Experian

Missing encrypted devices leads to data breach

March 17th, 2015

Home health and hospice company Amedisys suffered data breach when its encrypted devices which consisted of computers and laptops went missing. Amedisys failed to find near about 142 devices. The incident came to notice when risk management process was conducted. The devices were assigned to Amedisys clinicians and other team members who left the company between 2011 and 2014.

The compromised information includes names, addresses, Social Security numbers, dates of birth, insurance ID numbers, medical records and other personally identifiable data.

“The confidentiality and security of patient information has been and will remain a top priority for Amedisys,” Chief Compliance Officer at Amedisys Chief Compliance Officer Jeffrey Jeter explained. “We have worked actively with leading risk management and technology experts to inventory and assess devices that may contain personal or health information and ensure the integrity of our information security systems.”

Amedisys explained the situation on its website statement.

“All of the computers were encrypted, and the vast majority of them were used by licensed Amedisys clinicians to provide care for patients in their homes,” Amedisys stated, adding that it has not been able to rule out “unauthorized access to patient data.”

According to the statement:

We have received no reports of any hacking, fraud, or identity theft. However, as required by law and out of an abundance of caution for our patients, we are providing notice to all patients whose information was on devices because we cannot rule out unauthorized access to patient data on the devices.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Information Technology, PHI security and Access to records

February 26th, 2015

In today’s demanding world, it is important to provide speedy access to clinician, staffs etc. to treat their patients. But Protected Health Information (PHI) security should also remain top most priority. The data breach not only puts patients at risk but also tarnishes the image of the institution. It’s better to follow below guidelines:

  • Protection of clinician workstations using  IT security measures
  • Restricting unauthorized access to PHI
  • Follow real world examples of most secured facilities
  • Use encryption software like Alertsec to protect your devices
  • Avoiding the pitfalls of online access
  • Recognizing malware by installing genuine anti virus
  • Preventing and responding to identity theft
  • Recovering from computer viruses
  • Understanding your computer and their use like email accounts, sharing, chats etc for sensitive information
  • Using secure connections
  • Use of desktop firewalls
  • Backing up data and refreshing affected systems
  • Work with people to understand importance of security
  • Thinking like an attacker and implementing security measures
  • Be wary of how much authority you give to a consultant
  • Record as much activity you can
  • Destroy discarded documents efficiently
  • Destroy and recycle electronics correctly

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

1,100 patients of St. Vincent Hospital notified about laptop theft

February 15th, 2014

St. Vincent Hospital notifies 1,100 patients of laptop theft. Letters were sent out for same. Laptop was used with an EEG machine went missing leading to potential data breach. Laptop was password protected which was connected to an EEG machine (for recording electrical activity in the brain) used for diagnostic testing was detached and stolen. Police was notified immediately after the incident. It is considered by the hospital that laptop was not stolen for the information it contained and thus there may be low risk involved in the data breach.

ST. Vincent spokesperson said that laptop was taken from euro diagnostic department of the main St. Vincent Hospital campus in Indianapolis, a unit where doctors, patients and family members of patients can usually be found.

In a statement issued by the hospital, it mentioned that laptop contained patients’ protected health information (PHI) which includes name, date of birth, gender, date of service, type of service and physician name. This diagnostic testing device didn’t contain information related to the social security numbers or financial data. Affected patients of this stolen incident were advised to request free credit reports from Experian, Equifax, or TransUnion. It is advised to the patients to get the report check for any breach.

According to the spokesperson, “St. Vincent is taking precautionary steps to avoid future incidents, and is evaluating its medical devices, and installing encryption protection software as appropriate. Also, the hospital is working to enhance its physical security measures.”

Alertsec strengthens security

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Enhanced by Zemanta

Records stolen from CaroMont employee’s car

January 21st, 2014

CaroMont Regional Medical Center’s census report paper records for 191 patients were stolen from an employee’s car in Dallas. The information was reportedly stolen from the   employee’s car during a stoppage on the way to the office. Employee notified Dallas Police Department about the theft.

Employees have been known to take patient information out but certain steps are required to be followed to protect the information according to CaroMont spokeswoman Dallas Paddon.

Patient names, dates of birth, medical record number, and the reason for the hospital visits were the information present on the report. The census report was single printed document. CaraMount notified the affected patients. They are advised to monitor their credit and contact Experian, Trans Union, and Equifax because of possible financial information misuse. CaraMount didn’t mention the reason behind it.

Donnetta Horseman, CaroMont’s corporate responsibility officer, issued a statement about the theft Wednesday, “Upon learning of the unauthorized disclosure, we conducted a thorough investigation with the staff person and appropriate disciplinary actions were taken.”

The staff member has been disciplined and staff is being reeducated on patient information disclosure and CaroMont’s Notice of Privacy Practices as per CaraMount. But it was not made clear why the employee had the report in his or her car.

Previous year information from 1,310 patients with CaroMont Medical Group was sent through an unsecured email.  Email included information names, addresses, phone numbers, dates of birth, dates of service, medical record number, diagnonses, medication, and insurance company names, as well as two patients’ Medicare numbers.

Around 80% of information theft is due to lost or stolen laptops and other storage equipment. With the critical information at stake, many companies also use encrypted laptops/computers for storing records which is also stored in binder. With the misplaced or stolen laptops same as paper record can cause serious security concerns. To secure records or computers related stringent procedures should be followed.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta