Notification letter sent to 3,026 clients of Easter Seal Society

February 13th, 2014


Easter Seal Society employee’s work laptop was stolen which caused data breach of its clients. Nearly 3,026 clients were affected and same were notified about the incident. Theft incident resulted in data breach because of stolen employee’s laptop along with few other belongings.

The Easter Seal Society of Superior California released a report mentioning that there was some grouping of date of birth, health care provider information, patient identification number, health care billing information and therapy notes. So data compromised didn’t consist of same information for all the clients. Easter Seal Society of Superior California president and CEO Gary T. Kasai mentioned in the notification letter, “Upon learning of this incident, Easter Seals immediately launched an internal investigation, hired specialized data security counsel to assist in the response to this incident, and retained external forensics experts to assist in determining the scope of this event.”

“Following this incident we undertook a review of our internal policies and procedures related to protected health information, as well as the enforcement of our employees’ adherence to these policies and procedures,” Kasai added in the statement. “All necessary steps are being taken to ensure that this type of event does not occur again in the future.”

Easter Seal doesn’t believe any sort of fraudulent activity has occurred till now. Its press release added ‘Easter Seals also encourages all concerned individuals to remain vigilant, to review account statements, and to monitor credit reports for suspicious activity.’ But it failed to indicate whether the laptop was encrypted or even password-protected.

Easter seal is not a healthcare provider but an organization dedicated to services and education for those with disabilities. It is likely considered a HIPAA business associate.

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec strengthens security

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Enhanced by Zemanta