Health policy

Howard University Hospital suffers data breach

July 18th, 2015

Howard University Hospital in Washington, D.C. suffered data breach when more than 1,400 patients received letters intended for other individuals. The letters included names, account numbers, and dates that other individuals visited Howard University doctors. Social Security numbers, dates of birth, and other personal information were not included

According to the reports, data error reportedly caused letters to go out to people with the right surnames, but the wrong addresses. Howard University explained that California Healthcare Medical Billing, Inc. and JP Recovery Services, Inc. had been hired to mail letters to patients who had not yet paid their bills.

University said that they become aware of the incident on May 11 and will notify affected individuals.

Similar incident includes the breach at Virginia Commonwealth University Health System. The incident involves employee taking CDs which were no longer needed for the organization’s services and donating them to assist with children’s art projects. The affected information includes names and one or more of the following for 1000 patients: home addresses, dates of birth, medical record numbers, clinical information and health insurance information.

“This error brought to light a vulnerability in our system that developed over time and that we are working to correct, and we are deeply sorry for the inconvenience this may have caused some of our patients,” said John Duval, CEO of MCV Hospitals and Clinics.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

PHI exposed on emails

November 22nd, 2014

Anthem Blue Cross members in California received emails from their health insurer having their own PHI in the subject line. It is not known whether the act of sending PHI in email is considered as data breach. The email was related to routine checkups and preventative screenings with their doctors. But the email also included information like age range and language along with possible medical screening tests – marked “Y” for recommended tests and “N” for tests not listed in the email.

This information is certainly sensitive, as you can imagine, because a call for certain tests, and frequency, could indicate a health problem,” wrote one female Anthem patient who received the email.

The woman said she received the following subject line from her health insurer:

Don’t miss out — call your doctor today; PlanState: CA; Segment: Individual; Age: Female Older; Language: EN; CervCancer3yr: N; CervCancer5yr: Y; Mammogram: N; Colonoscopy: N

“We know that patient privacy and security is just as important as having the most comprehensive medical records,” Mark Morgan, president of Anthem Blue Cross, told a reporter at the time of the HIE announcement. The incident occurred when the Anthem Blue Cross is working to further expand in the health IT world.

Blue Shield of California and Anthem Blue Cross has combined strength of 9 million customers in a new comprehensive network, Cal INDEX.

“Hospitals have moved away from using ordinary email because there are all sorts of ways in which it can be compromised, intercepted in transit, or seen by your email provider,” said Jonathan Mayer, a computer scientist and lawyer at Stanford who specializes in data security and privacy.

He added, “It’s especially bad when the information is in the subject line because who knows where that could pop up — on a desktop, a phone.”

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.