Log in

Posts Tagged ‘Health care’

TRICARE in trouble for data breach

October 11th, 2011

TRICARE data breach affects millions

Data breach incidents are on the rise and even though effects of some of them many not be that serious, data loss and identities are at stake.

A data breach involving personal health information of an estimated 4.9 million military clinic and hospital patients made headlines last week. The report was about Tricare Management Activity, the federal government’s health care coverage for active and retired military personnel and their families.

What Tricare had to say?

According to TRICARE the data was stolen from a backup system that contained electronic patient data from 1992 through Sept. 7, 2011 from patients that were treated at San Antonio area military treatment facilities (MTFs) (including the filling of pharmacy prescriptions) and some of them whose laboratory data was processed in these same MTFs although the patients had received treatment somewhere else.

A total of 4.9 million patient’s documents were affected. The stolen data includes Social Security numbers, addresses and phone numbers, and some personal health data. Fortunately no financial data, such as credit card or bank account information was compromised.

The incident is still under investigation and it could take anywhere between 4 to 6 weeks for Tricare to notify those who have been affected by the breach. Tricare further stated that the risk of harm to patients is fairly low. Affected Tricare beneficiaries will receive personalized letters with details about the data breach.

In the past Tricare contractors had received free credit monitoring but in this case TRICARE has not promised anything.

TRICARE releases statement

“Reading the tapes takes special machinery. Moreover, it takes a highly skilled individual to interpret the data on the tapes. Since we do not believe the tapes were taken with malicious intent, we believe the risk to beneficiaries is low.”

How was the data stolen?

The data was stolen from the car of an employee of Science Applications International Corp. It contained backup tapes of electronic health records. According to the police report the car was parked at 300 Convent from 7:53 a.m. to 4:30 p.m. Sept. 13. Along with the backup tapes a stereo system valued at $300 and a GPS device were stolen.

Apparently the employee was planning to transport this data between federal facilities.

According to a SAIC spokesman the data was partially encrypted.

What users had to say?

“The fact that the tapes were encrypted should go to show how important it is to keep the information safe. That is not a way for the Govt employee or contractor transporting to feel safer about leaving them unattended in a vehicle. Had this happened in the military equivalent with secret media, they would be run through. The lack of disciplinary action is somewhat disturbing”.

Data Protection with Alertsec

Alertsec Xpress is the laptop security service that supplies SMBs with the leading data security software for their laptop encryption implementation. The core function in any mobile data protection system is the hard drive encryption – outperforming file encryption and other kinds of data encryption software on speed, security and flexibility.

No comments »

Posted in Computer security, Data Protection, Uncategorized, data breach, data encryption

Tags: data breach Electronic health record Encryption Facilities Health Health care Hospital Medicine Personally identifiable information SAIC San Antonio Science Applications International Corp Social Security number TRICARE Tricare Management Activity United States

Wake Forest Baptist suffers data breach

July 18th, 2011

Data breach at Wake Forest Baptist Medical Center

Medical records are the most vulnerable lot. Umpteen cases of hacking into medical data have been making headlines.

The latest joining the bandwagon is the Wake forest Baptist.

What happened?

Winston-Salem, N.C.-based Wake Forest Baptist Medical Center suffered a data loss of medical records and documents that affected 357 people.

Wake Forest Baptist Medical Center had fired an employee, Linda Bowden Turner, on June 1. It appears she had taken pages from 136 patient medical records and 221 employee documents that included Social Security numbers of past and current employees.

Ms. Turner was charged with larceny by employee. According to her attorney and WFBMC Ms. Turner was a hoarder and did not commit this deed intentionally.

Here is the statement issued by the Medical Center “On the afternoon of May 31, 2011, Wake Forest Baptist Medical Center received a call about documents, belonging or pertaining to the medical center, discovered in the basement of a rental home. Following an immediate response by our Privacy and Compliance Offices and with assistance from the Winston-Salem Police Department, our staff removed boxes from properties and storage units owned by former employee, Linda Turner”.

“None of the documents discovered comprised a complete patient medical record,” the center said. “The employment records date from a time when many hospitals used Social Security numbers as the employee identification number. Wake Forest Baptist discontinued this practice several years ago.”

Investigation showed that there were employment and medical documents mixed in with large volumes of the former employee’s personal documents, newspapers, magazines and trash.

There was no evidence found that said that the information was misused in any way. The documents appeared to be undisturbed in storage areas till the discovery.

Post breach

Wake Forest Baptist mailed Thursday a letter to affected individuals offering a free year of Debix credit-monitoring services, which require registration for use.

Soon after the incident the medical center has started training employees regarding the proper handling of paper documents containing personal or protected health information. Training program also includes training new staff and implementing this program in the annual mandatory compliance training.

The medical center has submitted a report to the appropriate regulatory agencies, including the U.S. Department of Health and Human Services, the North Carolina Attorney General and The Joint Commission. A review of the case has been completed by the North Carolina Department of Health Services Regulation (DHSR). DHSR found no discrepancies.

Implementing security measures with Alertsec

Time and again it has been proven that most laptops are stolen or valuable document taken from the place of work. Alertsec Xpress is the web-based service powered by Check Point Full Disk Encryption – the global leader in encryption for laptops and is used by big and small organizations that have recognized the need to protect their information.

Alertsec Xpress provides:

Fully managed service for your convenience.
Very cost effective service.
Market leading laptop protection service.
Quick and easy implementation.
Easy to use protection.
Transparent solution.
Global 24/7 helpdesk.
100% secure and reliable encryption.
Powered by Check Point – the market leader

.

No comments »

Posted in Computer security, Data Protection, Identity and Information loss, computer security software, data breach, data encryption, identity theft

Tags: Baptist breach notification laws computer encryption software Computer security data breach data encryption data security Enter your zip code here Health care Hospital identity theft Joint Commission Medical record Medicine North Carolina Social Security number Winston-Salem Winston-Salem North Carolina

Computer containing personal data of Meridian Health Workers stolen

July 14th, 2011

Meridian Healthcare employee victim of laptop theft

It just takes one quick grab to steal a laptop or mobile. Users make it easy for thieves by putting such stuff out in the open in a restaurant, in an outside pocket of a backpack or leaving windows open at night.

One such incident took place recently in Meridian.

The incident

According to Asbury Park police Detective Capt. Anthony Salerno the theft occurred between 2 and 7 a.m. June 25.

It appears that a 55-year-old woman had left a window open at her home on Locust Drive before going to bed. In the morning she found that the screen had been cut and the window had been opened more. Her house was burgled and items taken were her work laptop computer and seven thumb drives containing financial documents for her employer, Meridian Health. The heist also included second laptop owned by the woman, two credit cards, a 19-inch television set and a bicycle. The items were around $5,000.

The woman’s laptop contained personal information of Meridian health care’s employees. There is no indication that any of the employee information was accessed. Probably identity theft was not the thief’s intention.

As to how many employees are affected is still not known. The police are also trying to find out whether the Asbury Park woman was authorized to bring the computer equipment home. The woman’s designation or profile in the company is also not known.

Laptop theft part of Cybercrime

Cyber-crime is defined as an intentional crashing of the servers, the stealing of important data, or the release of a virus or other malicious software.

Cyber criminals are getting more creative and big and small companies are in a frenzy to deploy new tools and procedures to deal with these new attacks

Security Measures taken by Meridian Healthcare

Meridian is the parent company of Jersey Shore University Medical Center in Neptune, Riverview Medical Center in Red Bank, Ocean Medical Center in Brick, Southern Ocean Medical Center in Stafford and Bayshore Community Hospital in Holmdel. Its partner companies include home health services and rehabilitation centers.

A national identity theft consulting company, appointed by Meridian Healthcare, is notifying the employees and providing them with comprehensive identity theft protection at Meridian’s expense for three years.

Learning from the incident, Meridian leaders are reforming security policies by offering continued protection of team members’ personal identification information in-house as well as hiring a security consultant to conduct an independent audit of Meridian’s policies and procedures.

Hire Alertsec

This incident stresses the need for data protection applications. The need of a Data encryption software and recovery software is felt by big and small companies in today’s vulnerable data world. The threat could have simply been reduced to an insurance matter by a mere investment of $13/month. Certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model.

No comments »

Posted in Data Protection, Uncategorized, identity theft, laptop encryption, laptop theft

Tags: Anthony Salerno Computer security Data storage device Encryption Enter your zip code here Health care identity theft laptop laptop encryption laptop encryption solution laptop theft Personal computer Personally identifiable information security Theft

Computer containing personal information taken from Dept. of Aging

June 24th, 2011

Laptop theft on the rise

A Laptop/Notebook is stolen or lost every 12 seconds

How are laptops stolen?

90% of the Laptops are being lost/stolen during the travel.

Some are stolen at the work place, conference centers, hotel rooms, cars, airports and train stations. As statistics show, it is just impossible to be able to prevent theft to occur as opportunists are everywhere in our society.

Laptop loss not only proves costly to the owner but it also includes the loss of sensitive and creative information/data in it. It could be your important documents, presentations, credit card details, financial information or maybe a contract or legal document.

Here’s a story which talks about laptop theft and loss of valuable health related data.

Laptop stolen from Dept. of Aging

A laptop belonging to a PASSPORT case manager, with the Mansfield Area Agency on Aging, Inc., was stolen on June 3 from his car in the Ohio District 5 region which serves counties in the Mansfield area. It contained data of thousands of clients.

According to the agency the laptop contained the personal health information on up to 43,000 consumers and the personal contact information on up to 35,000 related clients’ personal representatives.

In a news release, CEO Duana Patton said, “The Area Agency on Aging understands the importance of safeguarding our consumer’s personal information and takes that responsibility very seriously. We deeply regret that this incident occurred and we have already taken steps to ensure our laptops are properly equipped to secure personal information from unauthorized access in the future.”

The department is in the process of informing all of the affected users by letter to explain credit protection options available to them.

Individuals can reach the staff for queries related to the data breach on the following number – 800-522-5680 extension 1234

Preventive measures

a. Always back-up your data on a server or back-up device

b. Use encryption software. It greatly enhances the laptop security as there is no way that the information is compromised if lost or stolen. A theft would simply be reduced to an insurance matter and cost of the hardware plus time to rebuild the laptop. A small price to pay compared to what can happen if you lose confidential or senstive data

Computer protection with Alertsec

Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subsribe for your personal 30-day free trial

Alertsec is the only service provider on the market that offers a pre-configured, ready-to-use solution which also includes 24/7 helpdesk.

Alertsec Xpress is powered by Check Point, the market leader in the field of mobile data protection. The software was launched 16 years ago and is the most robust software on the market today. You can read more about Check Point here.

Once you make your decision you can have the laptops protected within minutes. No delays with set-up, configuration, order or delivery - order now.

No comments »

Posted in Computer security, Identity and Information loss, identity theft, laptop encryption, laptop theft

Tags: AlertSec Xpress Check Point Computer security Credit card data encryption desktop encryption software Encryption Health care identity theft laptop laptop theft Ohio District Personally identifiable information security

London Health Programmes under fire for failing to report laptop loss

June 19th, 2011

Laptop Loss is a Major Business Risk

In the last few posts we talked about data theft/illegal data accessing. This post talks about the physical theft i.e. stealing of laptops ! Laptop theft is a significant threat to computer users. Many tools such as laptop locks, alarms and visual deterrents such as stickers or labels have been developed to prevent laptop theft. Victims of such a theft lose hardware, software and important data if they fail to back it up.

London Health Programmes, a medical research organisation based at the NHS North Central London health authority, has lost 20 laptops. This could be the biggest ever health care data breach suffered by the NHS.

Only 3 laptops have been recovered so far. One of the missing computers contained details of 8.63 million people and the NHS medical records of 18 million hospital visits, operations and procedures. The information included the postcode, age, ethnic origin of the respective patients, but not their names. This machine was, unfortunately, not encrypted. It was taken from a storeroom of NHS.

Any allegation that sensitive personal information has been compromised is concerning, and we will now make enquiries to establish the full facts of this alleged data breach,” the ICO said in a statement on Wednesday.

According to a spokeswoman for the ICO told ZDNet UK ”If the data has been breached, the implications could be serious, according to the ICO. “[The NHS] holds millions of [bits of] data on millions of people. They’re probably the body that hold the most sensitive data in the UK, they have millions and millions of records being accessed every day,”

NHS has suffered multiple breaches in the past few years. The Information Commissioner’s Office issued a public warning to the NHS in the year 2009 to beef up security.

What could be more disturbing is the fact that the laptops could have been encrypted all along. David Tomlinson, managing director of Taunton-based Data Encryption Systems, said the NHS has a licence to run McAfee software on all its computers, including the SafeBoot disk encryption product.

“If someone wasn’t encrypting their laptops, questions should be asked,” he said, “because they’ve paid for [the encryption].”

The Information Commissioner’s Office (ICO) and the police are investigating the theft.

Better late than never, the Department of Health issued a statement saying all NHS organisations should ensure laptops are encrypted.

Alertsec at your service

Alertsec Xpress is powered by Check Point Full Disk Encryption – the global leader in data encryption software with millions of users worldwide! This news stresses the need for data protection applications. The loss in the above incident could have simply been reduced to an insurance matter by a mere investment of $13/month. The amount is meager compared to what the company has lost. The need of Data encryption software and recovery software cannot be underestimated . Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial