Hospital

Break In causes data breach

February 14th, 2017

Wichita, Family Medicine East, Chartered based in Kansas reported that it suffered data breach due to theft of an unencrypted desktop computer and printer from its facility. As per the reports, an individual got into the building by breaking an exterior window. Family Medicine mentioned that police have not yet caught the thief. Also, stolen items are not recovered.

Family East mentioned that “a significant number contained images of typed office notes dictated by Family Medicine East physicians during 2002 and 2003.”

Affected information included patient names, dates of birth, appointment dates, and the name or initials of the physician or PA who saw patients were in the notes. Social Security numbers and addresses are not included in the breach. Letters written to other physicians discussing a Family Medicine referral were included for few. Letters were also identified by name and information about their medical condition.

“[The notes and letters] were typed by transcriptionists engaged for that purpose in 2002 and 2003,” Family East said in its online statement. “The files remained on the computer that was stolen as a result of an employee’s oversight, and were not detected during a number of risk analyses undertaken prior to the theft, as part of efforts to secure all individually identifiable health information.”

Individuals who got treated in 2002 or 2003 are asked “to take steps to eliminate or minimize potential harm that could be caused by the theft.” Steps also include obtaining credit reports and monitoring their financial and baking accounts for activities.

Facility mentioned that it is offering complimentary credit monitoring services to potentially affected patients. It also said that all computers and systems will be encrypted.

“While Family Medicine East hopes to recover the stolen computer, this may not be possible,” the statement explained. “As part of its ongoing effort to prevent breaches of protected health information, Family Medicine East began the process of encrypting health information stored on laptop computers used by the doctors, PAs and nurses for patient care some time ago.”

_____________________________________________________________________________________________________

Alertsec’s cloud-based information security service provides an easy and convenient way to protect information on your organization’s laptops and computers.

Health Facility suffers email hack

February 7th, 2017

Multicare Health System recently announced data breach due to an email hack. The incident potentially affected 1,200 patients. The Washington health system mentioned that it has no information at this time to believe that any patient personal health information was accessed or misused in any way.

Facility will send the notification to affected patients. Also, patients have been advised to review their Explanation of Benefits statements and to remain vigilant to signs of irregularities related to their health insurance.

MultiCare stated that an unauthorized individual gained access to an employee email account. The information in the emails likely contained personal patient information ranging from addresses to account balances. Facility added that financial information and Social Security numbers were not present on the affected email account.

After the incident the affected email account has been secured. Password has been changed. Facility initiated an investigation into the incident and has provided contact information for patients concerned about the status of their information.

About Multicare:

“MultiCare is a not-for-profit health care organization with more than 10,000 employees and a comprehensive network of services throughout Pierce, South King, Thurston and Kitsap counties.

Facilities heritage dates back to the founding of Tacoma’s first hospital in 1882. Since then, it has grown to meet the ever-changing needs of our region-always focusing on excellence, innovation and patient care.”

When  email account gets hacked one should follow below steps to minimize the damage:

Initial step is to assess the damage done by hackers.

Visit the website of your email provider and try to regain the access.

Change the password by authorised method. Check inbox and trash for any password reset emails, which were not initiated by you.

Scan your computer with anti virus software. Many emails are hacked today to install virus on your computer.

Review your personal settings.

Validate the source  of any program, game and app before downloading it.

_____________________________________________________________________________________________________

Alertsec Endpoint Encrypt is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

MA hospital data breach

June 27th, 2016

Massachusetts General Hospital (MA) suffered potential data breach when some dental practice patients may have been affected by the hacking incident. It involved third party vendor that provides dental practice information management software.

As per the statement,  “Massachusetts General Hospital (MGH) is deeply committed to the security and confidentiality of our patients’ information, including any such information maintained by our third-party vendors. Regrettably, this notice concerns an incident involving some of that information.”

Vendor found out that unauthorized entities had gained access to its systems. It exposed some of the hospital’s patient files. Probable accessed information included names, dates of birth, Social Security numbers, medical record numbers, dates and types of dental appointments, and dental provider names.

MA mentioned that the attackers did not access any of its systems or any files managed by the hospital. Vendor Patterson Dental Supply Inc contacted local law enforcement officials. Investigation is initiated for the hacking event and law enforcement officials have asked MA to withhold notifying potentially affected patients. It also stopped them from releasing a public statement until the investigation was over.

Later on 26 may, the hospital got the necessary permission to contact impacted individuals. It  then mailed notification letters to all affected patients on June 29. Call centre is also created to answer the query related to the incident. The statement did not mention the number of affected individuals.

“We are committed to the security of sensitive information maintained by our third-party vendors and are taking this matter very seriously,” explained the statement. “To help prevent this type of incident from happening again, PDSI [Patterson Dental Supply Inc] took steps to enhance the security of its systems that maintain dental practice data.”

————————————————————————————————————————————————————–

Alertsec is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your or
ganization.

UNM Hospital suffers potential data breach

June 13th, 2016

Potential healthcare data breach affected around 2,827 patients. Affected information included names, provider names, dates of service, and descriptions of medical services, such as X-ray or flu shot information, disclosed after their information was mailed to an another address.

According to the reports, facility mistakenly mailed 33 invoice documents to 18 addresses sometime between December 22, 2015 and April 2, 2016. Documents contained patient information for several individuals. The incident was caused by a technical error in the hospital’s billing systems.

Facility mentioned that there is involvement of financial, health insurance, or detailed treatment information. It also didn’t include dates of birth, Social Security numbers, or medical record numbers.

“UNM Hospital is committed to protecting the privacy and confidential health information of all of our patients, and we take this incident very seriously,” said Chief Privacy Officer of the University of New Mexico Health Sciences Center Sarah Morrow. “We have thoroughly investigated and identified the technical issues that lead to the erroneous mailings, and we are monitoring the system to ensure this does not happen again.”

According to the UNM website –

The UNM Health Sciences Center’s most important value is a steadfast duty to improve the health of all New Mexicans. We will serve our patients and the public with integrity and accountability. We will strive as an institution and as individuals to recognize, cultivate and promote all forms of diversity; to fully understand the health needs of our communities; and to advance clinical, academic, and research excellence. We are committed to perform our duties with compassion and respect for our patients, learners, and colleagues; and always to conduct ourselves with the highest level of professionalism.

————————————————————————————————————————————————————-

Alertsec is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Check Point Full Disk Encryption.

Computer Virus Causes Data Breach

April 7th, 2016

Mercy Iowa City, an acute care hospital and regional referral center, recently suffered data breach  due to computer virus. Mercy Lowa City did not mention the number of affected individuals but the OCR data breach portal mentioned that 15,625 individuals were affected by the incident.

Mercy Iowa City came to know about computer virus on January 29. It had potentially infected some of its systems three days prior. The hospital now has secured the computer systems to prevent the spread of the virus.

“That’s a small percentage compared with the total number of patients the hospital serves”, said Margaret Reese, interim director of marketing and community relations and president of the Mercy Hospital Foundation. She said she did not know the total number of patients, adding that “it would be a huge number when you consider all of the many services.”

Internal investigation is carried out by forensics firm. Capturing personal data was the main motive of the computer virus. Thus it is believed that data breach has occurred.

Reese said Mercy has been working with federal law enforcement on its investigation. The hospital’s release said current safeguards have been enhanced to protect sensitive data. Reese said she could not comment on what the enhancements were.

According to the reports, unauthorized access to patients records by outside entity has resulted into the incident. which did not affect all Mercy Hospital and Mercy Clinic patients.

According to the statement, “Mercy deeply regrets any inconvenience this may have caused our patients. To help prevent something like this from happening in the future, we have enhanced our existing technical safeguards to protect patient information.”

Affected information included names, dates of birth, addresses, treatments, diagnoses, medication lists, names of health insurers, and health insurance policy numbers. Social Security numbers may also have been accessed for some patients.

“To help prevent something like this from happening in the future, we have enhanced our existing technical safeguards to protect patient information,” stated the press release.

The hospital also created a call center dedicated to answering questions about the data security event. Mercy Iowa City mentioned that there is no evidence patient information misuse.

————————————————————————————————————————————————————-

Alertsec is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Unauthorised Access and Data Breach

March 19th, 2016

University Hospitals Geauga Medical Center suffered data breach when a former employee improperly accessed health data.The employee has since been terminated.Affected information
included patient names, dates of birth, medical record numbers, and health information related to medications. UH stated that there is no reason to believe this incident will lead to identity theft.

UH mentioned that 677 potentially individuals were potentially affected. It will be reeducating staff on HIPAA regulations. According to the statement, UH is unaware of any identity theft or harm to patients caused by the access of information. The concerned individuals are being notified of the incident. Also, law enforcement were notified about the incident.

UH have taken steps to correct the situation and prevent similar occurrences in the future.

HIPAA administrative safeguards consists of following main aspects –

  • Security management process
  • Assigned security responsibility
  • Workforce security
  • Information access management
  • Security awareness and training
  • Security incident procedures
  • Contingency plan
  • Evaluation

Business associate contracts and other arrangements

“Even in our increasingly electronic world, it is critical that policies and procedures be in place for secure disposal of patient information, whether that information is in electronic form or on paper,”

explained OCR Director Jocelyn Samuels, adding that PHI security is essential for entities of all sizes.

“All too often we see covered entities with a limited risk analysis that focuses on a specific system
such as the electronic medical record or that fails to provide appropriate oversight and
accountability for all parts of the enterprise,”Samuels said in a statement.

————————————————————————————————————————————————————-

Alertsec has created a web based encryption service that radically simplifies deployment and
management of PC encryption by using industry leading Check Point Full Disk Encryption (former
Pointsec) software.

Marketing firm acquires patient names and address

July 28th, 2014

In an unprecedented event, Essentia Health of Fargo, North Dakota, has suffered data breach due to educational event. A marketing firm was able to access 430 patient names and addresses without their consent. Incident occurred when someone from the Essentia gave portable device containing patient data to the firm, Get Marketing. Essentia chief compliance and privacy officer Vicki Clevenger maintained that no patient medical data had been compromised.

“We have also taken the appropriate actions according to our policies and have provided additional education to the staff members involved to prevent future occurrences,” Clevenger said to inforum.com. “There was no additional information shared, including no medical and clinical information,” Clevenger added.

When Essentia was sending patients information to a free educational event that offered new procedures for those dealing with lower back pain, the breach occurred. In all 70 patients attended the event, but Essentia did recognize that a breach had occurred when the event was being promoted. Jodine Wien, a Moorhead patient, complained to Essentia when she found that her name and address had been given to Get Marketing that was involved in sending out the invitations.

“I’m a little angry at Essentia,” Wien said Monday, adding that she was displeased with the health provider’s initial responses to her complaint. “I was treated completely rudely and nobody wanted to say anything.”

Essentia determined that patients’ names and mailing addresses were “erroneously” released to Get Marketing, which was “engaged and paid by a medical device manufacturer, not Essentia Health,” Clevenger wrote Wien.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

ProMedica Bay Park Hospital suffers data breach

May 29th, 2014

ProMedica bay Park hospital has decided to notify about 500 affected patients about the data breach. Protected Health Information(PHI) had been copied by the incident when employee inappropriately gained access to the information. Compromised data includes patient names, dates of birth, diagnoses, attending physicians, and medications. According to reports, Social Security numbers and financial data were not accessed.

“ProMedica Bay Park Hospital values patient privacy and deeply regrets that this incident occurred,” the organization said in a statement, reported by northwestohio.com. “The hospital is taking this matter very seriously. ProMedica immediately deactivated the employee’s access to patient information and the individual is no longer employed by ProMedica. ProMedica Bay Park Hospital has completed an internal investigation and is taking precautions to prevent any further health information breaches. This includes additional training for employees to ensure they understand and follow patient information access policies.”

It was revealed that previous employee accessed records of patients when not in directly under the employee’s treatment. The hospital said it will offer all affected patients a one-year membership for identity theft protection services, which includes a security freeze on their credit file, 90-day fraud alert notice, and free annual credit reports and other account statements.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta

Centura Health hit by phishing attack

April 29th, 2014

 

Mercy Regional Medical Center of Durango, Colo.  suffered data breach because of phishing attack. In the recent times, phishing attacks have become more complex. It is observed that it is difficult even for shrewd of users to pick out. Mercy which is owned by Centura Health notified 1000 patients about the incident. Data affected by phishing attack includes names, Social Security numbers, Medicare beneficiary numbers, addresses, dates of birth and phone numbers. It also includes protected health information (PHI) such as diagnoses, dates of service, names of a patient’s treating physician and medical-record numbers.

Statement of Centura read, “We became aware that a small number of employee e-mail accounts may have been accessible as a result of the phishing. We hired an outside forensics expert firm to perform a comprehensive review of the affected employees’ e-mail accounts and confirmed that some of the e-mails contained patient information and may have included patient demographic information and/or clinical information and in some instances Medicare Beneficiary number and Social Security number.”

According to reports, Mercy employees were the target of a phishing email attack in which the hackers tried to obtain user names and passwords.  Phishing email was carefully drafted which gave the impression of authentic communication which trapped some employees to reveal system login information.

“Those steps included immediately stopping the attack, performing an investigation and hiring an outside forensics expert to assist, reinforcing education to all employees regarding ‘phishing’ emails and continuing to implement enhancements for strengthening user login authentication,” the statement read which implies Centura taking steps to implement  and reinforce necessary protective measures to help prevent future occurrences.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

Hackers target Boston Children’s Hospital

April 24th, 2014

 

Cyber security hackers have made various attempts to crack Boston Children’s Hospital website. It was observed that hackers aim was to overload the Children’s website and potentially expose hospital’s internal network. According to reports, no attack was successful. Also, according to Children’s hospital no data has been illegally accessed.

Hospital has to shut down some web pages due to this hacking incident. As a result of which many patients were not able to access the details related to appointments, test results, and other case information. This attacks has not been linked to hackers group, Anonymous directly- But there seems connection for the attacks and group’s involvement in the Justina Pelletier (a Children’s patient) child custody case

Children’s chief executive Sandra Fenwick told employees that “multiple attacks, designed to bring the site down by overwhelming its capacity” and that the hospital “received a direct, credible threat against our internal network, including staff and patient information…”

It is believed that Anonymous is specifically targeting Children’s Hospital because of the Justina Pelletier case. According to reports, hospital believed that she had psychiatric and not physical problems. Since then Anonymous is involved in the campaign against the hospital. Boston Children’s Hospital has filed child abuse charges against Pelletier’s family following it seeking treatment for her alleged intestinal and other issues

Anonymous said, “To the Boston Children’s Hospital why do you employ people that clearly do not put patients first?” continued as “We demand that you terminate Alice W. Newton from her employment or you to shall feel the full unbridled wrath of Anonymous. Test us and you shall fail.”

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta