Federal Bureau of Investigation

UPMC suffers second data breach

July 25th, 2015

Recent data breach in University of Pittsburgh Medical Center (UPMC) Health Plan affected 722 patients. This is the second health data breach at a UPMC facility in just under two months. The incident involved emailing of a data file with certain PHI to the incorrect address.

The affected information includes patient names, member ID numbers, dates of birth, phone numbers, name of the primary care physician’s office, and insurance plan types. Social Security numbers or information about medical histories were not disclosed.

UPMC Health Plan Director of Public Relations Gina Pferdehirt mentioned in an email response that “in context the breach is very minor,” but added that the healthcare organization

was taking the incident seriously.

The data breach occurred when  a former MML employee copied certain items of personal information from the billing system over the past two years and then illegally disclosed that information to a third party.

“MML takes this matter very seriously and terminated this employee after being informed of this criminal investigation,” according to a Medical Management statement. “MML is cooperating with federal law enforcement authorities in their criminal investigation.”

According to the statement:

“We apologize for any anxiety or inconvenience that this incident may cause our members,” Chief Compliance Officer of the UPMC Insurance Services Division William Gedman said in a statement. “Based on our ongoing investigation, we will make all changes necessary to further enhance our already stringent privacy protections. UPMC Health Plan is committed to doing our utmost to minimize the chance that this type of issue will occur again.”

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Howard University Hospital suffers data breach

July 18th, 2015

Howard University Hospital in Washington, D.C. suffered data breach when more than 1,400 patients received letters intended for other individuals. The letters included names, account numbers, and dates that other individuals visited Howard University doctors. Social Security numbers, dates of birth, and other personal information were not included

According to the reports, data error reportedly caused letters to go out to people with the right surnames, but the wrong addresses. Howard University explained that California Healthcare Medical Billing, Inc. and JP Recovery Services, Inc. had been hired to mail letters to patients who had not yet paid their bills.

University said that they become aware of the incident on May 11 and will notify affected individuals.

Similar incident includes the breach at Virginia Commonwealth University Health System. The incident involves employee taking CDs which were no longer needed for the organization’s services and donating them to assist with children’s art projects. The affected information includes names and one or more of the following for 1000 patients: home addresses, dates of birth, medical record numbers, clinical information and health insurance information.

“This error brought to light a vulnerability in our system that developed over time and that we are working to correct, and we are deeply sorry for the inconvenience this may have caused some of our patients,” said John Duval, CEO of MCV Hospitals and Clinics.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Medical Records exposure leads to data breach

April 29th, 2015

LAC+USC Medical Center (LAC+USC) – Augustus F. Hawkins (Hawkins) Mental Health Center mentioned  that patients’ records were found in the home of a facility employee, when a search warrant was being served at the residence. Authorities reportedly found confidential patient information for 900 Hawkins patients in the nurse’s home. The search was unrelated to County business.

“The incident has been reported to the Health Authority Law Enforcement Task Force (HALT), and we are also actively working with other law enforcement agencies,” the LAC+USC and Hawkins statement read. “We will notify the California Department of Public Health, the California Attorney General, and federal authorities in accordance with statutory requirements LAC+USC Medical Center is conducting a review of its privacy and security practices and will revise them as needed based on the findings.”

The affected information includes information such as names, medical record numbers, addresses, phone numbers, dates of birth, diagnoses, dates of admit, insurance carriers, insurance identification numbers, and Social Security numbers. Other personal data, including driver’s license information, may also have been compromised.

According to the reports, the nurse who allegedly took the documents has resigned and is no longer working at the hospital.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Sony like attack possible

April 6th, 2015

According to the security researchers, many hackers across the globe can launch Sony like attack. Around 90% of the companies can suffer possibilities of hacking considering their current security standards.

There is no shortage of technically proficient people willing to launch such an attack, said Jon Miller, a former hacker who now serves as vice president of strategy at Cylance, an antivirus software maker.

“There are probably a couple thousand, three, four, five-thousand people that could do [the Sony] attack today,” Miller tells “60 Minutes”‘ Steve Croft in an interview airing Sunday evening on CBS television stations.

Complicating things for companies is the sheer number of computers that must be protected, usually from the employees operating them, said Kevin Mandia, chief operating officer of FireEye, the anti-malware company that worked with Sony to mitigate the effects of the hack.

“The advantage goes to the offense in cyber,” Mandia says. The defense must defend every computer, thousands in some cases, but “the offense side thinks, ‘I only need to break into one and I’m on the inside.’…Nation-state threat actors, or hackers, target human weakness, not system weakness.”

The Sony security breach was more serious that it was perceived. Hackers leaked the personal information which includes Social Security numbers of more than 47,000 celebrities, freelancers, and current and former Sony employees. They also leaked movies which were not released, as well as embarrassing emails between Sony Pictures executives, among other internal documents.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Potential PHI exposure due to phishing scam

March 29th, 2015

Children National Health System (Children’s National) employees fell victim to phishing scam which led to potential PHI breach for some patients. According to the reports, hackers could have gained access to PHI from the employee’s email account. The affected information includes names, addresses, dates of birth, and telephone numbers. Moreover, clinical information such as diagnoses, treatment received, medical record numbers, medical service codes or health insurance information, were also potentially accessed. Few records also included Social Security Numbers.

“We reported the phishing attack to federal law enforcement and continue to work with them in their investigation,” the statement read. “Importantly, neither patient charts nor our electronic medical records system were compromised. Only the discrete information contained in the email accounts was potentially affected.”

After the incident, the company is training the employees to handle the suspicious emails. The facility has enhanced its existing technical safeguards and a review of systems is underway.

According to the statement:

We have no evidence that this information in the emails has been misused or even accessed. However, in an abundance of caution, we began sending letters to affected patients on February 24, 2015, and have established a dedicated call center to answer questions patients may have.

We recommend that affected patients regularly review the explanation of benefits statement that they receive from their health insurer. If you identify services listed on your explanation of benefits that you did not receive, please immediately contact your insurer.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Florida Hospital Employees compromise Patient PHI

March 21st, 2015

Two employees are terminated allegedly for printing documents which contained patients’ information. According to the Florida hospital, it was outside their normal job routines.  The affected count is 9000 patients. The employees printed patient facesheets, which are summary cover sheet to a patient’s medical record.

The affected information includes patients’ names, addresses, Social Security numbers, phone numbers, emergency contact information, health insurance information and certain health information such as physician names and diagnoses.

The incident affected below hospitals:

  • Florida Hospital Orlando
  • Florida Hospital Altamonte
  • Florida Hospital Apopka
  • Florida Hospital East Orlando
  • Florida Hospital Kissimmee
  • Celebration Health
  • Winter Park Memorial Hospital
  • Walt Disney Pavilion at Florida Hospital for Children

“This incident should not be a reflection of the collective workforce at Florida Hospital, who work tirelessly to provide the highest quality of care and protect patients’ rights,” Florida Hospital spokeswoman Samantha Kearns O’Lenick told the news source.

Florida hospital mentioned that till now there is no evidence of information being misused. Hospital has set up a dedicated call center to answer individual’s questions or concerns.

“We deeply apologize for the inconvenience this may cause our patients,” the statement read. “Rest assured, we investigated the matter internally and have taken measures to ensure this type of incident does not occur again by continuing to enhance security safeguards and reinforcing education with our staff on the importance of handling patient information.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

11M affected by Premera Health data breach

March 11th, 2015

Sophisticated cyber attack on Premera Blue Cross leads to health data breach affecting 11 million individuals. Company discovered data breach on Jan 29, 2015. Affected entities involve Premera Blue Cross, Premera Blue Cross Blue Shield of Alaska, and the health insurer’s affiliate brands Vivacity and Connexion Insurance Solutions, Inc. Also, members of other Blue Cross Blue Shield plans who sought treatment in Washington or Alaska were also affected by the cyber attack.

The breached information includes Applicants and members’ names, dates of birth, email addresses, addresses, telephone numbers, Social Security numbers, member identification numbers, bank account information, and claims information, including clinical information.

“Individuals who do business with us and provided us with their email address, personal bank account number or social security number are also affected,” according to the Premera statement. “The investigation has not determined that any such data was removed from our systems.  We also have no evidence to date that such data has been used inappropriately.”

According to the statement, letters will be sent to affected individuals, and two years of free credit monitoring and identity protection services will also be offered to those applicants and members.

“As much as possible, we want to make this event our burden, not yours, by making services available to protect you and your information moving forward,” Roe said. “All of us here at Premera have been affected by this attack and we understand and share your concerns. Please know that we’re committed to making sure you get the tools and assistance you need to help protect you.”

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Hackers potentially compromise data of 80 million individuals

February 2nd, 2015

Anthem, Inc.’s database was attacked by hackers potentially compromising the personal information of approximately 80 million former and current customers, as well as employees. The affected information includes  names, dates of birth, medical IDs or Social Security numbers, street addresses, and email addresses.

According to a statement from Anthem president and CEO Joseph Swedish posted on the company website:

“Based on what we know now, there is no evidence that credit card or medical information, such as claims, test results or diagnostic codes were targeted or compromised,” Swedish said. “Once the attack was discovered, Anthem immediately made every effort to close the security vulnerability, contacted the FBI and began fully cooperating with their investigation.”

Swedish added that the personal information of Anthem employees, including himself, were also compromised in this data breach using “very sophisticated external cyber attack”.

“We join you in your concern and frustration, and I assure you that we are working around the clock to do everything we can to further secure your data,” he said.

Anthem will notify the affected individuals.

“I want to personally apologize to each of you for what has happened, as I know you expect us to protect your information,” Swedish said. “We will continue to do everything in our power to make our systems and security processes better and more secure, and hope that we can earn back your trust and confidence in Anthem.”

The HITRUST Cyber Threat Intelligence and Incident Coordination Center (C3) has been collaborating with Anthem since it discovered the breach.

“As additional information becomes available, Anthem has committed to continue to work with the HITRUST C3 to disseminate any findings and lessons learned that can help other organizations better prepare and respond to these type of cyber incidents.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

 

Community Center ID Theft

November 12th, 2014

 

A nonprofit system of health clinics in Florida suffered data breach due to identity theft criminal operation. The affected clinic Jessie Trice Community Health Center said that patient’s information was targeted. According to the reports, personal information that was stolen includes Patients’ names, dates of birth and Social Security numbers.

 

“The leadership of Jessie Trice Community Health Center, Inc. deeply regrets this incident and is working vigorously and diligently assessing how to mitigate future risks to all patients and has implemented new procedures and protocols to protect patient information so that this type of theft cannot reoccur,” Jessie Trice president and CEO Annie Neasman explained in the statement.

 

The incident is under investigation by FBI and IRS. Total count of affected patients stands at 7,888 and are notified about the breach. The organization has retained a leading data breach response vendor to work with patients through the process.

 

For additional information about the JTCHC data breach, statement asks to contact their corporate office. According to the statement, no medical records were obtained or have been compromised. The mode and how the theft occurred are not clear. But the statement mentions that immediate action steps are underway to ensure clients protection.

 

Alertsec strengthens security

 

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

 

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

 

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

 

Major US banks suffered data breach due to Russian hackers

August 20th, 2014

JPMorgan Chase and other bank were breached by Russian hackers who stole gigabytes of sensitive data which includes savings and checking account information as well as information on bank employees.

Highlights of the incident:

The FBI is investigating whether the attacks may have been launched in retaliation for U.S. government sanctions

“Russia has a policy of reactionary attacks in relation to political contexts,” iSight Partners manager John Hultquist told Bloomberg. “When it comes to countries outside their sphere of influence, those attacks would be more surreptitious.”

At least five banks were hit

“Companies of our size unfortunately experience cyber attacks nearly every day,” JPMorgan spokesperson Patricia Wexler told the Times. “We have multiple layers of defense to counteract any threats and constantly monitor fraud levels.”

Breach was accomplished either via a zero day exploit or via the exploitation of an unsecured employee to access

“At the end of the day, serious attackers, not just cyber punks who try to steal credit card information, will go to great lengths and spend immense amounts of money in order to reach their target, employing not only lessons learned from online criminals over the last 20 years but also decades worth of espionage and social engineering tactics,” Kujawa head of malware intelligence at Malwarebytes Labs said. “The best defense against these attackers is to fortify cyber defenses on every front, the education and access control of any users and finally an awareness and preparedness for any and all attacks that might be encountered.”

Very few enterprises are sufficiently equipped to defend themselves

“In fact, I would say that more than 90 percent of all organizations are completely vulnerable; they simply do not have the tools or the staff to deal with this kind of attack,” Triumfant CEO John Prisco said.

War-game’ on an ongoing basis to make sure new vulnerabilities aren’t missed

“The next stage in the arms race, for both attackers and defenders, is automation — not just searching for gaps, but figuring out the consequences of those gaps, in much the same way that generals study a battlefield before the battle starts,” RedSeal Networks CTO Mike Lloyd said.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.