Florida

Florida Hospital Employees compromise Patient PHI

March 21st, 2015

Two employees are terminated allegedly for printing documents which contained patients’ information. According to the Florida hospital, it was outside their normal job routines.  The affected count is 9000 patients. The employees printed patient facesheets, which are summary cover sheet to a patient’s medical record.

The affected information includes patients’ names, addresses, Social Security numbers, phone numbers, emergency contact information, health insurance information and certain health information such as physician names and diagnoses.

The incident affected below hospitals:

  • Florida Hospital Orlando
  • Florida Hospital Altamonte
  • Florida Hospital Apopka
  • Florida Hospital East Orlando
  • Florida Hospital Kissimmee
  • Celebration Health
  • Winter Park Memorial Hospital
  • Walt Disney Pavilion at Florida Hospital for Children

“This incident should not be a reflection of the collective workforce at Florida Hospital, who work tirelessly to provide the highest quality of care and protect patients’ rights,” Florida Hospital spokeswoman Samantha Kearns O’Lenick told the news source.

Florida hospital mentioned that till now there is no evidence of information being misused. Hospital has set up a dedicated call center to answer individual’s questions or concerns.

“We deeply apologize for the inconvenience this may cause our patients,” the statement read. “Rest assured, we investigated the matter internally and have taken measures to ensure this type of incident does not occur again by continuing to enhance security safeguards and reinforcing education with our staff on the importance of handling patient information.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Data breach involves Veterans

December 23rd, 2014

Contractor’s flaw lead to the data breach which exposed sensitive information of around 7000 Veterans. The department of Veterans Affairs (VA) notified the incident and also told to the press that the vendor was providing home telehealth services to veterans. The breach was caused because of potential flaw in a vendor’s system.

“An investigation was immediately initiated and security scans were conducted by VA, which confirmed the concern,” the spokesman said. “The contracted vendor has assured VA that only vendor staff and VA staff had accessed this information. The security flaw in the vendor database was immediately corrected and VA continues to closely monitor the application.”

The affected information includes names, addresses, dates of birth, phone numbers and VA patient identification numbers.  Veterans are offered complementary credit protection services.

The VA didn’t disclose the name of the vendor but according to the reports, this particular data leak till now has not caused security problems. The information was potentially seen after a database was inadvertently exposed online.

The latest data breach has raised yet another concern in VA’s data security aspects. Earlier, the agency has also failed its annual cybersecurity audit. VA Chief Information Officer Stephen Warren presented the audit results at a House Veterans Affairs Committee hearing.

“Specifically, by not keeping sufficient records of its incident response activities, VA lacks assurance that incidents have been effectively addressed and may be less able to effectively respond to future incidents,” the GAO report stated. “In addition, without fully addressing an underlying vulnerability that allowed a serious intrusion to occur, increased risk exists that such an incident could recur.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Data breach may affect 200,000 individuals

December 17th, 2014

Belle Glade office of Family Central, Inc. in Florida suffered data breach when former employee accessed the electronic database inappropriately. The said database manages the personal information of individuals applying for or receiving services from the coalition.

“The security breach compromised the personal information of individuals whose data is contained in the system, including parents and children residing in Palm Beach County who have received school readiness services or participated in the Voluntary Prekindergarten Education Program,” the statement read.

According to the reports, federal officials are investigating the incident. Individuals who have received services from the organization are encouraged to carefully monitor their credit history and enroll for free fraud alerts with one of the three major credit agencies.

“Family Central has implemented additional security measures including expanded security training for all employees, further restricting access to the information system and revising data security policies,” the statement said.

Currently, 177 individuals are affected but the number can grow.

According to the statement published on company’s website –

Individuals who have received services from the coalition and Family Central, Inc., may wish to review their credit history for any potential fraudulent or suspicious activities they have not authorized.  To protect themselves from the possibility of identity theft, they may also place a free fraud alert on their credit files.  A fraud alert notifies creditors to contact individuals before opening new accounts in their name.  

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

No Heath Data Encryption in Federal Sites

November 9th, 2014

Individuals used AIDS-related medical services information on government health websites which lacked health data encryption. In the recent times health care security is on high priority agenda and lapses like federal websites demands for change.  According to the reports, government is taking initiatives to secure the data. The sites have possible risk of exposing the identities of visitors as private information, like the actual latitude and longitude location of visitors.

“The sites and apps did not themselves track visitors, but their data was handled in ways that could have enabled monitoring by employers, universities or others with access to the data flowing between individual devices – such as computers and smartphones – and the Internet.,” the news source reported.

Steve Roosa, a partner at law firm Holland & Knight, first made the health data encryption discovery. Roosa explained that as part of HIPAA, the Department of Health and Human Services (HHS) enforces federal healthcare privacy rules when personal medical information is handled by private entities.

“It is somewhat shocking, and more than a little ironic, that HHS has opted not to adhere to its own standards here, when the failure to do so puts sensitive health information at risk,” Roosa said in the report.

Aids.gov was one of the website and its Director Miguel Gomez said they started automatically using encryption for all of its users. Since 2010, the website transmitted unencrypted location information of users searching for healthcare providers online. However, the site started offering encryption services – for those who knew how to use it – since last year.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Hospitals focus on IT security audits

February 20th, 2014

After healthcare organization makes decisions on security audit strategies, some aspect has to be considered such as potential impact on daily workflow and the amount of time that elapses between catching an abnormality and resolving the issue. Mark Combs, West Virginia University Hospitals Chief Information Security Officer (CISO) mentioned about the steps to find internal security threats.

Mark Combs mentioned that audit report can stop larger breach. He mentioned about the situation in Florida where a healthcare organization was alerted by federal investigators that one of its employees was filing false tax claims.

“Obviously, we’ve found instances where employees were doing inappropriate things, but we were able to catch them soon enough so that they didn’t grow into one of those larger issues,” Combs said. “Luckily, we haven’t had one yet where federal authorities alert us of an incident.” He further added organizations set their policies as best practices and they need applications in place to enforce those policies.

Combs and West Virginia University Hospitals made decision for use of Iatric Systems’ Security Audit Manager (SAM) product. Rob Rhodes, Senior Director of Patient Privacy Solutions for Iatric Systems said that the integration works well with SAM because it reaches out to any of organization’s systems with PHI and allows us to pull the audit logs and aggregate them in the SAM.

“Once it’s aggregated in SAM, we then run proactive reports and alerts,” he said. “Users can set those up so the algorithms we have go out and look for potential privacy violations. SAM has incident tracking as well.”

West Virginia recently incorporated a policy change when it switched from a legacy system to Epic HER.

We did that to comply with the HIPAA Security Rule, as we were concerned that people would use their access to look at and potentially harm the integrity of their own record if they make mistake. We put “same last name” auditing in place, which is a report that’s native to SAM. Not only were we able to use that in Epic, but for our other half-dozen or so systems as well.  As we contacted managers telling them they weren’t complying with the policy, we saw a huge reduction in people looking at their own accounts through work access.

To get perfect audit reports encryption software for laptops are essential. Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta

9,900 patient data breach at Holy Cross Hospital

September 3rd, 2013

Holy Cross Hospital in Fort Lauderdale, Florida had sent a notice to 9,900-patients about a data breach that occurred between November 2011 and August 2013.

Holy Cross is accredited by the Joint Commission and was the first hospital in Broward County to be designated as a Magnet Hospital by the American Nurses Credentialing Center.

Patient names, dates of birth, addresses and Social Security Numbers were accessed by a Holy Cross Hospital employee. A hospital investigation found that the employee intended to use the information for fake tax return purposes. “The employee was terminated, and efforts are underway to prosecute this individual to the fullest extent possible. Holy Cross Hospital takes this issue very seriously. Although evidence does not indicate that the patient information was used for other forms of identity theft and fraud, all patients affected by this incident have been notified by mail and are being offered free credit monitoring services.” the hospital said in a statement.

The employee who stole the data was fired by the hospital and said it wants him to face criminal prosecution. It also arranged a dedicated call center for affected patients who had questions regarding this data breach incident. It was hard to make out from the reports how the records were accessed, whether they were on paper or electronic, what rules the organization had in place to prevent this type of breach and how it plans to avoid similar incidents in the future.

Healthcare organizations need to act as their own watchdogs, so to speak, to protect their patients and themselves from the dangers of a data breach. Getting all the laptops and systems encrypted will also help them protect their data.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta