data brech

Connecticut-based podiatry group suffers data breach

June 2nd, 2016

A Connecticut-based podiatry group has been facing a possible healthcare data breach. The incident has impacted approx. 40,491 individuals after hackers accessed network services.Some external party had gained access to Stamford Podiatry Group’s systems, including its EHR database. The intruder is suspected to have viewed patient information between February 22 and April 14, 2016. Healthcare group has ordered a forensic investigation and terminated the unauthorized user’s access to its systems.

“Although we have not been able to confirm that your personal information was accessed and copied, we have not been able to rule out that possibility and encourage you to take … protective measures,” the organization mentioned.

Personal information involved in the healthcare data security event included medical histories, treatment information, names, Social Security numbers, dates of birth, genders, marital statuses, addresses, phone numbers, email addresses, names of doctors, and insurance information.

Stamford Podiatry Group’s Vice President Rui DeMelo, DPM, FACFAS, wrote in the letter “We have also implemented and are continuing to implement additional security measures designed to protect our systems against future intrusions. We have retained cybersecurity experts to assist us in these efforts.”

While there is no evidence yet that the personal information is being misused, the organization is still offering its patients a year of credit monitoring. Healthcare group has attempted to notify all affected patients. Individuals have also been advised by Stanford Podiatry Group to monitor financial and medical accounts for potential identify theft.

According to the recent reports by Department of Health and Human Services Data, more than 120 million people have been affected in more than 1,100 separate breaches at organizations handling protected health data since 2009.

“That’s a third of the U.S. population — this really should be a wake-up call,” said Deborah Peel, the executive director of Patient Privacy Rights.

————————————————————————————————————————————————————-

Alertsec has created a web based encryption service that radically simplifies deploymentand management of PC encryption by using industry leading Check Point Full DiskEncryption software.

Theft exposed PHI information

May 16th, 2016

Some incarcerated patients at the California Correctional Healthcare Services are affected by the potential healthcare data breach. Affected information included PHI or personally identifiable information such as medical, mental health, and custodial information.

Facility did not mention number of affected individuals by the security incident. But it said that PHI may have been affected for patients who were incarcerated between 1996 and 2014 in the California Department of Corrections and Rehabilitation.

As per the statement, “We regret this incident occurred and take these events seriously. CCHCS has taken steps to mitigate these types of events including information security training for staff and we are reinforcing information security practices. We are also taking steps to ensure that all CCHCS mobile devices include appropriate technology protections.”

The possible PHI breach incident occurred after work laptop was stolen from an employee’s personal vehicle. According to the reports, laptop was not encrypted.But the facility said that laptop was password protected.

“Under current federal regulations, an entity shall, following the discovery of a breach of unsecured protected health information, notify each individual whose unsecured protected health information has been, or is reasonably believed by the covered entity to have been, accessed, acquired, used, or disclosed as a result of such breach.”

Officials are still not sure the the extent of breach as it failed to analyse the total information contained in the laptop. California Correctional Healthcare Services cannot identify specific individuals. But it has attempted to contact each individual affected by the incident. It is possible that some patients will not receive any notification from facility, so notice is uploaded on its website and information  of the event is sent to the media.

“CCHCS [California Correctional Healthcare Services] is committed to protecting the personal information of our patients,” said Director of Communications and Legislation Joyce Hayhoe in the press release. “Appropriate actions were immediately implemented and shall continue to occur. This includes, but is not limited to, corrective discipline, information security training, procedural amendments, process changes and technology controls and safeguards. As necessary, policies, risk assessments and contracts shall be reviewed and updated.”

————————————————————————————————————————————————————-

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption software.