Health care

MA hospital data breach

June 27th, 2016

Massachusetts General Hospital (MA) suffered potential data breach when some dental practice patients may have been affected by the hacking incident. It involved third party vendor that provides dental practice information management software.

As per the statement,  “Massachusetts General Hospital (MGH) is deeply committed to the security and confidentiality of our patients’ information, including any such information maintained by our third-party vendors. Regrettably, this notice concerns an incident involving some of that information.”

Vendor found out that unauthorized entities had gained access to its systems. It exposed some of the hospital’s patient files. Probable accessed information included names, dates of birth, Social Security numbers, medical record numbers, dates and types of dental appointments, and dental provider names.

MA mentioned that the attackers did not access any of its systems or any files managed by the hospital. Vendor Patterson Dental Supply Inc contacted local law enforcement officials. Investigation is initiated for the hacking event and law enforcement officials have asked MA to withhold notifying potentially affected patients. It also stopped them from releasing a public statement until the investigation was over.

Later on 26 may, the hospital got the necessary permission to contact impacted individuals. It  then mailed notification letters to all affected patients on June 29. Call centre is also created to answer the query related to the incident. The statement did not mention the number of affected individuals.

“We are committed to the security of sensitive information maintained by our third-party vendors and are taking this matter very seriously,” explained the statement. “To help prevent this type of incident from happening again, PDSI [Patterson Dental Supply Inc] took steps to enhance the security of its systems that maintain dental practice data.”

————————————————————————————————————————————————————–

Alertsec is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your or
ganization.

Data breach in Mayo Clinic Health

July 23rd, 2015

The Mayo Clinic Health System in Red Wing, Minnesota reported data breach when 601 patient records were inappropriately accessed by an employee. According to the Mayo Clinic Public Affairs Manager Asia Zmuda – “an employee accessed patient records beyond the scope of authorized access and assigned job responsibilities.” The employee is no longer employed at the health system, according to the emailed statement.

“An internal investigation was immediately launched and a detailed analysis of the individual’s access yielded no evidence that financial information was accessed or that any health information was further disclosed,” Mayo Clinic explained. “Mayo Clinic will continue the proactive monitoring of patient records to prevent further incidents from occurring. Mayo Clinic takes this matter very seriously and is committed to maintaining the highest levels of integrity and trust for those it serves.”

Mayo Clinic is currently in the process of notifying patients who were affected by this incident, according to the organization’s statement. It was not specified what type of information was accessed, but Zmuda underlined the fact that financial information was not involved and that health information was not further disclosed.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Two computers stolen from Arkansas Blue Cross

July 21st, 2015

Arkansas Blue Cross Blue Shield members sent out potential data breach notification letters after its computers were stolen. Computers belonged to Treat Insurance Agency, which solicits applications from individuals for insurance coverage through multiple insurers which includes Arkansas Blue Cross.  ABCBS did not reveal the details of information present on the computers.

“Treat Insurance Agency very much regrets that theft from their offices has affected Arkansas Blue Cross members and applicants,” Arkansas Blue Cross Senior Vice President Ron DeBerry said in a statement.

“To reduce the risks that any similar thefts might affect our valuable customers, we will request independent insurance agents to protect their computer records by using encryption

technology on all computers storing any applications for Arkansas Blue Cross.”

The computers contained sensitive information of 560 Arkansas Blue Cross applicants. According to the reports, affected individuals by this incident will receive one year of complimentary identity protection services. The details of the theft are not known.

“The notification required by this section shall be made after the law enforcement agency determines that it will not compromise the investigation,” the legislation states. “Notification under this section is not required if after a reasonable investigation the person or business determines that there is no reasonable likelihood of harm to customers.”

As the device is stolen, ABCBS explained that there is no way to determine if an unauthorized person attempted to access the patient information. Also, it did not specify if the stolen computers were encrypted.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

 

IT security Professional Survey about Insider threat

April 12th, 2015

The SANS 2015 Survey on Insider Threats provided below results:

  • 74 percent of the IT security professionals said they’re worried about insider threats from negligent or malicious employees
  • 32 percent said they have no capacity to prevent an insider breach
  • 28 percent said insider threat detection and prevention isn’t a priority in their organizations
  • 44 percent of respondents said they don’t know how much they currently spend on solutions to mitigate insider threats
  • 45 percent said they don’t know how much they plan to spend on such solutions in the next 12 months
  • 69 percent of respondents said they currently have an incident response plan in place
  • More than 52 percent of survey respondents said they didn’t know what their losses might amount to in the case of an insider breach.

“While it’s good to see that a strong majority of security professionals are concerned about the dangers posed by insider threats, I was struck by the fact that investment in solutions that can help does not appear to be keeping pace with that concern,” SpectorSoft COO Mike Tierney said in a statement. “I believe a key action item called out by the survey data is that increased focus on, and investment in, addressing the concerns is required.”

According to the  2015 Vormetric Insider Threat Report:

  • 92 percent U.S.-based healthcare IT decision makers said their organizations are vulnerable to insider threats
  • 49 percent felt “very” or “extremely” vulnerable to insider threats.

According to the Harris Poll Survey-

  • 48 percent of healthcare organizations experienced a data breach or failed a compliance audit in the past year.
  • 48 percent of healthcare organizations experienced a data breach or failed a compliance audit in the past year.

“Healthcare data has become one of the most desirable commodities for sale on black market sites, yet U.S. healthcare organizations are failing to secure that data,” Vormetric CEO Alan Kessler said in a statement. “An overreliance on compliance requirements and a cursory nod to data protection point to systemic failures that are putting patient data at risk.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

8.8 To 18.8M Individuals affected by data breach

February 22nd, 2015

The recent revelation by Anthem was the continuation of previous data breach which was caused by hacking incident. Anthem, Inc spokesperson stated that anywhere from 8.8 million to 18.8 million non-customers could be impacted. The affected information included names, birthdates, Social Security numbers, addresses, phone numbers, email addresses and employment data that may have included income information.

Credit card information, bank account numbers or other financial data were not affected. Anthem is a member of an independently run Blue Cross Blue Shield (BCBS) national network and runs the BCBS healthcare plans in 14 states. Other states’ plans are independently run. Approximately 105 million individuals have coverage under the BCBS license in 37 different companies.

The Anthem spokesperson said that the facility’s investigation is in process, but it estimated that tens of millions of personal records were stolen during the breach. Federal and State investigations are also conducted along with internal investigation. Anthem will start sending notification to the affected individuals. As per the report, the Anthem’s drive was not encrypted which aggregated the breach.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.