Log in

Posts Tagged ‘Class action’

Sutter Health breaches Data Protection Act exposing millions of Patient Accounts

November 28th, 2011

SAN FRANCISCO, CA - OCTOBER 27: Plaintiffs in...

Class action suit filed against Sutter Medical

Time and again we end up reading about patient data breaches. Why is patient data so easy to breach and so vulnerable? Is it that the thieves are too intelligent or the data protection practices need a overhaul?

The following story of Sutter Health is making headlines since last few days. And there is a good reason for it. Harris & Ruble, a class-action law firm based in Los Angeles filed a class-action lawsuit against Sutter Medical Foundation and Sutter Physician Services, alleging the medical provider did not protect the medical information belonging to more than 4 million patients affected. Apparently a computer that was stolen in mid-October contained sensitive information of these patients. The computer contained descriptions of diagnoses, names and addresses.

According to Sutter officials this is the largest data breach in the history of Sutter Health as it has exposed millions of patient records.

When and how was the computer stolen?

On October 17, 2011 a computer with unencrypted patient data was allegedly stolen from the administrative offices of the Sutter Medical Foundation. Sutter Medical should have immediately informed its patients but unfortunately it did not and they came to know about it via the media. Around 3.3 million patients with providers supported by Sutter Physician Services and 943,000 Sutter Medical Foundation patients were affected due to this breach. The stolen data included names, addresses, email addresses, dates of birth, telephone numbers, health insurance plans, and in some cases, descriptions of medical diagnoses or procedures.

Attorney Alan Harris of Harris & Ruble said “Securing equipment and encrypting data were not a priority for Sutter and now patients will have to worry about what medical or insurance information is out there for others to view. That Pat Fry, Sutter Health President and CEO, has acknowledged his responsibility to work harder to protect such information in the future, does not excuse the failure to safeguard the confidential information that has already been disclosed.”

Health care organizations have reported 364 incidents involving the loss or theft of information containing names and addresses to Social Security numbers and medical diagnoses on nearly 18 million patients in the past few years.

Sutter’s response – Gleeson, Spokesperson for Sutter, said that Sutter took time to send notices to patients because they first wanted to find out what was on that computer.

Alertsec and data encryption go hand in hand

Information has become highly mobile. There are netbooks, laptops, iphones and blackberries. You leave any of these unattended and the next thing you know is that they are stolen!

To lose any of the above device means losing valuable information! Especially when this information includes not only your personal data but that of hundreds and thousands of people.

Encryption is the best security solution to data breaches and laptop thefts. Alertsec helps you keep your info secure.

No comments »

Posted in Computer security, Data Protection, Lawsuits and settlements, computer security software, data breach, data encryption, laptop theft

Tags: Alan Harris Class action data breach Los Angeles Medicine Pat Fry Patient Sacramento California Social Security number Sutter Sutter Health Sutter Medical Foundation Sutter Physician Services

The John Anderson et al. vs. Hannaford Bros. Co. et al. case

November 1st, 2011

Retrieved from the website of the United State...

The First Circuit's decision may change some data breach laws

An appeals court’s decision may bring a major change in the data breach laws. The court’s decision is to permit negligence and contract putative class action litigation. This is specifically related to a grocery store chain data breach because of the alleged damages incurred.

Maine Law

The First Circuit has held that consumer claims for reimbursement of the cost of identity theft insurance and of fees for replacement of credit and debit cards following a breach of their personal information can be a cognizable injury under certain circumstances. For now, Maine Law recognizes this decision.

Case history

In the year 2007 hackers breached Hannaford’s – a popular grocery store chain – electronic payment processing system and stole up to 4.2 million credit and debit card numbers, with expiration dates and security codes. Fortunately customer names were not stolen. Hannaford made a public announcement about the breach and added that it had received a total of 1,800 reports of fraudulent credit and debit card activity. Some financial institutions canceled/reissued customer cards and monitored the accounts. But some of these institutions assessed fees on the consumers for offering such services. To be on the safer side, some consumers purchased identity theft insurance and/or credit monitoring services. The plaintiffs in the above lawsuit of Hannaford claimed damages that included these fees and services. In addition, allegations included loss of accumulated miles reward points, inability to earn reward points, emotional distress, and the time and effort spent during this period.

As per the initial Maine law time and effort were not to be counted as cognizable offences. Hence previously the court had ruled in Hannaford’s favor dismissing all claims.

The circuit court’s appeal

The First Circuit was trying to assess whether the mitigation damages alleged by plaintiffs for negligence and breach of implied contract could be considered as a cognizable injury under Maine law.

The court’s ruling

First Circuit held that mitigation damages that arise from negligence and breach of implied contract claims can be cognizable under Maine law. But they have to be “reasonably foreseeable” and “reasonable,” and are for actual financial losses rather than just time or effort expended.

The Hannaford decision is a classic example of what a common man can do against a faulty legal system. The legal system is harsh but if you are armed with information and know your rights, you can appeal in the court of law and get your voice heard. Data breach victims can now heave a sigh of relief.

Alertsec helps keep Data Safe

The above case is a clear indication that in the absence of full disk encryption, privacy of people can get affected. To keep your sensitive data safe from thefts and hacking, it is very important to use Data encryption software. Everyday we are reading incidents taking place across global organizations which highlight the need of a data security and recovery software. By a mere investment of $13/month, the information can be secured with no loss what so ever. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model.

Comments Off »

Posted in Computer security, Data Protection, data breach, data encryption

Tags: Class action data breach Debit card Grocery store Hannaford Hannaford Bros. Co. identity theft Law Maine Maine Law United States Court of Appeals for the First Circuit

Sony’s mainstay insurance provider refuses to accept liability for damages and compensation

July 25th, 2011

Battle between Sony and Insurer Zurich American Insurance Co. over Playstation hacks

After reading this piece of news you might wish you were not a PlayStation Network (PSN) user!

Sony’s mainstay insurance provider, Zurich American Insurance Co., is refusing to accept liability for damages and compensation regarding the recent hacks where 77 million PSN customer accounts were compromised.

The insurance provider has filed legal papers covering a total of 55 pending class-action lawsuits that customers have lodged against Sony.

The firm has brushed off its responsibility of covering data breach monetary damages as well as any other miscellaneous claims made by Sony.

History

Sony’s PlayStation Network and Qriocity networks were compromised in the month of April. According to their statement “An external intrusion on our system has affected our PlayStation Network and Qriocity services. In order to conduct a thorough investigation and to verify the smooth and secure operation of our network services going forward, we turned off PlayStation Network & Qriocity services,”

On Tue April 26 Sony confirmed that personal data of millions of customers had been compromised.

On Wed April 27 a class-action lawsuit was filed in the U.S. accusing Sony of failing to protect, encrypt and secure the private and sensitive data of its users.

Present

Nevertheless, Sony has gone ahead and filed insurance claims as it feels it is a fair coverage under previously agreed upon terms.

According to Sony the financial loss from the breaches is more than $178 million this year. The Japan based firm wants the insurer to cover costs related to the 55 class-action lawsuits under a general liability insurance policy written by Zurich.

Customer reactions and cyber risks

Customers are furious about their loss of privacy and waiting for settlements. It is time to redefine cyber security and the legalities there in. Companies are under the impression that general liability insurance covers everything. According to Ty Sagalow, an insurance consultant and founder of Innovation Insurance Group, “There are probably still some risk managers out there that think that their comprehensive general liability policy cover breaches,” says Sagalow, who was one of the main experts in charge of first drafting cyberinsurance policies for Zurich when he worked for the company prior to starting his own consulting shop. “These types of cyberevents are not covered in the typical standard forms of insurance.”

Cyber insurance

Cyber insurance is the insurance which covers loss occurred over the internet . The phenomenon is a recent one and yet to stabilize. Hence organizations like Sony must take into account adding additional coverage that can hold up to court scrutiny when things go haywire.

How can Alertsec help in cases of data breach?

Alertsec Xpress is the security service that protects data stored on your PC. As laptops are used in place of desktops, chances of data getting hacked are more. Unless your laptop is encrypted, you are running a big risk of your data getting compromised.

Encryption software helps enhance the laptop security. Alertsec uses industry leading Check Point Full Disk Encryption (former Pointsec) software that simplifies data protection.

No comments »

Posted in Data Protection, Encryption, Hackers, Identity and Information loss, Uncategorized, identity theft

Tags: breach notification Class action Computer security data breach data security data theft prevention Enter your zip code here Games insurance Liability insurance PlayStation 3 PlayStation Network Qriocity security Sony United States Video game Zurich

Veteran Affairs Department Suffers Data Breach

May 24th, 2010

: Laptop Encryption by Alertsec

Via techdirt.com- The Veterans Administration (VA) should rename itself to the “Ministry of Data Leaks. It is because every year they report loss of a computer/laptop which contains unencrypted data. As a result, several security gaps are being found out in the Department of Veterans Affairs which can potentially lead to data and information security fraud. Once again, two different data breach cases have been reported. In the first incident, an unencrypted laptop was stolen, which held the social security number and other information of 616 veterans. Somedays later, a log book from a medical lab in Texas containing personal information of 3,265 veterans went missing. While it is not clear whether the data was breached, the alarmbells have rightly started ringing. This incident demonstrates the need for VA to work tightly on issues pertaining to cyber security with contractors.

In the first case, the laptop was stolen on April 22 from the personal vehicle of the contractor’s employees. On the discovery of loss, the authorities were identified immediately and subsequently the VA was notified the following day. In addition, both the user account and server access from the laptop was disabled.

In a letter issued to Shinseki, Mr. Steve Buyer, the party member of the house House of Representatives’ committee on veterans affairs said, “We would like to express our deepest concern about the continued use of unencrypted devices within VA, despite the ongoing efforts to stop such use”.

According to Mr. Buyer, 25 of 69 contracts have nothing in the contract related to encrypted data which is more than 28% of the VA’s vendor contracts.

Mr. Buyer added, “I can only conclude from this incident that VA’s procurement processes seriously lack standardization in content, fail to articulate requirements, and [lack] compliance oversight”.

In response to Mr. Buyer’s statement, VA official Katie Roberts mentioned, “The contractor self reported the incident and has disabled the user account and server access from the stolen laptop. No further access from this laptop is possible”.

It is not the first time that a data breach incident has been reported at VA. 4 years ago a similar incident had been reported after the theft of a VA employee’s laptop which contained data of 26.5 million veterans and 2.2 million service members. On that occassion, the impact of loss for VA was worth $48 million resulting due to notification and a class action lawsuit.

Although there was no report of data usage for illegal purposes, the breach resulted in a unanimous legislation for ensuring the security of veterans’ identity and credit information.

Laptop Encryption from Alertsec

A trusted way to protect information stored on a PC or laptop is by using encryption. Alertsec Xpress offers full disk encryption and is therefore superior to other encryption methods when comparing security, performance, robustness and ease-of-use for both administrators and users. To find out more, see Tech Specs.

VA Continues Its Annual Tradition Of Losing Laptop With Unencrypted Sensitive Data (techdirt.com)
Stolen VA Laptop Contains Veterans’ Personal Data (techdailydose.nationaljournal.com)
UK firms ignore encryption (newstatesman.com)

No comments »

Posted in Data Protection, Encryption, laptop theft

Tags: Class action Military United States United States Department of Veterans Affairs United States House of Representatives Veteran Veterans Affairs Department Washington

Lawsuit filed against Countrywide

April 11th, 2010

: Image via Wikipedia

There is a serious threat to the data of customers in organizations worldwide. Apparently this is the data that contains information about their names, ages, social security number etc. As IT systems become an inherent part of organization’s assets with that we are also witnessing increase in incidents reporting data loss. The impact of this data loss is huge leading to financial implications.

The latest casualty are customers of Countrywide financial. The disturbed customers of Countrywide Financial have filed a class-action lawsuit over the 2008 data breach that enabled company insiders to steal and sell their personal information. According to a Courthouse News Service report, the class-action lawsuit on behalf of 16 plaintiffs seeks $20 million in damages, plus punitive damages.

The data theft was originally attributed to a single employee working over a two-year-period has now exposed tens of thousands of customer records. According to the lawsuit alleges that Countrywide Financial employees have stolen and sold “tens of thousands, or millions” of customers’ personal financial information.

While going through one of the news-stories, we discovered the letter that was sent to the customers. Here is a copy of the letter:

According to the lawsuit the defendants were slow to admit the massive breaches of confidentiality, and offered little or not support. The complaint stated, “Countrywide delayed several months before informing their customers.” “Finally, Countrywide informed only certain of their customers by letter and offered in settlement to refer the customers/borrowers to counseling, when it was Countrywide that needed to review and repair its internal procedures.”

Have a comment? Share your thoughts by commenting on this blog-post.