Colorado

Boulder Community Health (BCH) investigating data breach

May 13th, 2014

 

Someone mailed patients’ records to their homes to prove that Boulder Community Health (BCH) has lapses in security. It is one of kind of incident where context of breach is bizarre. BCH located in Colorado is investigating the incident. Earlier incidents include BCH notifying 178 patients when paperwork was missing. A different incident of BCH happened in which two unlocked recycling bins left 79 patients’ records exposed.

The letters which was sent out contained information of the records from the clinic sites on the main Foothills campus and the Riverbend Office Park neighboring the campus. The letter was sent to the patients to show the lapses of BCH in securing patient’s information. It mentioned that the sensitive information was taken from the papers present in trash bins just outside of the campus.

“If you travel north of Arapahoe (Avenue) on 48th (Street),” the letter said, “you will see the blue containers that contain medical records. These containers are often left unlocked.”

BCH has claimed that it has checked and reviewed employee privacy training and education and added automatic locks to recycle bins. It was not clear exactly whether there was a shredding policy in place.

“Our immediate goal is to determine the scope of this situation,” Boulder said in a statement. “We will work with any affected clinics to assess the impact on their patients and provide support to affected individuals.”

The letter also didn’t fail to accuse the organization of focusing on making money while not emphasizing patient privacy.  Based on the reports, it was clear that unknown person inappropriately took nine patients’ records and sent them to those patients in an attempt to shed light on Boulder’s alleged lax patient privacy policies.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

Centura Health hit by phishing attack

April 29th, 2014

 

Mercy Regional Medical Center of Durango, Colo.  suffered data breach because of phishing attack. In the recent times, phishing attacks have become more complex. It is observed that it is difficult even for shrewd of users to pick out. Mercy which is owned by Centura Health notified 1000 patients about the incident. Data affected by phishing attack includes names, Social Security numbers, Medicare beneficiary numbers, addresses, dates of birth and phone numbers. It also includes protected health information (PHI) such as diagnoses, dates of service, names of a patient’s treating physician and medical-record numbers.

Statement of Centura read, “We became aware that a small number of employee e-mail accounts may have been accessible as a result of the phishing. We hired an outside forensics expert firm to perform a comprehensive review of the affected employees’ e-mail accounts and confirmed that some of the e-mails contained patient information and may have included patient demographic information and/or clinical information and in some instances Medicare Beneficiary number and Social Security number.”

According to reports, Mercy employees were the target of a phishing email attack in which the hackers tried to obtain user names and passwords.  Phishing email was carefully drafted which gave the impression of authentic communication which trapped some employees to reveal system login information.

“Those steps included immediately stopping the attack, performing an investigation and hiring an outside forensics expert to assist, reinforcing education to all employees regarding ‘phishing’ emails and continuing to implement enhancements for strengthening user login authentication,” the statement read which implies Centura taking steps to implement  and reinforce necessary protective measures to help prevent future occurrences.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

DaVita notifies 11,500 patients of laptop theft

October 16th, 2013

Laptop theft continues to be a major source of healthcare data breaches, as a Colorado-based kidney care company, DaVita alerted 11,500 patients and some employees of a breach.

According to a notice on the Davita website “DaVita has determined that personal information belonging to approximately 11,500 patients was on the laptop at the time of the theft. In most cases, this information included details such as name, clinical diagnoses (e.g., end stage renal disease), insurance carrier name, claims payment data and dialysis treatment information. For approximately 375 patients, the information stored on the laptop included Social Security numbers. Personally identifiable information for a very small number of DaVita teammates was also stored on the laptop. All affected individuals will receive letters with additional information”.

An unencrypted but password-protected laptop was stolen out of an employee’s car. The stolen laptop included data such as names, clinical diagnoses, insurance carrier names, claims payment data and dialysis treatment information and Social Security numbers of 375 patients’ were on the laptop. After alerting law enforcement, DaVita said that it’s in the process of notifying patients of the breach and will be providing one year of credit-protection services, including credit monitoring, identity recovery assistance and identity theft insurance through ID Experts.

“We sincerely apologize for any inconvenience or concern this incident may cause our patients. DaVita has reviewed its encryption practices and implemented additional safeguards to protect against any future instances of non-compliance with our encryption policies and procedures” said Skip Thurman, a DaVita spokesperson.

According to DaVita, the mandated encryption on the device had been unintentionally deactivated.

How did DaVita not know that the encryption had been turned off? They could have encrypted the laptop before it was stolen, if they had proper notifications set up to monitor technical safeguards.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta