data security

Cybersecurity breach at Virginia hospital

January 23rd, 2017

Sentara Healthcare announced data breach when one of its third party vendors suffered a cybersecurity breach. The incident affected personal health information. Vascular and thoracic procedures occurring between 2012 and 2015 at a Sentara facility where involved in this breach. Potentially accessed information includes patients’ names, medical records, and Social Security numbers.

“We assure our patients that we are committed to the security of the personal information we maintain and are taking this matter very seriously. To help prevent something like this from happening in the future, the vendor has informed us that it is enhancing its system security. In addition, Sentara continually strengthens policies and procedures and invests in technologies which protect our information technology systems.”

Sentara started the investigation by reaching third party vendor. It also called upon law enforcement. It has started sending and mailing advisory to affected individuals.

Facility suggested that the affected patients should check for any signs of possible fraud. Also, they are advised to review account statements and get free credit reports. Organisation has provided resources to help for future security.

“If you believe you are the victim of identity theft or have reason to believe your personal information has been misused, you should immediately contact the Federal Trade Commission and/or the Attorney General’s office in your state. You can obtain information from these sources about steps an individual can take to avoid identity theft as well as information about fraud alerts and security freezes.  You should also contact your local law enforcement authorities and file a police report.  Obtain a copy of the police report in case you are asked to provide copies to creditors to correct your records.”

Sentara is one of the nation’s top integrated healthcare systems. It works on a not-for-profit system which includes imaging centers, nursing and assisted-living centers, outpatient campuses, physical therapy and rehabilitation services, home health and hospice agency, a 3,800-provider medical staff and four medical groups. It also provides medical transport ambulances and nightingale air ambulance.

____________________________________________________________________________________________

Alertsec is powered by Check Point Endpoint Security products, which are positioned in the leaders quadrant in Gartner’s Magic Quadrant for Mobile Data Protection.

Ransomware attacks

January 13th, 2017

The Susan M. Hughes Center recently announced a data breach due to ransomware attack on its computer system. The incident has potentially affected patients. Facility has immediately launched an investigation. Also, they have reset all passwords and removed the infected server from the system.

A Forensic firm is employed for investigation. It determined that an unknown person accessed server files. The affected information included patient names, telephone numbers, dates of service, types of service or treatment, and amounts paid.

Facility mentioned that there is no evidence of misuse of patient information. Also, sensitive PHI including Social Security numbers or account numbers have not been accessed.

The Hughes Center has started mailing advisory letters to potentially impacted patients. Also, the facility established a call center to answer queries.

“We regret any inconvenience or concern this may have caused our patients. To help prevent something like this from happening in the future we are working with a security firm to enhance the security of our systems.”

Another ransomeware attack involves Summit Reinsurance Services, Inc. who alerted Alliant Health Plans, Inc. of a ransomware attack on its servers.  The affected server contained patient data of more than 1,000 Alliant members.  Facility mentioned that the investigation didn’t provided any evidence of data misuse. Also, Alliant mentioned that its members are at very low risk of data breach consequences.

Affected information included Social Security numbers, health insurance information, and claim-focused medical records.

Summit is updating its policies, procedures and protections for member information to minimise the damage.It also working on other precautionary measures to prevent further incident. Alliant will be continuing encryption to prevent foreign access of sensitive information.

Summit is notifying the affected individuals and also offering one year of identity theft protection to potentially impacted Alliant members.

“As always, Alliant and Summit recommend taking steps to prevent identity theft by monitoring your credit reports for any unusual activity.”

____________________________________________________________________________________________

Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers.

Data breach due to virus

January 10th, 2017

Brandywine Pediatrics, P.A in Delaware recently suffered data breach exposing PHI for many patients. Brandone came to know about the incident when it discovered a file server which was locked due to virus.

Facility immediately recovered the files from backup tapes. Also, it started the investigation and took help of a forensic computer expert. This incident has affected certain PHI which includes name, address, and health insurance and medical information.

Brandwine mentioned that there is exposure of health information but it has not found any evidence which suggests that it was misused. It also included in statement that there is no chance of compromise of patients’ Social Security numbers or payment card information.

Affected individuals are notified about the incident and had asked to take steps to protect them. Facility has improved the security of its systems. Also, policies and procedures are reviewed.

Brandwine mentioned that the privacy and protection of the patients is a top priority.  It also deeply regret any inconvenience or concern this incident may cause. The number of affected individuals are not mentioned in the statement.

Types of attack to gain database access

Physical theft or loss of the device

Rogue employee or other insiders misusing privileges to gain financial or personal gains

Attacks on website and application by finding weaknesses in coding

Phishing to gain passwords and usernames. Legitimate-looking email are sent to employees

Installing malicious software which misdirects users to fraudulent websites

‘Dedicated Denial of Service’ attacks

Ransomware attacks

Point-of-sale intrusions

Remote attacks

Payment card skimmers

Viruses

Worms

Trojan Horses

 Data breaches also occur due to human errors which includes below –

Sending sensitive information to the wrong person by email or fax by mistake

Making information publicly available on a web server or website by mistake

Incorrect disposing of data which also includes paper data

Losing electronic device which contains sensitive data

____________________________________________________________________________________________

Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers.

Ransomware leads to data breach

January 7th, 2017

Arizona-based Desert Care Family & Sports Medicine recently announced data breach due to ransomware attack. The incident has affected up to 500 patient records. Desert Care has notified local police and the FBI. It has also taken its server to IT specialists so that ransomware encryption can be broken to retrieve affected patient data. But they are not able to access the encrypted data. All hacked patient records remain unavailable.

Desert Care in the statement mentioned that “We understand that this may pose an inconvenience to you. We sincerely apologize and regret that this situation has occurred. Desert Care is committed to providing quality care, including protecting your personal information, and we want to assure you that we have policies and procedures to protect your privacy.”

Facility mentioned that it does not know whether the information has been exposed. It said that by the type of ransomware the intention was to gain access to information. It also mentioned that it doubts any information has been affected or copied onto a different system.

Affected patients are sent notification by the facility. It alerted them about the incident. According to the reports – full name, dates of birth, home addresses, account numbers, and disability codes are potentially exposed. Desert Care started a forensic investigation into the incident. Also, it is updating its technology and policies to prevent future attacks.

“Desert Care is taking steps to mitigate any data disclosure and to prevent any future incidents. The ransomware attack was reported to the authorities and we fully intend to cooperate with any investigations. In addition, we are conducting our own forensic investigation into the attack. We are also updating our technology and policies to prevent future incidents. “

Facility has advised the patients to make effort for protection which includes-

Consumers should register a fraud alert with one of three credit bureaus

Monitor all account statements, and contact the Consumer Protection Division of the Arizona Attorney’s General Office or the Federal Trade Commission’s Fraud Victim Assistance Department for assistance.

____________________________________________________________________________________________

Alertsec helps you comply with HIPAA, PCI and SOX requirements.

Data breach at New Hampshire Hospital

January 2nd, 2017

New Hampshire Hospital recently suffered data breach when a patient reportedly hacked into the New Hampshire Department Of Health And Human Services (DHHS). PHI was posted online which affected 15,000 individuals.

DHHS came to know about the incident on November 4, 2016. Facilities internal files were posted on social media site. The list of DHHS clients are those who received services from DHHS prior to November 2015. Affected information includes names, addresses, Social Security numbers, and Medicaid identification numbers.

According to the reports, the person who accessed the information was patient at the facility. individual used a computer available for patient use in the hospital library. The individual was “observed by a staff member to have accessed non-confidential DHHS information on a personal computer located in the New Hampshire Hospital library.”

“The staff member notified a supervisor, who took steps to restrict access to the library computers. This incident, however, was not reported to management at New Hampshire Hospital or DHHS. In August 2016, a security official at New Hampshire Hospital informed DHHS that the same individual may have posted on social media some DHHS information. That was immediately reported to the Department of Information Technology, the State Police and other state officials.”

Facility believes that PHI was not misused. Also, credit card or banking information was not accessed. DHHS said that affected individuals are encouraged to monitor their credit and banking statements. They are told that they “can protect themselves from incidents of identity theft or fraud by reviewing their account statements and monitoring their credit.”

“Safeguarding the personal, financial and medical information of DHHS clients is one of this Department’s highest priorities,” DHHS stated. “DHHS will continue to work with state agency partners to make every effort to ensure that the Department’s data remains secure.”

Facility mentioned that they can report any suspicion of identity theft or fraud to local law enforcement Individuals and or the Consumer Protection Bureau at the New Hampshire Department of Justice.

“DHHS is making available a toll-free telephone number that affected individuals may call with questions about this incident.”

____________________________________________________________________________________________

Alertsec helps you comply with HIPAA, PCI and SOX requirements. The implemented encryption is powered by CheckPoint and has the highest security certifications: FIPS 140-2, Common Criteria EAL4 and BITS.

Ransomware attack

December 30th, 2016

Summit Reinsurance Services recently suffered a potential cyber security threat. The incident may have affected thousands of current and former Black Hawk College employees. Summit works as reinsurance carrier for the Health Alliance, a third-party health insurance administrator for the college.

As per the website, “Summit Reinsurance provides a full-service managing general underwriter and reinsurance intermediary broker who focuses exclusively on managed care.”

Summit Re site also mentioned that it closely works with clients to completely understand risk profile. It also considers clients’ strategic vision and unique reinsurance needs. It believes that the traditional solutions don’t always provide the best experience. Customized solutions are needed considering clients’ requirements. It also provides medical management services to offer cost savings options.

After the attack, Summit informed Black Hawk. According to the reports, ransomware had infected a server containing information which includes names, Social Security numbers, health insurance information, and claim-focused medical records of current and former employees and their dependents.

As per the third-party forensic investigator, the incident occurred on March 12. Summit believes that there is no evidence for any personal information misuse. The investigation is currently ongoing. Also, potentially affected individuals are notified. They are informed about the steps which needs to be taken to improve security. Free access to one year of credit monitoring is provided.

Facility has set up call center to answer all the queries. Summit Reinsurance also suffered data breach earlier this month. That incident affected a server holding information including Social Security numbers and health insurance information.

“We are pleased that Summit Reinsurance Services is moving aggressively and taking the appropriate steps to notify the affected individuals and to minimize the impact this incident may have on them,” said Dr. Bettie Truitt, president of Black Hawk College.

 ___________________________________________________________________________________

Alertsec is powered by Check Point Endpoint Security products, which are positioned in the leaders quadrant in Gartner’s Magic Quadrant for Mobile Data Protection.

Data breach investigation and deadlines

December 29th, 2016

Balabit survey recently conducted a survey of more than 100 IT companies and security professionals. It has following observations:

Seventy-five percent fix time limit for investigation of potential data security incidents

Forty-four percent said that they missed internal or external deadlines of data breach investigation or reporting

Seven percent of respondents mentioned that they faced serious consequences due to missed deadline

“The Balabit survey identified that the primary reason for not being able to investigate data breaches in time is that organizations still do not understand their own data,” Balabit product manager Peter Gyongyosi said in a statement. “It is difficult for them to extract the necessary information from unstructured data with their existing tools and they lack the contextual information that would help transform this data into valuable, actionable information.”

Survey also found out that thirty percent need not report to external authorities about the progress

Seventy percent are required to report to external authorities but only twenty-five percent has set time limit

“Data and information are two different things entirely,” Prevalent director of product management Jeff Hill said. “The former is easy to collect; extracting the latter from it is much easier said than done.”

“The results of the Balabit survey are likely to surprise few in the cyber security community,” Hill added. “Investigating breaches is tedious, requires specific expertise, is increasingly difficult as attack vectors become more sophisticated, and is usually undertaken in a highly stressful and pressure-filled environment. Current techniques often require the painstaking parsing of millions of logs and identifying subtle changes in behavior.”

“CEOs are underestimating their companies’ cyber vulnerabilities,” RedSeal chairman and CEO Ray Rothrock said in a statement. “Their confidence does not square with what we observe. Cyber attacks are up and financial losses associated with these attacks are increasing dramatically.”

 ___________________________________________________________________________________

Alertsecs cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers.

Stolen PHI leads to data breach

December 27th, 2016

Oak Cliff Orthopaedic Associates recently announced a data breach due to theft involving PHI records. Apparently, the records from the years 2006 to 2007 were affected. The Lewisville Police Department has now located the records and returned it to the facility.

Affected information included patients’ names, addresses, and office medical records. Facility mentioned that in some cases, Social Security number, credit card number, or banking information was involved.

According to the statement, the records went missing from an off-site storage. The police department later recovered the records and other stolen materials from a hotel room. Facility has removed all items out of this storage unit after the incident. It has also notified banks of potential fraudulent activity.

Oak Cliff begun an investigation. It hired legal team to determine the extent of the unauthorized access. Legal team mentioned that there is no evidence of data misuse.

Oak Cliff has sent letters to the affected individuals mentioning the details of the incident. It is offering one year of free identity protection and restoration services. Individuals are also advised to take steps to safeguard their information in the future. As per the OCR data breach reporting tool, incident affected 1,057 individuals.

According to the statement, “Oak Cliff Orthopaedic Associates understands the importance of safeguarding their patients’ personal information and takes that responsibility very seriously. The office regrets that this incident has occurred, and is committed to prevent future such occurrences “

Oak Cliff had asked individuals to call a dedicated assistance line for any additional information. Also, steps to better protect against identity theft is provided through a helpline.

For Identity Protection, Oak Cliff Orthopaedic Associates asks potentially impacted individuals to enroll in the complimentary identity protection and restoration services. Also, it asked impacted patients review their account statements for any suspicious activity.

____________________________________________________________________________________________

Alertsec helps you comply with HIPAA, PCI and SOX requirements. The implemented encryption is powered by CheckPoint and has the highest security certifications: FIPS 140-2, Common Criteria EAL4 and BITS.

One billion Yahoo accounts exposed

December 21st, 2016

Yahoo recently announced that the data breach exposed data associated with more than one million user accounts. It later said that the breach involves around 500 million user accounts. Affected information includes names, email addresses, phone numbers, birthdates, hashed passwords and security questions and answers.

Data Breach Incident

As per the Yahoo statement, ”The company has not been able to identify the intrusion associated with this theft.”

Yahoo has advised users to change their passwords. Also, security questions and answers need to be changed.

“Separately, Yahoo previously disclosed that its outside forensic experts were investigating the creation of forged cookies that could allow an intruder to access users’ accounts without a password,” the company stated. “Based on the ongoing investigation, the company believes an unauthorized third party accessed the company’s proprietary code to learn how to forge cookies.”

Yahoo mentioned that there is involvement of certain state-sponsored actor.

“Considering the insufficient security measures that were previously reported to be implemented by the last investigation of 500 million stolen accounts, it’s clear that the defense strategy Yahoo used was not keeping up with the times,” Nathan Wenzler, principal security architect at AsTech Consulting said. He also added that large organization is not always secure.

“Users should always be vigilant and change their credentials on a regular basis, even when used on the websites of very well established and reputable companies,” he said.

“Organizations of all sizes should be taking note of these breaches and use this as a good opportunity to review their own security posture to ensure that outdated and weak security measures aren’t being used,” Wenzler added. “Something like the MD5 hashing that Yahoo was using to protect account information hasn’t been considered a viable security protocol in several years, and is easily cracked.”

“At this time anyone who touched Yahoo needs to do some serious housekeeping on all their systems, all of their passwords and all of their accounts to make sure there is no cross contamination.” Acalvio chief security architect Chris Roberts mentioned in the email.

____________________________________________________________________________________________

Alertsec Endpoint Encrypt is the full disk encryption service that also delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Ransomware attack

December 18th, 2016

Dr. Melissa D. Selke based in New Jersey recently announced a data breach. Facility website posted a data breach notification letter. The incident may have affected several thousand patients.

Selke found out that her system had been infected with a virus that prohibited access to patient files. The system was restored immediately. After investigation, the possibility of ransomware attack was analyzed. An unauthorized third party introduced the virus onto her system.

Melissa D. Selke, MD, has practiced privately in the area of Hillsborough and Somerset, New Jersey.  Her total experience of the practice is 15 years. She is board certified in Family Medicine.

Dr. Selke has following education qualification –

BA in behavioral biology with honors at the Johns Hopkins University in Baltimore, Maryland

MD at Baylor College of Medicine in Houston, Texas. After graduating

Residency in Family Medicine at Spartanburg Regional Medical Center in Spartanburg, South Carolina.

Affected information in this incident includes patients’ names, addresses, phone numbers, Social Security numbers, treatment and diagnosis information, driver’s license information, health insurance information, treating physician information, medical record number, and treatment date(s).

Dr. Melissa mentioned in her letter that the third-party “viewed or took patient information stored on the server.”

“We take this incident, and patient privacy, very seriously,” Selke said in a statement. “We are taking steps to help prevent another incident of this kind from happening, and continue to review our processes, policies, and procedures that address data privacy.”

As per the OCR data breach reporting tool, incident has affected approximately 4,200 individuals.

While no protection services were offered, Selke encouraged affected individuals “to remain vigilant against incidents of identity theft and fraud.” Individuals should regularly review their financial account statements, credit reports, and explanations of benefits for suspicious activity, the notification letter said.

____________________________________________________________________________________________

Alertsec helps you comply with HIPAA, PCI and SOX requirements. The implemented encryption is powered by CheckPoint and has the highest security certifications: FIPS 140-2, Common Criteria EAL4 and BITS.