Log in

Posts Tagged ‘data’

News Update About Data Loss in Healthcare

February 27th, 2011

Image via Wikipedia

Ever since the usage of electronic records has increased, the vulnerability of data has become higher.

Kaufman, Rossin & Co. has released a report which shows the compromise of personal information of 4.9 million patients. The health information was compromised as a result of 166 data breaches that happened in the 1^st year of the implementation of HITECH act which is the Health Information Technology for Economic and Clinical Health (HITECH) Act

The act was implemented about a couple of years ago in February 2009. The idea was simple: Promote the usage, implementation of information technology in health sector. Not only that, it also calls for stricter rules/financial penalties for any breach incidents related to privacy.

The greatest source of the breach according to the study is laptops. Laptops were found out in 43 incidents and created an impact on more than 1.5 million individuals. The breach incidents happened occurred between Sept. 21, 2009 and Sept. 21 2010. In the first year, the breach incidents were publicly reported to the Secretary of the Department of Health and Human Services

Jorge Rey who is co-author and director of information security and compliance with Kaufman, Rossin said, “There are so many various ways for data to be breached in this day and age and many businesses are not properly prepared or are completely unaware of just how vulnerable this information is”. “The HITECH Act is changing the way PHI must be protected and those companies that are not serious about protecting their patients’ information find themselves facing serious reputation, legal and financial repercussions.”

Here are some of the other findings of the study:

Business associates, over 20% of them were affected by the data breach incidents
As far as individuals are concerned, around 3.12 million were impacted
32 percent of breaches were reported within the first three months
Needless to say, the data breach was caused by “Theft” incidents with these happening about 58% of the time.
It was only in 14% of the cases that theft was caused by loss and similar percentage accounted for misc. incidents.

The biggest learning from this report is the variety of formats in which the breach incidents can happen. Examples of such incidents are somebody sending confidential medical information to the wrong destination or the information being hacked by someone.

Secure your Data with Alertsec

Following the essential guidelines is very necessary for data security in any organization. This news exemplifies the need for data protection applications. In an incident which highlights the need of Data encryption software and recovery software, the threat could have simply been reduced to an insurance matter by a mere investment of $13/month. The information would have been secure with no loss what so ever. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial.

UK Government Bodies Are More Vulnerable To Data Breaches (enterprisedrm.info)
EU study frowns over data breach notification rules (go.theregister.com)

No comments »

Posted in Data Protection, data breach

Tags: data data breach data security Health Insurance Portability and Accountability Act information security Information Technology Personally identifiable information security

Fine Gael website has been Hacked and Personal Data of 2,000 Supporters were Breached

January 18th, 2011

When you are talking about data in IT organizations hacking attacks will continue to thrive. Again in any professional organization, the tendency of such kinds of attacks happening in real-time is very common. Through the medium of this blog, we’ve been highlighting several breach incidents which present strong warnings for organizations to enhance their mechanisms for the protection against data loss incidents. One such way of ensuring the data security is through the use of data encryption software.

Today we are going to talk about Fine Gael, a political party portal and how it became the latest victim of data breach incident.

Fine Gael website Hacked by an “Anonymous” Group

Fine Gael party leader Enda Kenny

As we mentioned above, Fine Gael is the new website of an Irish political party. It has been hacked by “Anonymous”, an online hacking group. The website was launched last week and the reason of launching was to invite members of the public to share their views on policy and the future of Ireland.

Fine Gael has been formed in 1933 and considered as the moderate political party. On Tuesday Party replaced its old website finegael.ie with the new website finegael2011.com. This site has been hosted by the American internet firm ElectionMall Technologies which is a US firm.

Personal Data of Around 2000 Supporters were Revealed

So how does it feel to be among those whose data is revealed? Exactly this is what happened to the supporters of Fine Gael. The hacking incident had an impact on the personal data of around 2000 supporters. Irish Central reported that the number of affected is believed to increase to 4,000. This attack took place on Sunday and immediately after the attack website was forced offline. The hacker was forwarded the personal details file to media organizations. This file was containing the IP addresses, phone numbers and e-mail addresses of approximate 2000 people.

Why the New Hosted Website was Hacked

According to the attackers, the site was hacked because comments submitted to the site by users were being censored and forwarded around 2,000 members’ details with the claim that the party was censoring comments from the public. Hackers posted a message on the Fine Gael website after removing the message posted by them. The posted message was “Nothing is safe, you put your faith in this political party and they take no measures to protect you. They offer you free speech yet they censor your voice. Wake up!”

A spokesperson for Fine Gael said the attack was “assumed to be by Anonymous”, but “the link is yet to be proven”.

This online “Anonymous” Group is best known for its attack on websites and has been also tried to bring down several payment sites including Mastercard.com and Visa recently to block the payments to Wikileaks.

Action Taken By the Party

As a follow-up activity, party has informed the people, whose data has been compromised by an email about the breach. Also warned them that the hacked data was included their personal details like names, email addresses, constituency details and phone numbers. Fine Gael contacted to the data protection commissioner “Billy Hawkes” who is investigating this case and also contacted the Garda Computer Crime Unit in relation to the attack. The FBI has also involved in this case after ElectionMall contacted the US police.

According to Hawkes, party suspects that the personal data of those who posted comments or registered their details has been compromised. In a statement party said the website will be offline “while we follow-up with the appropriate authorities to resolve the matter.”

How Alertsec Xpress Would Have Helped

In an incident which highlights the need of a data security and recovery software, the threat could have simply been reduced to an insurance matter by a mere investment of $13/month. The information would have been secure with no loss what so ever. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial.

Fine Gael website targeted by Anonymous hackers (guardian.co.uk)
Irish site ‘hacked by activists’ (bbc.co.uk)
FG site hacked in seconds – default passwords unchanged. Hacked for not buying Irish. (politics.ie)
Fine Gael’s new website appears to have been hacked (politics.ie)
Fine Gael’s website hacked (sociable.co)

1 comment »

Posted in Hackers, Uncategorized, data breach

Tags: alertsec AlertSec Xpress data data breach Data Breaches data security finegael Information Loss Ireland Political party security security breach United States Wikileaks

Privacy Breach at Vodafone, SMEs Need to be More Active

January 15th, 2011

: Vodafone Logo

Protection of its customer data must be the most important issue for any company and Vodafone is no exception. Ovum senior consultant Craig Skinner said, the Vodafone incident provides a critical lesson for the small and medium enterprises. This major issue can affect the whole company and also its brand image. According to the reports Vodafone was not properly handling its customer data and private information including billing information and was easily accessible to the outsiders.

Vodafone Terminated Unspecified Number of Employees

Vodafone has terminated some of its employees in New South Wales because the passwords and other personal data were accessible through an internal portal. It is still not clear that how many employees have been involved in this breach and what was the actual extent of their actions.

According to the reports these employees distributed passwords which were used for gaining access to an internal database and Vodafone had no idea about all this. This incident took place when some staff of Vodafone disclosed the passwords that allowed access into a secure portal. That portal contained some private information like billing details, credit card details and some other sensitive information.

Password of the company database was shared by internal person

Vodafone chief executive Nigel Dews, confirmed that probably the incident took place when someone shared the password of the company database.

Dews said in a statement “We take data security and the storage of our customers’ information extremely seriously; we are conducting a thorough investigation of the incident and of our own security systems and processes and have taken immediate action”.

A spokeswoman said “Vodafone will change those passwords every 24 hours until it finds the persons who are responsible for the breach” to keep a tighter grip on security.

But this is not the proper security measures taken by the Vodafone. Data encryption software and computer security software are more reliable than changing the password.

Businesses should not give access to sensitive data with single password

According to the Skinner all the business data must be separate from each other and employer must know which data can be accessed by which employee. This will be very helpful in finding out the responsible person when a breach occur and can start an investigation.

Skinner said in a statement, “I’m unsure of Vodafone’s operational requirements, but other businesses shouldn’t have a situation where you are able to share a singled password and then gain access to the full amount of information for every customer.”

According to Skinner, it’s important for every company to conduct a security audit. In the audit the board brings in professionals to look at the data within the business and how it is protected. Board also checks where they are lacking in protecting data and where it could be leaked.

Importance of Data Encryption Software

If companies do not have internal system checks and will not use data encryption software, they will miss such type of mistakes and cannot protect their customer’s data properly. This breach has initiated the security experts for small and medium businesses to review their security procedures and make sure that confidential data is properly protected.

How Alertsec Xpress Would Have Helped

In an incident which highlights the need of a data security and recovery software, the threat could have simply been reduced to an insurance matter by a mere investment of $13/month. The information would have been secure with no loss what so ever. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial.

Vodafone sacks staff over privacy breach (news.theage.com.au)
Vodafone sacks login leakers (go.theregister.com)
Vodafone probes its security (theage.com.au)
Vodafone Customer Database Breached (it.slashdot.org)

No comments »

Posted in Data Protection, data breach

Tags: alertsec AlertSec Xpress data data breach data encryption data security security Vodafone

Better Business: How Data Breaches can lead to Identity Theft

January 12th, 2011

: Image by Rosie O’Beirne via Flickr

Data breaches continue to plague businesses and there are likely thousands of data breaches that go undetected or unreported. People have been victimized by security breaches multiple times, for example, by their schools, local, state or federal government, financial institution or many other organizations. Sometimes organizations have had multiple breaches. Maximum reported breaches by organizations could not clearly state that how much data was accessed or stolen.

What Counts as a Data Breach?

A data breach is the release of secure information to untrusted environment weather intentionally or unintentionally. It is a security incident in which confidential or protected data is stolen, transmitted or used by an individual who is unauthorized to do so. An incident of data breach may involve financial information like personally identifiable information (PII), personal health information (PHI), credit card details or bank details. It may also include trade secrets of corporations or intellectual property.

Reported Data Breaches Every Year

Approximately 10 million people are the victims of identity theft every year. The Identity Theft Resource Center in 2010 recorded 662 data breaches in the United States, which was nearly 33 percent increase from 2009 and at least 498 data breaches reported in 2009, which was actually an improvement from 657 the year before. According to the lists maintained by private groups that track reports of breaches, from January 2005 through December 2006 more than 570 cases of data breach were reported.

Big Companies are also not Safe

Well established popular hospitals, government agencies and other organizations have also been the victims of data breaches. Recently some big companies like fast food giant McDonald’s and Japanese Automaker Honda also get affected by the data breach. So it’s not the case of how big a company is but how much it is aware about the data security software and encryption software. There are only 46 states and three territories, which have enacted data breach laws, since 2005.

Companies must be Proactive in Notifying Consumer

According to the state and federal laws, companies must be proactive in notifying consumers in the case of data breach. If you are a business owner or executive, you have a responsibility to minimize the damage from a data breach. As soon as you become aware of a potential data breach, seek assistance from an attorney or risk-consulting company. They can help identify what state or federal laws require you to do, including alerting consumers or government agencies. Most companies will set up a hotline for the consumers to address their concerns and questions.

Consumers can File a Fraud Alert

If consumers receive a notification about a breach that they don’t thoroughly understand, they can call the company. They can also call their financial institution and get their advice on what to do. Check their statements as soon as they receive them and notify the financial institution immediately if there are fraudulent charges. They can file a fraud alert with all three credit reporting agencies (Equifax, Experian and TransUnion). These financial institutions are required to flag their credit report for 90 days and notify them if someone tries to open a new account using their information.

It is a very big responsibility for the organizations to secure sensitive consumer information. Organizations need to do a much better job in the case of handling and storing the sensitive digital data. They will have to increase their awareness and reaction towards the data and security breaches. Securing personal data is a very difficult task and is must for the organizations to use encryption programs. This is the only secure way to safeguard the data.

How Alertsec Xpress Would Have Helped

In an incident which highlights the need of a data security and recovery software, the threat could have simply been reduced to an insurance matter by a mere investment of $13/month. The information would have been secure with no loss what so ever. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial.

Hackers, Insiders Behind Most Identity Theft (informationweek.com)
First fines for data act breaches (bbc.co.uk)
How to Avoid Credit Card Fraud and Identity Theft (applyforacreditcard.com)
How Much Hacking Is Going On? (brighthub.com)

No comments »

Posted in Identity and Information loss, data breach

Tags: alertsec AlertSec Xpress breach notification laws Computer security Crime data data breach Data Breaches data encryption data security Encryption identity theft Information Loss laptop security Social Security number Theft United States

Geisinger Discloses Potential Patient Data Breach 2900 Patients Affected

January 10th, 2011

Electronic Medical Record

Geisinger Wyoming Valley Medical Center

Shannon Konopinski is a resident of Hazleton resident who has contacted lawyers. Why? Since, she is worried about the possible public leakage of her personal health information and family on the internet and has contacted lawyers. Apparently, she is upset about a letter she had received which stated that a former physician sent her protected health information to his home e-mail in an unencrypted manner. Infact Shannon is not the only one and this is what exactly happened!!

Unencrypted Email Caused Data Breach

Geisinger Health System is a physician led health care system, dedicated to health care, education, research and service spanning 43 counties of 20,000 square miles and serving 2.6 million people. Geisinger became aware on 6th November last year, that a limited amount of protected health information had been emailed around 3rd November by a former Geisinger Wyoming Valley Medical Center gastroenterologist. He was emailing PHI from his Geisinger computer to his home computer in an unencrypted fashion. The physician had sent this information to his home computer to complete an analysis of his procedures.

Data Breach Affected 2,900 Geisinger Patients

Geisinger Health System acknowledged that approximately 2900 Patients were affected by this data breach had been disclosed on 27 December 2010 in an unauthorized manner in a press release. Affected patients were later on notified by a letter. According to a Geisinger press release, in the letters that went out to the affected patients, Geisinger notified patients that protected health information (PHI) was improperly disclosed when a former Geisinger Wyoming Valley Medical Center gastroenterologist emailed PHI to his home email account without first encrypting it.

Leaked Data didn’t Include Financial Information

Unencrypted information included patient names, Geisinger medical record numbers, procedures, indications and physician’s notes on the care provided. These are some of the most basic information that constitute PHI and requires safeguarding under HIPAA. It did not include telephone numbers, addresses, SSNs, patient account information and any other information that would lead to financial fraud. According to Geisinger the PHI did not include any financial information that would make the patients vulnerable to identity theft.

Geisigner Notified Patients under the HITECH Act

Geisigner had to notify the patients under the HITECH (Health IT for Economic and Clinical Health) Act which amended HIPAA, because the information was not protected with encryption software before being sent.

According to HIPAA, if electronic PHI is lost or stolen and it was not protected with encryption, full disclosure is to be made to the patients and to the HHS, which oversees and enforces the implementations under HITECH.

The doctor who caused the breach at Geisinger no longer works for the medical center but it is not specified whether he resigned or got fired, according to the reports. There are two main reasons behind these continuous data breaches: the first reason is heavy number of electronic data, the more data there is electronically, the more vulnerable it is to breaches. The second and the most important reason is the lack of awarenesses of computer encryption software, desktop encryption software, laptop encryption software and data encryption software.

How Alertsec Xpress Would Have Helped

In an incident which highlights the need of a data security and recovery software, the threat could have simply been reduced to an insurance matter by a mere investment of $13/month. The information would have been secure with no loss what so ever. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial.