Log in

Posts Tagged ‘Health care’

London Health Programmes under fire for failing to report laptop loss

June 19th, 2011

Laptop Loss is a Major Business Risk

In the last few posts we talked about data theft/illegal data accessing. This post talks about the physical theft i.e. stealing of laptops ! Laptop theft is a significant threat to computer users. Many tools such as laptop locks, alarms and visual deterrents such as stickers or labels have been developed to prevent laptop theft. Victims of such a theft lose hardware, software and important data if they fail to back it up.

London Health Programmes, a medical research organisation based at the NHS North Central London health authority, has lost 20 laptops. This could be the biggest ever health care data breach suffered by the NHS.

Only 3 laptops have been recovered so far. One of the missing computers contained details of 8.63 million people and the NHS medical records of 18 million hospital visits, operations and procedures. The information included the postcode, age, ethnic origin of the respective patients, but not their names. This machine was, unfortunately, not encrypted. It was taken from a storeroom of NHS.

Any allegation that sensitive personal information has been compromised is concerning, and we will now make enquiries to establish the full facts of this alleged data breach,” the ICO said in a statement on Wednesday.

According to a spokeswoman for the ICO told ZDNet UK ”If the data has been breached, the implications could be serious, according to the ICO. “[The NHS] holds millions of [bits of] data on millions of people. They’re probably the body that hold the most sensitive data in the UK, they have millions and millions of records being accessed every day,”

NHS has suffered multiple breaches in the past few years. The Information Commissioner’s Office issued a public warning to the NHS in the year 2009 to beef up security.

What could be more disturbing is the fact that the laptops could have been encrypted all along. David Tomlinson, managing director of Taunton-based Data Encryption Systems, said the NHS has a licence to run McAfee software on all its computers, including the SafeBoot disk encryption product.

“If someone wasn’t encrypting their laptops, questions should be asked,” he said, “because they’ve paid for [the encryption].”

The Information Commissioner’s Office (ICO) and the police are investigating the theft.

Better late than never, the Department of Health issued a statement saying all NHS organisations should ensure laptops are encrypted.

Alertsec at your service

Alertsec Xpress is powered by Check Point Full Disk Encryption – the global leader in data encryption software with millions of users worldwide! This news stresses the need for data protection applications. The loss in the above incident could have simply been reduced to an insurance matter by a mere investment of $13/month. The amount is meager compared to what the company has lost. The need of Data encryption software and recovery software cannot be underestimated . Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial

No comments »

Posted in Computer security, laptop theft

Tags: alertsec AlertSec Xpress computer encryption software Health care laptop London Medical research National Health Service Notebooks and Laptops Sun Theft

Geisinger Discloses Potential Patient Data Breach 2900 Patients Affected

January 10th, 2011

Electronic Medical Record

Geisinger Wyoming Valley Medical Center

Shannon Konopinski is a resident of Hazleton resident who has contacted lawyers. Why? Since, she is worried about the possible public leakage of her personal health information and family on the internet and has contacted lawyers. Apparently, she is upset about a letter she had received which stated that a former physician sent her protected health information to his home e-mail in an unencrypted manner. Infact Shannon is not the only one and this is what exactly happened!!

Unencrypted Email Caused Data Breach

Geisinger Health System is a physician led health care system, dedicated to health care, education, research and service spanning 43 counties of 20,000 square miles and serving 2.6 million people. Geisinger became aware on 6th November last year, that a limited amount of protected health information had been emailed around 3rd November by a former Geisinger Wyoming Valley Medical Center gastroenterologist. He was emailing PHI from his Geisinger computer to his home computer in an unencrypted fashion. The physician had sent this information to his home computer to complete an analysis of his procedures.

Data Breach Affected 2,900 Geisinger Patients

Geisinger Health System acknowledged that approximately 2900 Patients were affected by this data breach had been disclosed on 27 December 2010 in an unauthorized manner in a press release. Affected patients were later on notified by a letter. According to a Geisinger press release, in the letters that went out to the affected patients, Geisinger notified patients that protected health information (PHI) was improperly disclosed when a former Geisinger Wyoming Valley Medical Center gastroenterologist emailed PHI to his home email account without first encrypting it.

Leaked Data didn’t Include Financial Information

Unencrypted information included patient names, Geisinger medical record numbers, procedures, indications and physician’s notes on the care provided. These are some of the most basic information that constitute PHI and requires safeguarding under HIPAA. It did not include telephone numbers, addresses, SSNs, patient account information and any other information that would lead to financial fraud. According to Geisinger the PHI did not include any financial information that would make the patients vulnerable to identity theft.

Geisigner Notified Patients under the HITECH Act

Geisigner had to notify the patients under the HITECH (Health IT for Economic and Clinical Health) Act which amended HIPAA, because the information was not protected with encryption software before being sent.

According to HIPAA, if electronic PHI is lost or stolen and it was not protected with encryption, full disclosure is to be made to the patients and to the HHS, which oversees and enforces the implementations under HITECH.

The doctor who caused the breach at Geisinger no longer works for the medical center but it is not specified whether he resigned or got fired, according to the reports. There are two main reasons behind these continuous data breaches: the first reason is heavy number of electronic data, the more data there is electronically, the more vulnerable it is to breaches. The second and the most important reason is the lack of awarenesses of computer encryption software, desktop encryption software, laptop encryption software and data encryption software.

How Alertsec Xpress Would Have Helped

In an incident which highlights the need of a data security and recovery software, the threat could have simply been reduced to an insurance matter by a mere investment of $13/month. The information would have been secure with no loss what so ever. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial.

Cleveland Clinic, Mayo Clinic join 5 others in data-sharing group (medcitynews.com)
Dell Encryption Solution Helps Organizations Protect Data and Comply with Government Regulations (eon.businesswire.com)
Manage-Trak Releases New Resources for Practices Scrambling to Get HITECH Act Ready and HIPAA Compliant (eon.businesswire.com)
Open Source Makes Debut in Health Care (blogs.forbes.com)
ZixCorp Offers New Solution to Strengthen HIPAA Compliance (eon.businesswire.com)

No comments »

Posted in Encryption, Uncategorized, data breach

Tags: alertsec AlertSec Xpress breach notification breach notification laws data data breach data encryption data security Encryption Geisinger Health System Health care HITECH Act Hospital identity theft

Data Breach in Los Angeles Hospital

September 25th, 2010

CMIO.net has revealed a recent activity of data breach in Los Angeles. According to it, the data containing information of 33,000 patients has been leaked from a major Los Angeles hospital.

The Los Angeles County Department of Health Services and the Los Angeles County Sheriff’s Departments have started informing patients at the Martin Luther King Jr. Multi-Service Ambulatory Care Center in South Los Angeles about possible bad effects of data breach. They are doing this because the leaked data has contained information like patient’s names, their addresses, medical record numbers and finance batch numbers. But the good thing is the data didn’t contain specific medical information or social security numbers. Due to this activity the patients can face issues like insurance fraud and identity theft.

In order to prevent data theft a need arises for data security and data encryption. For big companies, organizations and healthcare sectors, preventing data from outsiders is a necessity. Many software companies are giving far better solutions in the form of Data Encryption Software, Computer security software or some of them provide Full Disk Encryption.

How Alertsec Xpress Would Have Helped

The above threat could have simply be reduced to an insurance matter by a mere investment of $13/month. The information would have been secure with no loss what so ever. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial.

No comments »

Posted in Data Protection, data breach

Tags: California Counties Cryptography Health care identity theft Los Angeles Los Angeles County California Los Angeles County Sheriff's Department Martin Luther King Martin Luther King Jr Medical record United States

Laptop stolen from Philadelphia hospital, personal data of 21000 patients compromised

August 9th, 2010

Thomas Jefferson University Hospital in Philadelphia became the latest victim of laptop theft on June 14. The laptop contained personal information of approximately 21000 patients like their names, birth dates, insurance information and Social Security numbers. Those people who received inpatient care between March ’08 and November ’08 are covered under this theft.

The hospital has hired a risk consulting company to assess the amount of damage and has also started the process of notifying the people whose information has been compromised. An identity theft protection service has been offered to all such people.

“On behalf of everyone at Jefferson Hospitals, please accept our apologies and know that we are committed to providing assistance to the affected patients,” Jefferson Hospitals president and CEO Thomas Lewis said in a statement. “Jefferson Hospitals has extensive internal policies reflecting our commitment to the appropriate use of personal health information and employees receive training on these policies annually.”

A hospital employee violated policy by copying data from the hospital’s computer system to a laptop. The employee will be subject to an unspecified disciplinary action. Though the laptop was password protected but the data was not encrypted.

This incident is just the latest in a string of data breaches and device thefts that have plagued hospitals and health-care providers this year.

How to prevent data breach?

In cases of laptop theft, the insurance company may cover the hardware loss, but the data might be lost forever, or in worst cases might land in the wrong hands. Thus, data security software is required which will reduce the theft to merely that of hardware. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data.

Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial.

This Week in Leaks (Aug. 6, 2010) (palisadesystems.com)
Computer with patient data stolen from Jefferson (philly.com)
Identity Theft in Laptops (socyberty.com)

No comments »

Posted in Uncategorized

Tags: data breach Health care identity theft Philadelphia Social Security number Thomas Jefferson Thomas Jefferson University Thomas Jefferson University Hospital

USB Key containing vital health record stolen

August 7th, 2010

A USB key containing vital health record of 763 patients was stolen from a University Health Network employee in Ontario. Soon after, Ontario’s privacy commissioner Ann Cavoukian has launched a new awareness campaign for health care workers.

She said all patient information copied onto mobile devices like laptops, PDA’s, USB keys etc must be encrypted because health care workers don’t seem to recognize the fact that information in such devices poses a privacy risk.

Currently, all clinical devices such as laptops and desktops are encrypted at University Health Network comprising of Toronto General, Toronto Western and Princess Margaret hospitals. Dr. Bob Bell, President & CEO stated that by the end of September, all research computers will be encrypted.

We are in the process of putting USB keys across the organization that are encrypted. We told all our staff they must put patient information on an encrypted device if they need to put it on a device at all. The next step is to move to an encryption of any kind of downloading from a clinical site onto a remote device,” he said.

“This step will, however, create compatibility issues with other programs UHN staff use in teaching and research. It will make things more difficult but our first priority is the safety and confidentiality of our patients,” he added.

Police was notified by the UHN officials after a pharmacy assistant, doing an analysis of antibiotics in surgical patients, got her purse stolen.

“I don’t think there’s any suggestion that there’s valuable information on the USB key or that people actually knew what was in her purse or even that people would understand the data that’s on there,” said Bell.

He added that patient names, admission, discharge and medical procedure dates were in the files, but OHIP numbers, addresses, phone numbers or any other information that could compromise the financial security of the patients was not in the files.

UHN staff received notice of the “Think Before You Copy” campaign on Wednesday, encouraging them to reconsider the transfer of files to mobile devices, and to use encryption and password protection.

“Personal health information is the most sensitive information about you that exists…the fact of disclosing what surgical procedures you had, indicating what ailments you had, that alone is highly damaging from a privacy-invasive perspective,” said Cavoukian.

This is one amongst the many incidents of computing devices being stolen from healthcare workers. Previously, a laptop of a UHN employee was stolen from a car.

Data Security with Alertsec Xpress

If you use a data security software a theft would simply be reduced to an insurance matter and cost of the hardware plus time to rebuild the laptop. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial and secure your systems right now.