Data loss

Health Facility suffers email hack

February 7th, 2017

Multicare Health System recently announced data breach due to an email hack. The incident potentially affected 1,200 patients. The Washington health system mentioned that it has no information at this time to believe that any patient personal health information was accessed or misused in any way.

Facility will send the notification to affected patients. Also, patients have been advised to review their Explanation of Benefits statements and to remain vigilant to signs of irregularities related to their health insurance.

MultiCare stated that an unauthorized individual gained access to an employee email account. The information in the emails likely contained personal patient information ranging from addresses to account balances. Facility added that financial information and Social Security numbers were not present on the affected email account.

After the incident the affected email account has been secured. Password has been changed. Facility initiated an investigation into the incident and has provided contact information for patients concerned about the status of their information.

About Multicare:

“MultiCare is a not-for-profit health care organization with more than 10,000 employees and a comprehensive network of services throughout Pierce, South King, Thurston and Kitsap counties.

Facilities heritage dates back to the founding of Tacoma’s first hospital in 1882. Since then, it has grown to meet the ever-changing needs of our region-always focusing on excellence, innovation and patient care.”

When  email account gets hacked one should follow below steps to minimize the damage:

Initial step is to assess the damage done by hackers.

Visit the website of your email provider and try to regain the access.

Change the password by authorised method. Check inbox and trash for any password reset emails, which were not initiated by you.

Scan your computer with anti virus software. Many emails are hacked today to install virus on your computer.

Review your personal settings.

Validate the source  of any program, game and app before downloading it.

_____________________________________________________________________________________________________

Alertsec Endpoint Encrypt is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Stolen laptop results in data breach

February 2nd, 2017

Children’s Hospital Los Angeles (CHLA) and Children’s Hospital Los Angeles Medical Group (CHLAMG) recently suffered data breach when one of its unencrypted laptop was stolen. The laptop contained personal health information of 3,600 patients.

According to the reports, laptop was taken away by thief from the locked vehicle of a CHLAMG physician at CHLA. Investigation conducted by the facility found that the laptop was encrypted to up-to-date institutional standards along with password-protection. But later review mentioned the possibility of unencrypted status of laptop.

Facility is notifying patients whose information was stored on the laptop. Affected information includes names, addresses, medical record numbers, and certain clinical information.

“Following the notification regarding the burglary, an investigation took place to determine whether patient health information existed on the laptop,” CHLA spokesman Lorenzo Benet said in a statement. “Based on the investigation, the laptop has not been used to access the internet. From that information, we believe that all data may have been erased from the device without any patient data being accessed.”

Also, a protocol is created to erase data from the laptop when it logs onto the internet next time. Notification letters sent by facility will instruct individuals to review health insurance documents for evidence of misuse or identify theft.

Facility also asked patients to review their Explanation of Benefits statements in case of any unusual behavior . Also, they are advised to notify the hospital immediately for any issues.

About Childrens Hospital Los Angeles

“Children’s Hospital Los Angeles has been named the best children’s hospital in California and among the top 10 in the nation for clinical excellence with its selection to the prestigious U.S. News & World Report Honor Roll. Children’s Hospital is home to The Saban Research Institute, one of the largest and most productive pediatric research facilities in the United States. Children’s Hospital is also one of America’s premier teaching hospitals through its affiliation with the Keck School of Medicine of the University of Southern California since 1932.”

___________________________________________________________________________________

Alertsec Endpoint Encrypt is certified according to Common Criteria AEL4 and FIPS 140-2.

Unsecured database and data breach

April 16th, 2016

Einstein Healthcare Network announced possible data breach when one of its databases was left unsecured on its website. Einstein Healthcare Network is a Pennsylvania-based healthcare network. The incident has affected approximately 3,000 individuals.

According to the reports, Einstein Healthcare Network found that one of its website databases was available to unauthorized users. Accessible information included patient information that was entered by individuals on information form on the healthcare network’s webpage.

EHR systems was not connected to the website. Affected information included patient names, telephone numbers, reasons for submitting requests, healthcare provider names, and health information.Social Security numbers, financial information, or EHR information was not present on the database. Individuals who entered Information on the webpage’s form before feb 2016 were affected.

“It’s important to note that in the data we evaluated, hacking or IT incidents only accounted for about one in 10 data breaches,”said study lead author Dr. Vincent Liu, a research scientist with the Kaiser Permanente Division of Research in Oakland.

“While hacking has garnered a lot of recent attention, a more common reason for breaches is simple theft of unsecured paper or electronic records,” he continued. “Nonetheless, the potential for hacking to result in a large number of compromised records tends to be higher than for other sources of data breaches.”

Einstein Healthcare Network has now secured the website database and removed it from public view. Internal investigation is also ordered by Einstein Health.

A call center was created to answer questions related to this incident. Einstein Healthcare Network also mentioned that it is committed to improving security measures on its website. Healthcare believes that they have no knowledge that any patient information has been used improperly. Notification letters are sent to affected individuals.

According to the statement by Einstein, “To help prevent something like this from happening in the future, we have secured the website database and are enhancing our security measures for the website. We deeply regret any concern this may cause our patients.”

The breach was not result of hacking but due to technical error. Albert Einstein Healthcare Network is a system based in Philadelphia. Healthcare operates as Einstein Medical Center in Philadelphia, MossRehab with locations throughout Philadelphia and Montgomery Counties, Einstein Medical Center Elkins Park, and Einstein Medical Center Montgomery in East Norriton. Rehabilitation beds and skilled nursing beds as well as primary care and specialty physician practices are available in it’s facilities.

————————————————————————————————————————————————————-

Alertsec is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Healthcare sub contractor fails to secure server

August 13th, 2014

Healthcare subcontractor may have compromised up to 570 patients’ data due to recent data breach. At this point name of the sub contractor is not known. According to the reports, sub contractor inadvertently failed to secure a computer server containing patient account information.

Breached information includes patient invoice numbers, charge amounts, balance due, policy numbers and billing-related status comments. It was noticed that Social Security numbers and medical records were not part of the breach.

Free patient identity protection services for affected patients are offered by the physicians. According to the HIPAA Omnibus Rule more responsibility falls on sub contractor to help out with breach notification and other breach-related activities. Terms and status of HIPAA business associate agreement (BAA) is not known.

“There is no indication that personal information has been acquired or used,” the company said. It is not known whether any people in or around Guilford County were affected. A company spokeswoman did not immediately return a request for comment.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

– See more at: http://blog.alertsec.com/#sthash.GEAE5nsG.dpuf

Child Vaccination records stolen

July 2nd, 2014

 

The San Antonio Metropolitan Health District recently suffered data breach when laptop containing information was stolen. According to reports, number of child patients stands at 300 whose vaccination information was present on the laptop. Information on the laptop included patients’ last names, dates of birth, doctor identifier and immunization names.

“Metro Health takes the privacy of individual health information seriously and is reviewing all practices and policies associated with the handling and transport of protected health information,” a spokeswoman said to woai.com.  “While the likelihood of harm from this breach is minimal, those affected by this theft are being individually notified and advised to monitor their health insurance statements closely for any unusual activity.”

Metro Health’s site fails to explain the laptop location at the time of the theft. Also it has been come to the notice that laptop which contained vaccination records from the Vaccines for Children program, has not been recovered.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Data Breach Round up : Last Month

June 12th, 2014


 

To get overview of recent data breaches, we are summing up the challenges and solutions to prevent information and credibility loss.  All the excerpts are part of communication with Rapid7 global security strategist Trey Ford.

Data Points

It’s crucial, Ford says, to ensure that everyone in your organization is fully aware of the sensitivity of the data they may be handling. “A lot of people are posting data, they’re moving things around – they’re just trying to do their jobs – and for a number of reasons they may not always be aware that, OK, this is a list, this is a database, and some of this data is sensitive,” he says.

While most companies are aware of the importance of protecting clearly sensitive data like Social Security numbers and credit card information, Ford says other data can easily slip through the cracks. “We’re in a culture where it’s been comfortable to give out your phone number, your email address, your mom’s maiden name – and we’ve forgotten that with just a few more data points, you can go through and start creating fraudulent accounts or purporting to be someone else,” he says.

“Attackers are going to be like water – they’re going to follow the path of least resistance,” Ford says. “So it may be that a lot of your core systems are very carefully measured, but you don’t get to wash your hands and shrug off liability when you give sensitive data to external companies.”

Breach Communication

Ford says the recent eBay breach serves as a good example of the importance of responding to a breach correctly. “EBay has historically very heavily invested in great technology, great people. They’ve had a very advanced security program, they’re very aggressive with their measurement strategy, they’re a metrics-driven security organization – and I’m confident that their internal response was actually very swift and well-executed internally,” he says.

Encryption is the answer

Finally, Ford says it’s frustrating to see data breaches resulting from the theft of unencrypted laptops and USB drives continuing to be an issue. “Encryption technology exists, it’s pervasive, every major operating system in production used today has it or has it available, and it’s not even terribly expensive,” he says. “The challenge lies in the fact that it’s hard to manage. There are concerns about, ‘What if the admin leaves, or what if we get locked out of something?’ – and those are valid concerns – but those problems have been solved, they’re addressable, and organizations not using encryption should be the exception, not the rule.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

ProMedica Bay Park Hospital suffers data breach

May 29th, 2014

ProMedica bay Park hospital has decided to notify about 500 affected patients about the data breach. Protected Health Information(PHI) had been copied by the incident when employee inappropriately gained access to the information. Compromised data includes patient names, dates of birth, diagnoses, attending physicians, and medications. According to reports, Social Security numbers and financial data were not accessed.

“ProMedica Bay Park Hospital values patient privacy and deeply regrets that this incident occurred,” the organization said in a statement, reported by northwestohio.com. “The hospital is taking this matter very seriously. ProMedica immediately deactivated the employee’s access to patient information and the individual is no longer employed by ProMedica. ProMedica Bay Park Hospital has completed an internal investigation and is taking precautions to prevent any further health information breaches. This includes additional training for employees to ensure they understand and follow patient information access policies.”

It was revealed that previous employee accessed records of patients when not in directly under the employee’s treatment. The hospital said it will offer all affected patients a one-year membership for identity theft protection services, which includes a security freeze on their credit file, 90-day fraud alert notice, and free annual credit reports and other account statements.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta

Protect Personally Identifiable Information

May 20th, 2014

Modern security systems rely on users’ personal information, also known as PII, or personally identifiable information, but a data breach can potentially lead to monetary as well as trust loss. So it is very important to protect information from falling into wrong hands.

PII data stands floating around internet, details can easily be cross-correlated, helping wrong doers to quickly put together accurate identity profiles to gain advantage out of information. With just few important aspects of information thieves can cause huge losses to companies or individuals.

Types of PII – static and dynamic

Dynamic PII data includes details like credit card and bank account numbers, email addresses and passwords

Fixed PII data, such as date and place of birth or a national ID number such as a U.S. Social Security number, is far more valuable.

Hacking causes nightmare to both service providers and users. It causes huge losses which stands around  at least $60 million (before insurance) in direct expenses. End users may also  suffer an increased risk of being hacked elsewhere.

Protect your PII –

Passwords:  Properly encode password hashes which should be extremely expensive to decrypt when a breach occurs.

Users: Shifting security data from the service provider to the end user can benefit everyone. Example is of security question where user can creates his or her own question.

Transparency – Increasing user activity transparency – such as providing the time and location of last login – gives extra tools to the user to detect intrusions.

Encryption – Install tools to fight hacking. Install encryption software on laptops and computers.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta

Hacked server of St. Joseph leads to data breach affecting 405,000

February 26th, 2014

St. Joseph Health System (SJHS) in Texas reported a data breach due to hacking of server. It has affected more than 405,000 patients, employees, and employee beneficiaries. Hackers from china and other locations accessed information through single server. The server has employee and patient data from St. Joseph Regional Health Center in Bryan, Burleson St. Joseph Center, Madison St. Joseph Health Center, Grimes St. Joseph Health Center and St. Joseph Rehabilitation Center as per the health system. The server was taken offline as soon as breach was discovered.
Information about patient names, birth dates, Social Security numbers, possibly addresses, Medical information as well as bank information for current and former employees were present on the server. Investigators failed to determine if any information had been extracted.
“SJHS is working with the United States Federal Bureau of Investigation, which is also looking into this incident. SJHS is providing written notice of this incident to affected individuals, to the U.S. Department of Health and Human Services, as well as to certain state and international regulators.”SHJS mentioned in a release on its website.
St. Joseph stated that there has been no report about misuse of information. It has setup a confidential call center for affected people. Statement on their website further added, ‘To further protect individuals from identity theft or financial loss, we encourage patients, employees, and their families to remain vigilant, to review their account statements, and to monitor their credit reports and explanation of benefits forms for suspicious activity.

Individuals can also check their credit by obtaining a free credit report.  Under U.S. law, individuals are entitled to one free credit report every year from each of the three major credit bureaus.
SJHS have five hospitals, two long term care centers, more than a dozen physician clinic locations and a charitable foundation. It has a designated Accountable Care Organization.
Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.
Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

Two Men Jailed for Identity Theft

February 22nd, 2014

Angelo Ponds, 32, of Miami Gardens, Fla., and Sean Guillaume, 31, of Miramar, Fla. were sentenced to jail for their involvement in identity theft at medical Lab. Incident was related to stolen identity tax refund (SIRF) scheme. Ponds was sentenced to 48 months in prison and Guillaume was sentenced to 94 months in prison both to be followed by three years of supervised release.

Guillaume stole medical records with names, dates of birth, and Social Security numbers, and sold data for 5,000 individuals. He worked for unidentified medical laboratory testing company .He sold this information to Ponds. He knew that Ponds would use the PII to file fraudulent tax returns seeking refunds.

According to court documents, Guillaume worked for a company that performed medical laboratory tests where he had access to medical records with names, dates of birth, and Social Security numbers (personal identity information or “PII”) of individuals in the course of his employment with that company.

According to justice records, Ponds filed other people record fake taxation earnings with Internal Revenue Service seeking refunds.

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta