Electronic medical record

Medical records found in residential driveway

May 15th, 2015

An Orlando facility suffered a data breach after medical records were found in a residential driveway. According to the reports, Florida resident John Henderson received a letter from Orlando facility informing that a list of patients and their information was found in a neighborhood driveway. Henderson also mentioned that his son’s information was on the found patient list.

The affected information includes patient names, medical record numbers, account numbers and even diagnoses. The notification letter added that Social Security numbers and insurance information were not included on the papers. Facility mentions that one of its employees reportedly took the patient list home by mistake, and it is believed that it fell out of the employee’s car

“It just don’t make sense, it don’t make sense,” Henderson told the news source. “And I can’t believe Orlando Health is this irresponsible.”

Orlando Health said that notification letters were sent to 68 patients “out of an abundance of caution,” and that it does not believe that any harm will come from the incident.

“We understand the concerns of patients involved in this incident,” Orlando Health said in its letter, according to the news reports. “The privacy and security of our patients’ health information is a top priority for us. We conducted a thorough investigation of the incident and found no evidence of malice or intent.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Maryland facility scam hit by Email Phishing scam

April 27th, 2015

Maryland-based St. Agnes Health Care, Inc. recently mentioned on its website that it suffered data breach when one of its employees was the victim of an email phishing scam. St. Agnes said that it sent data breach notification letters to approximately 25,000 patients. It included the warning as protected information was potentially exposed.

“We are taking the necessary and appropriate steps to prevent this type of incident from occurring in the future,” Saint Agnes Corporate Responsibility Officer Sharon McNamara said in a statement. “Specifically, we will continue to implement administrative, technical and physical safeguards against unauthorized access of protected health information.  In this instance, we reported the incident to our email service provider and are evaluating additional ways to enhance our already robust security program.”

The affected information includes patient names, dates of birth, genders, medical record numbers, insurance information, and limited clinical information. There were four cases where Social Security numbers were exposed.

“Through a fraudulent e-mail communication, sophisticated hackers gained access to protected health information contained in an employee e-mail account,” the statement read.

The statement failed to mention the date and time of breach incident.  Identity monitoring and protection services will be offered free of charge as appropriate for individuals whose social security number has been compromised by this incident.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Potential PHI exposure due to phishing scam

March 29th, 2015

Children National Health System (Children’s National) employees fell victim to phishing scam which led to potential PHI breach for some patients. According to the reports, hackers could have gained access to PHI from the employee’s email account. The affected information includes names, addresses, dates of birth, and telephone numbers. Moreover, clinical information such as diagnoses, treatment received, medical record numbers, medical service codes or health insurance information, were also potentially accessed. Few records also included Social Security Numbers.

“We reported the phishing attack to federal law enforcement and continue to work with them in their investigation,” the statement read. “Importantly, neither patient charts nor our electronic medical records system were compromised. Only the discrete information contained in the email accounts was potentially affected.”

After the incident, the company is training the employees to handle the suspicious emails. The facility has enhanced its existing technical safeguards and a review of systems is underway.

According to the statement:

We have no evidence that this information in the emails has been misused or even accessed. However, in an abundance of caution, we began sending letters to affected patients on February 24, 2015, and have established a dedicated call center to answer questions patients may have.

We recommend that affected patients regularly review the explanation of benefits statement that they receive from their health insurer. If you identify services listed on your explanation of benefits that you did not receive, please immediately contact your insurer.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.