Federal Trade Commission

Software update leads to potential data breach

June 27th, 2015

Affected information includes first and last name, Social Security Number, Blue Shield identification number, date of birth, and home address. Financial information was not exposed, according to the letter, and users who had unauthorized access to PHI confirmed to Blue Shield that they did not keep copies. Moreover, those users said they deleted the information and returned any records to the company.

The website is used by authorized users but the software provided unintended result.  It was found out that three users, who logged into their own accounts at the exact same time as another user, were able to view member information associated with the other individual’s account.

According to the Blue Shield Statement:

This issue was reported to the Blue Shield Privacy Office on May 18. The Website was promptly taken off line to identify and correct the problem. The Website’s faulty code was identified and corrected and the Website was returned to service on May 19. Our investigation revealed that this was the result of human error on the part of Blue Shield staff members, and the matter was not reported to law enforcement authorities for further investigation.

The notification letter did not say how many individuals were affected, but Blue Shield added that those potentially affected will receive a free, one-year membership to identity protection services.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

HIPAA violation by County employee

January 15th, 2015

The recent incident involved sending of personal information of inmates at a county jail to a personal email address. The Saint Louis County Department of Health is investigating a potential HIPAA violation. The affected data includes names and Social Security numbers of several inmates. The information is related to the inmates who are imprisoned at St. Louis County’s Buzz Westfall Justice Center from 2008 to 2014.

The number of affected individuals is not known. As per the county department, there is no indication that anyone other than the employee accessed the information.

“St. Louis County is strongly committed to patient privacy,” the statement said. “It is something we take very seriously. Even though there is no indication that there was any intent to use the information to commit fraud, it is important to make sure that those potentially affected are fully aware of the violation that occurred and fully aware of the steps they are advised to take at this point.”

Information related to free credit monitoring is not confirmed but the County Health Department explained that if an individual believed that their information was potentially included in the email, he or she should check with any of the three major credit bureaus.

The employee who sent the information currently does not work with County who earlier resigned after completing 25 years of services.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Mental Health Treatment Organization health data exposed

March 8th, 2014

Community Based Services On-Call Binder of Yellowstone Boys and Girls Ranch (YBGR) in Montana was lost or destroyed. Organization printed legal notice in the news paper informing clients of the breach.

Binder contained Protected Health Information (PHI) from clients, including names, addresses, dates of birth, parents’ names, and program and treatment professionals’ information. Financial information and Social Security number was not present in the binder.

YBGR has stopped using binders after the incident. It has notified the clients for same. New process is followed were staff members must use a new on-call system or visit a ranch office to receive information. YBGR is in the process of implementing new electronic record system to ensure security of the sensitive information. It has notified the customers to monitor credit reports. They are also advised to inform Federal Trade Commission (FTC) for any suspicious activity.

“We want to make sure that if there’s any trust lost with any of our families, with any of the people we work with, we want to regain that,” said Shawn Byrne, YBGR’s chief operating officer for community-based services.

In its public notice YBGR mentioned,

We conducted an extensive investigation and determined that the Binder was either destroyed or misplaced sometime during the summer of 2013.

YBGR has no reason to believe that any personal information was accessed or used inappropriately and we believe that the likelihood of such misuse is low. Nonetheless, out of abundance of caution, and in accordance with federal law, we are providing the media with notice of this incident, in addition to individualized notice to every client who might have been affected so that our clients might take steps to protect themselves from potential harm resulting from this incident.

Alertsec strengthens security

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Enhanced by Zemanta

Stolen laptop leads to settlement by the Accretive Health

January 5th, 2014

Accretive Health working as medical billing and revenue management services vendor has agreed for settlement with Federal Trade Commission (FTC) due to allegations of inadequate data security measures which put consumer data at risk.

An accretive laptop containing sensitive information of 23,000 patients was stolen from employee’s car. FTC pointed out many discrepancies like failure to removal of unwanted data from laptop, failure of reasonable procedures in place and vulnerability of sensitive data while laptop is transported. More over they expected to have limited access to customer information by the employees.

Terms of the settlement agreed by the Accretive involved development and deploying a comprehensive data security policy that will be evaluated initially and every two years by a certified third party. Settlement will remain in effect for the next 20 years as per FTC.

To avoid such failures to take proper measures for the security may lead to penalty. To avoid such incidents it is preferred to have proper procedures along with best encryption software. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers.

Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

Do’s to avoid damage by Data Breach

December 6th, 2013

Have you received any email from an online company informing you that your account has been hacked and that your personal information has been lost in a data breach?

If your answer is yes then you’re not alone. In the past two years, LinkedIn and eHarmony have suffered data breaches that together exposed more than 80 million accounts.

If you’re among the millions of consumers who may have been exposed by a data breach, here are some do’s for you:

  1. Make a note of exactly what kind of information was lost in the data breach, and how it was protected. Names and physical addresses are the least sensitive pieces of information, email addresses and account passwords are more sensitive, Social Security numbersand credit-card numbers are the most sensitive and the most valuable to identity thieves. The company suffering the breach may tell you that even though email passwords or credit-card numbers were lost, they were encrypted and hence safe.
  2. Change the password on your account with the affected company right away, if the company hasn’t already done so for you.  If you use the same password for accounts with other companies, change those as well.
  3. Contact your bank and your credit-card issuers, explain that your accounts are at risk of fraud and ask them to alert you immediately if they detect suspicious activity on your accounts. Professional credit-card thieves will try to “bust out” stolen card numbers with many purchases in a matter of hours, often on weekends when banks are not fully staffed.
  4. Ask your country’s major consumer credit-reporting bureaus to place a fraud alert on your name. This way, if anyone tries to steal your financial identity for example, by trying to open a credit-card account in your name you will get to know.

If you’re a U.S. resident, you should also contact the Federal Trade Commission to create an identity-theft affidavit, and then file a report with your local police force. Make sure you document each phone call made, and each email message and letter sent, during your efforts.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta