Computer trespass

Data breach due to computer virus

March 29th, 2017

Lane Community College (LCC) health clinic recently announced data breach when one of its technician  found a computer virus in the system. The incident has affected PHI of some patients.

As per the reports, virus was transmitting the names, addresses, phone numbers, diagnoses, and Social Security numbers to unidentified third party almost for a year. Facility has notified potentially impacted patients.

“We have no evidence that any of the information was transmitted (from LCC), but there’s the possibility,” LCC Vice President of College Services Brian Kelly said in a statement to the Register-Guard.

Facility conducted internal investigation. It checked 20 other computers at the health clinic. It concluded that only computer was infected with virus. The incident has affected 2,500 individuals.

LCC has advised patients to monitor their bank accounts. Suspicious activity or any threat should be reported to the police. The college health clinic also asked patients to report data breach to their banks, credit bureaus, and credit card companies.

July 2016 HIPPA Journal mentioned that, “Cyberattacks on healthcare organizations are now a fact of life.”

OCR breach portal do not include all the data breaches that are happening around. But the current breach reports gives us the idea of pattern –

48 data breaches were reported as unauthorized access

43 data breaches were attributed to hacking or network server incidents

37 breaches were caused by the loss or theft of devices used to store ePHI or the loss/theft of physical records

4 breaches were due to the improper disposal of records

Stolen records or exposed data includes pattern as below:

60% were due to hacking (2,703,961 records)

78% were due to loss/theft (1,342,125 records)

6% were the result of unauthorized access or disclosure (342,748 records)

63% were the result of improper disposal (118,594 records)

___________________________________________________________________________________

Alertsec provides a solid foundation on which organizations can build compliance program.

Data breach involves Veterans

December 23rd, 2014

Contractor’s flaw lead to the data breach which exposed sensitive information of around 7000 Veterans. The department of Veterans Affairs (VA) notified the incident and also told to the press that the vendor was providing home telehealth services to veterans. The breach was caused because of potential flaw in a vendor’s system.

“An investigation was immediately initiated and security scans were conducted by VA, which confirmed the concern,” the spokesman said. “The contracted vendor has assured VA that only vendor staff and VA staff had accessed this information. The security flaw in the vendor database was immediately corrected and VA continues to closely monitor the application.”

The affected information includes names, addresses, dates of birth, phone numbers and VA patient identification numbers.  Veterans are offered complementary credit protection services.

The VA didn’t disclose the name of the vendor but according to the reports, this particular data leak till now has not caused security problems. The information was potentially seen after a database was inadvertently exposed online.

The latest data breach has raised yet another concern in VA’s data security aspects. Earlier, the agency has also failed its annual cybersecurity audit. VA Chief Information Officer Stephen Warren presented the audit results at a House Veterans Affairs Committee hearing.

“Specifically, by not keeping sufficient records of its incident response activities, VA lacks assurance that incidents have been effectively addressed and may be less able to effectively respond to future incidents,” the GAO report stated. “In addition, without fully addressing an underlying vulnerability that allowed a serious intrusion to occur, increased risk exists that such an incident could recur.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

JPMorgan Chase attacked by the hackers

October 2nd, 2014

An overwhelming attack on JPMorgan Chase by the hackers has compromised the accounts of 76 million households and seven million small businesses. It’s one of the largest ever intrusion which has overcame the previous estimates of the bank.

Earlier Target, home depot and a number of other retailers has suffered major data breaches.  The recent incident is blow to already shaken confidence in the digital operations. Below are the details of last year breaches for above mentioned companies –

Target: 40 million cardholders and 70 million others were compromised

Home depot: 56 million cards

Breaches in largest banks like JPMorgan can lead to exposure of more sensitive data.

“We’ve migrated so much of our economy to computer networks because they are faster and more efficient, but there are side effects,” said Dan Kaminsky, a researcher who works as chief scientist at White Ops, a security company.

Bank believes that no money has moved out of the accounts and till today customers are safe. According to the reports, the hackers gained access to the names, addresses, phone numbers and emails of JPMorgan account holders. It is believed that account information, including passwords or social security numbers are safe.

Jamie Dimon, JPMorgan’s chairman and chief executive, has recognized the growing digital threat. In his annual letter to shareholders, Mr Dimon said, “We’re making good progress on these and other efforts, but cyberattacks are growing every day in strength and velocity across the globe.”

Due to rising threat of online crime, JPMorgan has said it plans to spend $250 million on digital security annually.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Incorrect mailing leads to data breach

September 12th, 2014

Lowa hospital confirmed data breach when human error along with technical issues led to patients’ information being sent to the wrong recipient. Monte Goodyk received his medical bill with the billing information of 11 other Pella Regional Health Center patients.

“Well, you freak out initially, because your first thought is if I have their information, they may have my information,” Goodyk told the news source. “You can almost tell what’s wrong with this patient and what they’re going to the hospital for. I should not know this information about this patient.”

According to the reports, the name and billing information of 11 patients was incorrectly included on a statement to one patient.

“We determined that a number was incorrectly entered into our computer system when an individual checked into one of our clinics,” the spokesperson said in an email. “Our systems failed to identify the human error had happened. Pella Regional Health Center reached out on Friday to all 11 patients involved by phone and connected with 8 of the 11 patients affected. A follow-up letter was sent to each individual with information and our apologies.

Pella Regional’s privacy officer and senior administration is reviewing how they can prevent this type of mistake from happening again, the spokesperson said.

“Today it was discovered that information including your name and Pella Regional Health Center billing information was included on a statement to another patient,” read a letter sent to the 11 patients. “While no diagnosis information was included, we apologize for this breach of information.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Major US banks suffered data breach due to Russian hackers

August 20th, 2014

JPMorgan Chase and other bank were breached by Russian hackers who stole gigabytes of sensitive data which includes savings and checking account information as well as information on bank employees.

Highlights of the incident:

The FBI is investigating whether the attacks may have been launched in retaliation for U.S. government sanctions

“Russia has a policy of reactionary attacks in relation to political contexts,” iSight Partners manager John Hultquist told Bloomberg. “When it comes to countries outside their sphere of influence, those attacks would be more surreptitious.”

At least five banks were hit

“Companies of our size unfortunately experience cyber attacks nearly every day,” JPMorgan spokesperson Patricia Wexler told the Times. “We have multiple layers of defense to counteract any threats and constantly monitor fraud levels.”

Breach was accomplished either via a zero day exploit or via the exploitation of an unsecured employee to access

“At the end of the day, serious attackers, not just cyber punks who try to steal credit card information, will go to great lengths and spend immense amounts of money in order to reach their target, employing not only lessons learned from online criminals over the last 20 years but also decades worth of espionage and social engineering tactics,” Kujawa head of malware intelligence at Malwarebytes Labs said. “The best defense against these attackers is to fortify cyber defenses on every front, the education and access control of any users and finally an awareness and preparedness for any and all attacks that might be encountered.”

Very few enterprises are sufficiently equipped to defend themselves

“In fact, I would say that more than 90 percent of all organizations are completely vulnerable; they simply do not have the tools or the staff to deal with this kind of attack,” Triumfant CEO John Prisco said.

War-game’ on an ongoing basis to make sure new vulnerabilities aren’t missed

“The next stage in the arms race, for both attackers and defenders, is automation — not just searching for gaps, but figuring out the consequences of those gaps, in much the same way that generals study a battlefield before the battle starts,” RedSeal Networks CTO Mike Lloyd said.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

 

Lawsuit filed against Xerox

August 17th, 2014

The Texas Health and Human Services Commission (HHSC) recently filed a lawsuit against Xerox. The action was taken because Xerox hold back patient documents while working as a state’s former primary Medicaid claims administrator. Xerox motioned for a protection order, arguing that it needed the records for its defense.

“There is a legal process for the company to get any records it needs for the lawsuit, but instead Xerox has chosen to put information of Medicaid clients at risk and force the state to take court action to protect those records,” said Texas Health and Human Services Executive Commissioner Kyle Janek.

HHSC recently terminated the Xerox contract. HHSC said documents included client names, photographs, birth dates and medical and billing records. Texas had previously requested that Xerox turn over the Medicaid patient documents. HHSC also has concern over storage or security of the data, other than what the company has admitted in court.

“Xerox has admitted that it has the information and it’s being stored by its lawyers and at least one other company,” Janek said. “They have refused to tell us exactly what information they have, who has access to the information and what’s being done to protect it. We don’t know anything about the security of the servers now housing the information, staff training, background checks, nothing.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Healthcare sub contractor fails to secure server

August 13th, 2014

Healthcare subcontractor may have compromised up to 570 patients’ data due to recent data breach. At this point name of the sub contractor is not known. According to the reports, sub contractor inadvertently failed to secure a computer server containing patient account information.

Breached information includes patient invoice numbers, charge amounts, balance due, policy numbers and billing-related status comments. It was noticed that Social Security numbers and medical records were not part of the breach.

Free patient identity protection services for affected patients are offered by the physicians. According to the HIPAA Omnibus Rule more responsibility falls on sub contractor to help out with breach notification and other breach-related activities. Terms and status of HIPAA business associate agreement (BAA) is not known.

“There is no indication that personal information has been acquired or used,” the company said. It is not known whether any people in or around Guilford County were affected. A company spokeswoman did not immediately return a request for comment.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

– See more at: http://blog.alertsec.com/#sthash.GEAE5nsG.dpuf

Riverside Health System suffers identity fraud

July 30th, 2014

A non-profit healthcare organization, Riverside Health System has declared identity fraud which happened back in 2012. According to the reports, former Riverside Health employee, T’sha Riddick, was involved in a medical identity fraud scheme. She stole credit card information from 13 cancer patients from Cancer Specialists of Tidewater, Virginia.

Information was not available about the way she got the information but it is observed that she has medical fraud history. She was convicted on two counts for identity theft 9 years back in North Carolina.

“Keeping patient information protected is vital at Riverside,” Riverside spokesman Peter Glagola said in a release. “We are looking at ways to improve our monitoring program with more automatic flags to protect our patients.”

Information which caused the breach includes cancer patient’s credit card data and Social Security numbers.

Riverside runs following facilities –

  • Five Hospitals – Facilities in Newport News, Riverside Regional Medical Center.
  • Three specialty hospitals – medical group, surgery centers, retirement communities and home-care services.

Riverside has to do following work for better security –

  • Investigate the way of accessing the information by Riddick
  • Review employee policy
  • Update technology to allow specific access to authorized personals.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Indian Health Services folder causes data breach

July 27th, 2014

Indian Health Services (IHS) suffered data breach when an employee mistakenly left a folder out in a public area. According to the reports, the incident related information can be provided as –

  • All together 620 patients were affected by the incident.
  • Folder contained information which includes patient names, Social Security numbers and enrollment information.
  • Indian Health Service Rosebud Service Unit sent out breach notification letters to the affected clients.
  • Information was not for the reason behind the presence of folder in Rapid City.
  • According to the IHS, information is not misused or accessed inappropriately.
  • IHS has agreed to improve its HIPAA privacy and security training among employees.

The most common question heard and the one that need to be answered is: “Why was that information in Rapid City to begin with?

William Bear Shield, the chairman of the Rosebud Sioux Tribal Health board and a veteran of Desert Storm said, “I represent a community in Gregory County, 90 miles east of Rosebud, so what was my information doing up there?” He said. “Why was it in possession of an individual in Rapid City?”

Bear Shield said he asked employees at the Rosebud Service Unit why information was in Rapid City, but he said no one would give him a straight answer.

“How can I know if someone didn’t find that information and write down my Social Security number and just wait a year before using it?” he asked.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

 

Two men stole an unencrypted laptop

July 25th, 2014

Self Regional Healthcare of Greenwood, S.C. is affected by data breach when two men stole laptop during memorial weekend. It was not clear how many patients were affected by this incident. As per the data, Self regional Healthcare serves around 250,000 patients.

Self regional has notified South Carolina Department of Health. According to reports the patients affected stands around 500 and the records included patients’ names, Social Security numbers, driver’s license numbers, treating physician names, insurance policy numbers, patient account numbers, service dates, diagnosis/procedure information, payment card information, financial account information, and possibly addresses.

Self Regional posted a notice on its website, with comment from President and CEO Jim Pfeiffer

Self Regional takes the security of our patients’ personal information very seriously . . . We retained third-party computer forensic experts to assist with the investigation of this incident, even though the intruders admitted their actions to law enforcement and claimed never to have accessed the laptop. Because we do not have the laptop in our possession, Self Regional must assume there is a possibility that someone may have accessed certain patients’ protected health information.

The two thieves were caught later and one told to the police during the briefing that laptop was thrown in the lake which authorities failed to trace. The act of thief appears to be general theft and not targeted attack for information contained on the laptop. Laptop was unencrypted and pose a threat for the patient’s whose information was present on the laptop.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

– See more at: http://blog.alertsec.com/#sthash.EXcVYngp.dpuf