Health Information Technology for Economic and Clinical Health Act

Urology clinic suffers data breach

August 5th, 2015

A Montana urology clinic storage unit that housed patient records was broken into and patient data was possibly accessed. The Department of Health and Human Services (HHS) Office for Civil Rights (OCR) online breach reporting database shows that 6,500 patients were affected.

Practice manager Tanna Darling mentioned that Urology Associates have sent data breach notification letters to patients. Darling said that “over a few thousand” letters were sent out.

Urology Clinic officials reported that the break-in occurred at the clinic’s storage unit having gated facility. There is possibility that the unauthorized individual was renting a separate storage unit at the facility and therefore had access to the first gate.

“Everything was in disarray, but it honestly didn’t look like they took anything,” Darling said.

Kalispell Police Department Captain Scott Warnell said that the incident is part of a larger trend that is happening across the county, and that the department is making extra patrols on storage units to ensure that unauthorized individuals are not in the area. Patients whose information was possibly accessed will receive one free year of credit monitoring from Urology Associates.

Montana data breach notification law was updated last year.

“Upon discovery or notification of a breach of the security of a data system, a state agency that maintains computerized data containing personal information in the data system shall make reasonable efforts to notify any person whose unencrypted personal information was or is reasonably believed to have been acquired by an unauthorized person,” the law states.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Stolen server leads to data breach

February 18th, 2015

Three notices were sent to patients informing them about the data breach which was caused by burglary in California dentist Dr. Cathrine Steinborn’s office. Apparently, first notice didn’t contain enough information, as two more notices were sent.

“Your dental records and radiographs were fully backed up, so there will be no loss of continuity of care,” Steinborn wrote in the first data security notice. “However, your personal identity and insurance information is on the server and could be compromised.”

The first notification failed to notify patient’s the details of information may have been compromised by the data breach. Dr. Catherine explained that a door was forced open and the server containing patients’ electronic records was stolen.

A police report was filed and the dentist’s office is working with its property manager “to enhance the physical security of the building,” Steinborn explained.

Second letter mentioned that the dentist’s office does not store patients’ financial information, such as credit cards, or driver’s license numbers but keeps names, addresses, phone numbers, insurance information, dates of birth and group numbers on file. Also, patients’ Social Security numbers, as well as all patients’ health history and dental records are kept in office.

“Our server had two levels of password protection, but was not encrypted,” Steinborn said in the second letter. “Currently, our files are in the cloud, in an encrypted form. I will be having the new server encrypted. An IT specializing in HIPAA will complete a thorough risk evaluation and we will be implementing robust physical and IT security going forward.”

Final letter was about security aspects.

“We previously provided notice of this incident to you, and are providing you additional information about the incident and helpful information on protecting against identity theft and fraud.”

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Former employee’s unauthorized access causes data breach

November 30th, 2014

Health care security breach was caused due to theft of 35 computers and 34 scanners by former IT contractor of Franciscan Health Systems. Three affected Washington hospitals are working to solve the lapses. According to the reports, the former employee Justin Page accessed one hospital six times, an administrative office 24 times, and an education and support facility eight times.

“We’re going to find the discrepancies in our system and make sure it doesn’t happen again,” Scott Thompson of Franciscan Health Systems told the news source. “We’re right now taking some internal review of all those policies and procedures, to make sure we’ve figured out why this happened and make sure it doesn’t happen again.”

Justin Page kept his active security pass months even after he had completed his work for the company. He is charged with stealing $100,000 in computers, scanners and other equipment from three Franciscan facilities. Court documents indicate Page attempted to sell the hardware to help pay for an expensive pill addiction. A man identifying himself as the suspect’s grandfather said Page was feeling sorry.

According to the preliminary reports, Patients’ Protected Health Information (PHI) might not have been affected. Organizations need more stringent administrative and technical safeguards to prevent such incidents. It is always advisable to keep track of individual’s activities having sensitive data access.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.