Filing cabinet

Children Art Project and Data Breach

December 12th, 2014

A healthcare data breach was caused by what started as goodwill attempt when a health system employee mistakenly donated CDs having patients’ protected health information (PHI) for children’s projects.

According to the reports, Virginia Commonwealth University Health System (VCUHS) employee took CDs that were no longer needed for the organization’s services and gave it to Children as a reference for art project.  The affected information includes patients’ full name, and one or more of the following: home addresses, dates of birth, medical record numbers, clinical information and health insurance information. A few of the CDs also contained Social Security numbers.

The website statement didn’t mention about the number of individuals affected but likely more than 1,000 medical information records were involved.

“What began as a well-intentioned philanthropic effort by a staff member wanting to help turned into a serious mistake that we are working very hard to remedy,” John Duval, CEO of MCV Hospitals and Clinics, said in a statement. “This error brought to light a vulnerability in our system that developed over time and that we are working to correct, and we are deeply sorry for the inconvenience this may have caused some of our patients.”

VCUHS has revised its protocols regarding media destruction and will intensify its efforts to protect all sensitive information, Duval added. VCUHS said that it also re-collected most of donated CDs.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

 

Subcontractor mishandled sensitive information

December 10th, 2014

A potential data breach was caused because of information mishandling by  a health insurance subcontractor. According to the reports, WellCare Health Plans notified 47 Medicare subscribers at the end of November that their protected health information (PHI) was breached. Around 500 people were affected by this incident.

Social security numbers and other financial information were not exposed. Also, information regarding specific diagnosis was not revealed. A total of 47 people were notified in Monroe County along with more than 500 people in New York.

“When the error was discovered, WellCare sent postage-paid envelopes to the members who were believed to have received the inadvertent mailings,” the Democrat & Chronicle stated.

According to the reports,

The insurer said it was not aware of misuse of anyone’s information. Nevertheless, it urged the 47 individuals to review their credit card bills and other financial statements. The insurer is providing one-year credit protection.

The breach was a violation of the Health Insurance Portability and Accountability Act. Crystal Walker, director of public relations, said WellCare learned on Nov. 3 that a vendor had a computer coding error, which caused denial letters to be sent to the wrong members. The information included the person’s name, address, member ID number and general descriptions of the procedure, such as evaluation, radiology or administrative. No specific diagnoses were revealed.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.