china

Unity Recovery Group suffers data breach

June 4th, 2015

Unity Recovery Group, Inc. announced the data breach but failed to specify the cause of breach. It just mentioned that it “involved the disclosure of [patients’] personal information to one or more unaffiliated recovery and/or rehabilitation service providers, without [their] prior written consent.” Affected information includes names, addresses, dates of birth, addresses, telephone numbers, Social Security numbers, email addresses, insurance information, and/or certain health-related information.

“To protect against future incidents, we have undertaken additional technological security measures and implemented additional training of our employees to ensure compliance with Unity’s Policies,” Unity said. “We have also hired outside legal counsel to assist us with our investigation and Forensic Data Services, Inc., a technology forensics firm, to enhance the security of our IT systems.”

The breach also affected affiliated companies which include Starting Point Detox, LLC, Lakeside Treatment Center, LLC, Changing Tides Transitional Living, LLC, and Unity Recovery Center, Inc.

According to the statement:

  • We are complying with our regulatory notice obligations and continue to investigate how this breach happened in light of our Privacy Policy, Client Confidentiality Policy, Conflict of Interest Policy, and IT security policies (together “Unity’s Policies”).
  • At Unity, we take patient privacy very seriously and it is important to us that you are made fully aware of a potential privacy issue that may affect you.
  • While we have not received any indication that the information disclosed has been accessed or used for any other purpose, we are required to obtain your prior written consent before disclosing your personal information, with limited exception.
  • In keeping with our commitment to patient privacy, we have arranged for a complimentary one year subscription for you to ID Experts®, a leading identity and credit protection service. Unity is not affiliated in any way with ID Experts, however, their services have come highly recommended. If you seek the benefits of their services, ID Experts will also assist you with placing a “Fraud Alert” on your credit reports.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

 

USA: High-risk place for Data Theft

July 23rd, 2013

A research conducted by German companies shows that the US is a high-risk place for data theft, second only to China.

Ernst & Young carried out a survey of 400 companies in July, it found out that 26 percent of German security professionals, IT and senior managers felt that US was a highly risky country when it comes to data theft and Industrial espionage. These figures were just 6 percent two years back. China was still a high-risk company as responded by 28 percent. Russia stands at third place, as just 12 percent respondents consider it as risky place data theft.

Head of Forensic Technology & Discovery Services at EY, Bodo Meseke said that German companies had a misconception that attacks were most likely to come from Russia or China, but they need to realize that very extensive monitoring measures are carried out by Western intelligence agencies.

26 percent of respondents were worried about this sort of data theft coming from a foreign competitor, with 17 percent concerned about state agencies and secret services from abroad. 16 percent of people were concerned about domestic competitors and 9 percent were worried about their own employees.

The survey was conducted to study attitudes towards the risk of data theft and Industrial espionage. 86% of managers are confident that their company would not become a victim. They are confident about their security measures including firewalls and secure password policies, though these security measures are easy to break for skilled hackers.

Meseke explained “When it comes to their own safety, the companies are, unfortunately, often lulled into false sense of security,”

“A professional data thief can circumvent a password. It’s important for companies to make it more difficult for would-be data thieves with things like intrusion detection systems and beefed up security departments so that they look for another target.” he added further.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

China slams cyberattack accusations over lack of proof

February 19th, 2013

China is refuting a report that names its military as the source of recent cyberattacks against the U.S.

A report released this week by U.S. security firm Mandiant linked the People’s Liberation Army to a large number of cyberattacksagainst U.S. corporations, government agencies, and other organizations. The report specifically pointed the finger at Chinese military Unit 61398, noting that digital forensic evidence led investigators to the building housing that unit.

China’s response?

As expected, the government has criticized the report, citing a lack of hard evidence. In a press conference held by China’s Department of Defense News Affairs, Defense Ministry representative Geng Yansheng challenged Mandiant’s findings.

Yansheng claimed the report relied on the use of IP addresses to trace the attacks to China. But such addresses are commonly stolen and used by hackers, he noted. Therefore, it’s difficult to know the exact source of a hacking attempt.

“Everyone knows that the use of usurped IP addresses to carry out hacking attacks happens on an almost daily basis,” he said, according to Reuters.

Yansheng also asserted that there is no standard international definition of what constitutes a cyberattack.

“There is no legal evidence behind the report subjectively inducing that the everyday gathering of online (information) is online spying,” he said, Reuters added.

Finally, Yansheng called it irresponsible for Mandiant to publish such a report since cyberattacks are conducted anonymously, leaving uncertainty as to their source.

Turning the tables to portray China as the victim, Yansheng also said his country is one of the main targets of cyberattacks.

A Google translated version of the press release has Yansheng saying, “According to statistics, the Chinese armed forces access to the Internet user terminal suffered a large number of foreign attacks[. A]ccording to the IP address of the display…a considerable number of attack sources [were] from the United States, but we did not…accuse the U.S. side.”

Yansheng also reiterated the claim that China forbids hacker attacks and that the government has always cracked down on such criminal activities.

Despite China’s protestations, the United States remains concerned over the reported cyberattacks. The U.S. government is “eyeing fines, penalties, and other trade restrictions” against the country, according to the Associated Press, even as it pursues more diplomatic channels.

“We have repeatedly raised our concerns at the highest levels about cybertheft with senior Chinese officials, including in the military, and we will continue to do so,” Caitlin Hayden, spokeswoman for the White House’s National Security Council, said in a statement. “The United States and China are among the world’s largest cyberactors, and it is vital that we continue a sustained, meaningful dialogue and work together to develop an understanding of acceptable behavior in cyberspace.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta

China tightens the screws on Internet users

January 7th, 2013

The Chinese government is once again imposing new restrictions on Internet use.

A decision approved today by the Standing Committee of the National People’s Congress institutes an “identity management policy,” according to China’s official Xinhua news agency. Such a policy requires Internet users to use their real names when registering with an online provider or mobile carrier.

Though most Chinese Internet users already use their real names to sign up for online accounts, the new policy makes it the law.

Li Fei, deputy director of the Commission for Legislative Affairs of the Standing Committee, did acknowledge public concerns that the measure could “hamper the exposure of corruption cases online, public criticism lodged on the Internet, and the supervisory role of the Internet,” Xinhua said.

Several cases of public corruption in China have been unveiled on the Internet. The new policy could make it easier to track down citizens who expose such cases online.

But Li dismissed such concerns as “unnecessary” claiming that “identity management work can be conducted backstage, allowing users to use different names when posting material publicly.”

Further, Chinese service providers will now have to remove any Internet pages or other online information considered “illega,” and then turns that information over to the authorities. The authorities then have the legal right to halt publication and to punish those who posted the illegal information.

The decision also asks the public to report any such illegal online information to the authorities.

The policy doesn’t quite explain what information is considered illegal. But the Chinese government insists the law works in the best interests of its citizens, saying that the decision will “protect digital information that could be used to determine the identity of a user or that which concerns a user’s privacy,” according to Xinhua.

Further, the decision prevents service providers and government agencies from leaking the digital information of Internet users, and from selling or providing this information to others, Xinhua said.

But Li also added a warning in today’s press conference, according to Reuters.

“When people exercise their rights, including the right to use the Internet, they must do so in accordance with the law and constitution, and not harm the legal rights of the state, society… or other citizens,” Li said.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta