disk encryption

Medical records found in dumpster

August 7th, 2015

Personal documents including medical records were found in a dumpster in Taylorsville, Utah. The incident may cause potential data breach. According to the reports, the records appear to have come from Positive Adjustments, an out-of-business drug and alcohol rehabilitation clinic.

Dr. Scott Cold, DDS, mentioned that his contractor found the documents in a dumpster being used for construction waste.

“These documents for these records were complete with patients names, addresses, phone numbers, dates of birth, Social Security numbers, court documents, treatment documents, all dumped in my dumpster illegally,” Cold said.

As per the other tenants in the building where Positive Adjustments was located, the clinic has been empty for about six months. Cold notified police after finding the documents, but law enforcement said that it would be difficult to pursue charges beyond illegal dumping.

It is essential that PHI security remain a top priority even when a facility changes location. While a specific disposal method is not outlined in the HIPAA Privacy and Security Rules, putting PHI – in any form – in easily accessible areas is not acceptable.

“Covered entities must review their own circumstances to determine what steps are reasonable to safeguard PHI through disposal, and develop and implement policies and procedures to carry out those steps,” according to HHS. “In determining what is reasonable, covered entities should assess potential risks to patient privacy, as well as consider such issues as the form, type, and amount of PHI to be disposed.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Prima Care suffers data breach

August 3rd, 2015

Prima CARE, P.C. recovered a binder containing personal information from the bushes in a parking lot on May 25, 2015. The document contained information of 1,651 patients. Potentially breached information includes names, addresses, phone numbers, dates of birth, medical record numbers, hospital account numbers, insurance numbers, treatment date and certain clinical information. Patients who received care from Prima healthcare providers between 2007 and 2012 were affected.

“The binders were promptly returned after being discovered and are now safely in Prima CARE’s possession,” the statement read. “An investigation determined that the binders were created by a former Prima CARE employee who used the information to track work performance, but had failed to appropriately file or discard the documents following their use.”

Prima mentioned that the improper disposal was done without its knowledge or consent, and was in violation of its practices.

“We take the privacy and security of our patients’ information seriously and have taken steps to mitigate the potential for any harm to result from this incident and to prevent a similar event from occurring in the future,” Prima explained.

According to the statement, Prima Care will review its policies and procedures. It will also review its employee training programs to ensure that a similar incident does not happen again.

“We understand the concerns of patients involved in this incident,” Orlando Health reportedly said in its letter. “The privacy and security of our patients’ health information is a top priority for us. We conducted a thorough investigation of the incident and found no evidence of malice or intent.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

 

UC San Francisco suffers data breach due to stolen laptop

July 5th, 2015

UC San Francisco is alerting the individuals about the burglary which led to potential breach. Unencrypted laptop which belonged to a faculty member in the Cardiac Electrophysiology & Arrhythmia Service was stolen. UC San Francisco mentioned that it contained some sensitive information of about 435 patients.

After the theft, UCSF promptly began an extensive technical analysis to identify what information was on the laptop. The analysis revealed that the computers contained some personal, research and health information.

The affected information includes names, dates of birth, medical record numbers, and health insurance ID numbers. However, Social Security numbers were not included. The computer was taken from the employee’s office. UCSF police and UCSF officials were immediately notified after the incident.

“UCSF deeply regrets any inconvenience this incident may cause,” UCSF said in the statement. “The university is committed to maintaining the privacy of personal, research and health information, and has taken additional steps to secure that information, including strengthening administrative, technical and physical processes for information security.”

As per the UCSF statement, there is no evidence of attempted access or misuse of the information on the laptop. Individuals who are potentially affected are being notified and the California Department of Public Health has also been alerted.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

UCSF Medical Center and Sutro Tower behind it....

UC San Francisco suffers data breach due to stolen laptop 

Routine audit reveals data breach

June 25th, 2015

A Maryland medical center discovered that a PHI data breach had taken place, affecting approximately 1,000 patients during routine audit. Affected information includes patient names and demographic information, such as dates of birth, ages, gender, medical record numbers and health insurance information in a few cases. Clinical information, such as treatment and/or diagnosis information, may also have been included.

According to the reports, Meritus Health was running routine compliance and self-audit efforts. It found out that an employee at one of the company’s vendors may have accessed patient information outside of normal job functions.

The company added that few patients may have had their Social Security number accessed but believes that financial information, such as credit card or bank account numbers, was not affected.

“We deeply regret any concern this may cause you,” Meritus said. “To help prevent something like this from happening again, we are working to further strengthen controls related to vendor access to patient information and we are enhancing our existing system monitoring capabilities with regard to vendor access.”

Meritus Health spokeswoman Mary Rizk mentioned that there is no evidence of information misuse.

“The letters were prepared and sent as quickly as possible; as soon as the incident was discovered by our security/privacy audit and a thorough investigation conducted to determine any individuals who may have been affected,” Rizk said. “As soon as the investigation was complete, and the names of potentially affected individuals determined, the letters were prepared and sent.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

 

 

Phishing Attack Top Data Security Motivator – HIMSS Survey

June 23rd, 2015

The key findings after interviewing 297 healthcare leaders and information security officers across the industry of the survey are –

  • Two-thirds of respondents experienced a significant security incident in this year
  • Healthcare organizations also reported using an average of eleven different technologies to secure their environments
  • More than half said that their facilities have hired a full-time professional to manage the information security functions.
  • Eighty Seven percent reported that their information security had increased as a business priority at their organizations over the past year.
  • Many believes that current security tools will not be sufficient to protect the industry against the types of security threats their organizations expect to face in the future

“The recent breaches in the healthcare industry have been a wake-up call that patient and other data are valuable targets and healthcare organizations need a laser focus on cyber security threats,” HIMSS Vice President of Technology Solutions Lisa Gallagher said in a statement. “Healthcare organizations need to rapidly adjust their strategies to defend against cyber-attacks. This means implementing threat data, incorporating new tools and sophisticated analysis into their security process.”

Other finding included –

  • 87 percent of those surveyed said antivirus/malware tools have been implemented to secure their healthcare organizations’ information security environment
  • 80 percent reported using network monitoring to detect and investigate information security incidents
  • 64 percent said that a lack of appropriate cyber security personnel is a barrier to mitigating cyber security events
  • Internal security teams identify more than 50 percent of information security threats

“Indeed, respondents were widely likely to indicate that more innovative and advanced tools are required to secure their environments in the future,” HIMSS stated. “Furthermore, they indicated that healthcare organizations must operate from a perspective which presumes their organization’s perimeter has already been breached.”

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

 

Heart Group suffers computer breach

June 2nd, 2015

 

New York’s Buffalo Heart Group, LLP suffered data breach which potentially affected 500 to 600 patients. The exposed information includes patient names, dates of birth, addresses, telephone numbers, e-superbills, and appointment schedules. However, Social Security numbers, health information and financial information were not included.

“The recently completed internal investigation indicated insider wrongdoing resulted in the access of certain health information by unnamed third parties operating under the direction of a physician then associated with the medical practice and used by the physician to solicit patients in connection with the physician’s new employment,” according to a statement by the law firm Hurwitz-Fine that was published by WKBW Buffalo.

According to the statement:

The medical practice is working with the NYS Department of Health, Office of Professional Medical Conduct, on the matter, but emphasized that the computer system is secure, there has been no unauthorized access since June, 2014 and that it is unlikely that any precautionary or preventative measures are required to be taken by affected individuals.

Buffalo Heart Group has begun sending patient notification letters this week to affected individuals and has notified the federal Department of Health & Human Services.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

 

Document goes missing in Florida

May 6th, 2015

The Florida Department of Health allegedly suffered a data breach affecting five patients when sensitive document was stolen from the car. A department employee had documents in his car, which was broken into on March 31. According to the news source, the papers were in a secured briefcase.

One of the affected patient, Chris Kibodeaux claims that he was not notified until May 7. He said that his name, Social Security number, address, phone number and diagnosis were included in the stolen documents.

“Someone could’ve definitely had enough time to do what they were going to do, and if there is damage it’s already been done,” Kibodeaux said. “I’m going to have to pull my credit report and I’m going to have to try to figure out if someone has done something with my name.”

Chris does not want personal information of HIV Positive status in someone else’s hands.

“HIV is still a stigma,” said Kibodeaux. “It’s different me telling my status because it’s my personal tellings, but for someone to have that in the open, it’s not right.”

The facility mentioned that it is still in the process of notifying all affected patients, and that it will offer identity protection services to those individuals.

According to the reports, the letter Kibodeaux received said the employee was put on administrative leave while the incident is investigated, but the Department of Health said they could not comment on personnel issues.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Email Phishing scam leads to data breach

April 20th, 2015

St. Vincent Medical Group, Inc. suffered data breach when approximately 760 patients’ PHI got exposed. Employee’s username and password was compromised because of an email phishing scam which resulted in to the incident. St. Vincent learned about the data breach on Dec. 3, 2014, and said that it “immediately shut down the username and password of the impacted account and launched an investigation into the matter.”

The affected information includes patient names, demographic information such as dates of birth and phone numbers, account numbers, and Social Security numbers in a few cases. Limited clinical information related to services patients received was also included.

“The investigation has required electronic and manual review of affected emails to determine the scope of the incident,” As per the statement.

As per the St.Vincent individual medical records and billing records were not accessed.

“St.Vincent Medical Group sincerely apologizes for any inconvenience this unfortunate incident may cause and assures all of its patients that the faith-based organization is taking appropriate measures to avoid an incident of this nature happening in the future,” the facility said.

St. Vincent mentioned that complimentary identity monitoring and protection services will be offered to patients whose Social Security number was exposed. It will also be providing further employee education on how to avoid phishing scams.

This is not the first time St.Vincent suffered data breach. Earlier, St. Vincent Breast Center mistakenly sent letters with patient information to the wrong addresses.

As per the previous statement:

“Please be assured that the Center is taking steps to mitigate this incident by notifying affected individuals through this substitute notice, media notice, and destroying all letters that have been returned,” St. Vincent said on its website. “The Center is also evaluating and making changes to its patient mailing processes internally and with external vendors to avoid an incident of this nature in the future.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Healthcare Data Breaches and Patients

March 23rd, 2015

Healthcare breaches affect hospitals and patients alike, says survey by TransUnion. The organization can face huge penalties from the Department of Health and Human Services (HHS) due to data breach. The lost personal information takes time to recover and leads to loss of trust.

According to the recent survey, healthcare data breaches can also push patients away from the affected organization. TransUnion conducted an online survey of around 1200 US adults who received medical care.

“The hours and days immediately following a data breach are crucial for consumers’ perceptions of a healthcare provider,” TransUnion Healthcare President Gerry McCarthy said in a statement. “With the right tools, hospitals and providers can quickly notify consumers of a breach, and change consumer sentiments toward their brand.”

According to the survey-

  • Sixty-five percent of surveyed adults said that they would avoid providers that experience a healthcare data breach
  • Forty-six percent of those surveyed said they expect a notification within one day of the breach
  • Thirty-one percent said that they expect to receive a response or notification within one to three days
  • Seventy-three percent of patients ages 18 to 34 said they were likely to switch healthcare providers after a data breach

“Older consumers may have long-standing loyalties to their current doctors, making them less likely to seek a new health care provider following a data breach,” McCarthy said. “However, younger patients are far more likely to at least consider moving to a new provider if there is a data breach. With more than 80 million millennials recently entering the healthcare market, providers that are not armed with the proper tools to protect and recover from data breaches run the risk of losing potentially long-term customers.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Sacred Heart Health Systems suffers billing data breach

March 19th, 2015

Florida facility of Sacred Heart Health Systems suffered data breach when its third party vendor experienced email hack. The affected information includes patient names, dates of service, dates of birth, diagnoses and procedures, billing account numbers, total charges, and physician names. Along with above information, 40 patients’ Social Security numbers were also compromised.

“Upon notice of the incident, Sacred Heart, in cooperation with our billing vendor, immediately launched a thorough investigation into the matter,” according to the company statement. “Sacred Heart engaged computer forensics experts who were able to conduct an analysis of what information was included in the affected e-mail account.”

According to the reports, third party billing vendor employee’s e-mail username and password were compromised because of this incident. The Facility is trying to solve the loopholes in the email system to avoid such incidents in the future. It is working with email service provider to evaluate how to enhance its “already robust security program.”

According to the statement, Sacred Heart said that it will offer complimentary identity monitoring and protection services for patients whose Social Security number was affected. As soon as the incident came to notice, the access of employee username and password were immediately shut down.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.