.

“Since learning about this incident, we have been working very closely with data privacy experts,” the statement read. “As of today, we have conducted a thorough investigation and have uncovered no evidence that any personal information has been misused.”

The affected numbers of patients is not disclosed by the DJO but all the affected are informed about the breach. No credit card information was included but a small number of Social Security numbers were present on the laptop.

“Please be assured that we also are taking reasonable steps to mitigate the circumstances resulting from this incident and to ensure an incident like this does not happen again,” DJO said.

According to the statement:

  • Since learning about this incident, DJO have been working very closely with data privacy experts.
  • DJO has conducted a thorough investigation and have uncovered no evidence that any personal information has been misused.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Northwestern Memorial laptop stolen

December 19th, 2014

 

Data breach occurred when Northwestern Memorial password protected, unencrypted laptop containing patient information was stolen from inside of employee’s vehicle. The affected information includes patients’ names, addresses, dates of birth, health insurance information, billing codes, date of services, physician’s name, medical record numbers, diagnosis, and treatment information. In a few cases, Social Security numbers might have also been compromised.

According to the statement on the website:

“We deeply regret any inconvenience this may cause you,” the statement read. “NMHC has a robust privacy and security program, including encryption of laptop computers. To help prevent something like this from happening again, NMHC is confirming and ensuring encryption of all laptop computers and reinforcing education with our staff on the importance of handling patients’ information securely.”

Northwestern Memorial has notified around 3,000 patients that their PHI was potentially compromised. According the reports, there is no malicious use of data. However, notification letters were sent to potentially affected patients and individuals are urged to reach out to a dedicated call center if they have any questions or concerns.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

White Lodge Investigates Data Breach, Card Fraud

February 8th, 2014

White Lodging Services, a hospitality company that manages 168 hotels in 21 states under Hilton, Marriott, and Sheraton brand names, is investigating a suspected credit and debit card breach. It has suspected 14 hotels along with some hotel restaurants and lounges where the possible breach happened at point of sales systems. It suspected below establishments.

  • Sheraton Erie Bayfront, Erie, Pa.
  • Marriott Midway, Chicago, Ill.
  • Holiday Inn Midway, Chicago, Ill.
  • Holiday Inn Austin Northwest, Austin, Texas
  • Westin Austin at the Domain, Austin, Texas
  • Marriott Boulder, Boulder, Colo.
  • Marriott Denver South, Denver, Colo.
  • Marriott Indianapolis Downtown, Indianapolis, Ind.
  • Marriott Richmond Downtown, Richmond, Va.
  • Marriott Louisville Downtown, Louisville Ky.
  • Renaissance Plantation, Plantation, Fla.
  • Renaissance Broomfield Flatiron, Broomfield, Colo.
  • Radisson Star Plaza, Merrillville, Ind.

Information about the breach first came to notice when security journalist Brian Krebs reported, Marriott properties operated by White Lodging Services based in Merrillville, Ind was affected by the unnamed card processors tied to fraud involving hundreds of credit cards to a number of this property. He reported location of other affected hotels as Austin, Texas, Chicago, Denver, Los Angeles, Louisville, Ky., and Tampa, Fla., among other cities.

White Lodge spokeswoman Kathleen Quilligan told The Times of Northwest Indiana, “An investigation is in progress, and we will provide meaningful information as soon as it becomes available,” White Lodge is owned by Dean White 90, whose Forbes estimation is $1.9 billion. His company manages 168 hotels under variety of brand names.

Hilton, Starwood Hotels and Resorts Worldwide Spokesperson did not immediately respond to an emailed request for comment on apparent data breach. Marriot issued a statement later about the White Lodging Data breach which includes, ‘”One of our franchise management companies has experienced unusual fraud patterns in connection with its systems that process credit card transactions at a number of hotels across a range of brands, including some Marriott-branded hotels,” and it continued “They are in the midst of the investigation and are in close contact with the banks and credit cards companies.”

Marriot failed to share details immediately as per the statement as it says “Because the suspected breach did not impact any systems that Marriott owns or controls, we do not have additional information to provide,” and “Since this impacts customer of Marriott properties, we want to provide assurance that Marriott has a long-standing commitment to protect the privacy of the personal information that our guests entrust to us, and we will continue to monitor the situation closely.”

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software. Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Enhanced by Zemanta