Posts Tagged ‘identity theft’

« Older Entries

Health care data breaches on the rise – Get serious about the HIPPA

December 15th, 2011
English: US Healthcare Spending

Image via Wikipedia

How many healthcare organizations today are following the HIPPA (Healthcare Insurance Portability Act and Accountability Act of 1996)? Looking at the increase in health care data breaches, one know how much security laws are being followed.

The US healthcare system has always been the best choice for hackers. Every other data breach news item talks about health-care data thefts. According to the Ponemon Institute’s data security survey 96% of US healthcare organisations have been a victiom of at least one data breach in the last two years. Medical data handling practices are very sloppy and a disturbing reality check for patients. Data breach risks are very high especially related to identity theft and medical identity theft. Obviously patient’s privacy is affected. Every time a breach takes place, hospitals lose an average of  $2.24 million. Annually it would come around $6.5 billion.

What is the exact reason for this severe problem? – Silly mistakes on the employee’s part is the main culprit here. Although the mistakes are ’silly’, the consequences are disastrous. In addition t0 the employees, third parties and sub-contractors are to be blamed for data breaches. Needless to say, lost or stolen devices add to the reasons.

The survery also showed that the use of unsecured mobile devices contributed  to data theft. Most of the providers  do not do much to protect the data on these devices. These devices are used for gathering, transmitting, and storing patient information but obviously they are not secured enough. According to the report “An area that needs to become more of a priority is privileged user and access governance, with only 29 per cent agreeing that the prevention of unauthorised access to patient data and loss or theft of such data is a priority,”. “Hospitals and healthcare providers suffered an average of four data breaches in the past year, according to the report.”

The worst part of these data breaches is that once discovered they are notified to the customers only after a couple of months.

HIPPA needs to step in and enforce security laws. Every hospital has a data security policy but how many actually follow them? Very few, it is clear from the upsurge of data breaches. An HIPPA audit is a must for very organization. But that’s not enough. What is required is data encryption, virtual or dedicated firewalls, offsite backup and antivirus to meet HIPAA/HITECH standards and keep data secure.

Following are the consequences of a data breach that healthcare organizations suffer from:
81% Diminished productivity and lost time
78% Brand or reputation diminishment
75% Loss of patient goodwill
Result of these conseqences: dissatisfied patient,an average loss of $113,400 per customer/patient.
Data breaches are discovered through:
51% Employees
43% Audit/Assessment
35% Patient compliant

Following are the consequences of a data breach that healthcare organizations suffer from:

81% Diminished productivity and lost time78% Brand or reputation diminishment75% Loss of patient goodwillResult of these conseqences: dissatisfied patient,an average loss of $113,400 per customer/patient.
Data breaches are discovered through:
51% Employees43% Audit/Assessment35% Patient compliant

Alertsec is into the data encryption business

You cannot afford to wait any longer. Alertsec Xpress, the market leader in data encryption, is the need of the hour. Alertsec Xpress offers full disk encryption and is therefore superior to other encryption providers in security, performance, strength and ease-of-use for administrators and users. Alertsec also offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model.

Enhanced by Zemanta

No comments »

Posted in Computer security, Data Protection, computer security software, data breach, data encryption

Tags:

13 Million gamers exposed to data theft following a breach at Nexon

November 29th, 2011
Maple Story

Hack on backup server of Maple Story

We are back with another case of data theft that involves gamers IDs being stolen. We are talking about the latest breach in the gaming industry, the Nexon Security Breach.

Around 13 million gamers have been exposed to ID theft following a breach at gaming company Nexon.
The gamers information includes names, usernames, encrypted resident registration numbers and password hashes. Nexon maintains the popular online role-playing game, Maple Story. The breach was followed by a hack on a backup server for Maple Story last week. Fortunately data of the 5 million customers using other games maintained by Nexon was not breached.

According to the company’s spokesperson the incident took place on 24 November and it had informed law enforcement agencies to investigate urgently. This breach was only limited to players of the online role-playing game Maple Story. Nexon added that Maple Story is “completely independent of the service”.

The official further added that the exposed details did not include information on financial transactions or bank account numbers and had not affected overseas subscribers of the online game.

For prevention sake, the company has requested game subscribers to change passwords although the exposed data is said to be encrypted. As of today the total subscription membership of Maple Story is about 18 million. Minors are also members of this site and have a legal consent of their parental guardians. Nexon reports that “The information concerning legal guardians of users who are under 14 years of age is not involved in the hacking as it is stored in a different server.”

This breach has chosen a bad timing for Nexon as it is in the midst of planning an IPO. The IPO is planned for Dec 6.

This is what one encryption expert had to say about the case “This is unfortunately the latest in a string of attacks against gaming sites; hackers have realised that they represent a virtual treasure trove of personal consumer data,” Pauker said. “It’s time for the gaming companies to realise that security can’t be an afterthought. Good security is just as important as good graphics.”

This is a wake-up call for Nexon and it is bolstering its security policies. As a freebee it is offering game items to gamers who agree to change their passwords.

Alertsec offers data security services

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organisations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

No comments »

Posted in Computer security, Data Protection, computer security software, data breach, data encryption

Tags:

The John Anderson et al. vs. Hannaford Bros. Co. et al. case

November 1st, 2011
Retrieved from the website of the United State...

The First Circuit's decision may change some data breach laws

An appeals court’s decision may bring a major change in the data breach laws. The court’s decision is to permit negligence and contract putative class action litigation. This is specifically related to a grocery store chain data breach because of the alleged damages incurred.

Maine Law

The First Circuit has held that consumer claims for reimbursement of the cost of identity theft insurance and of fees for replacement of credit and debit cards following a breach of their personal information can be a cognizable injury under certain circumstances. For now, Maine Law recognizes this decision.

Case history

In the year 2007 hackers breached Hannaford’s – a popular grocery store chain – electronic payment processing system and stole up to 4.2 million credit and debit card numbers, with expiration dates and security codes. Fortunately customer names were not stolen. Hannaford made a public announcement about the breach and added that it had received a total of 1,800 reports of fraudulent credit and debit card activity. Some financial institutions canceled/reissued customer cards and monitored the accounts. But some of these institutions assessed fees on the consumers for offering such services. To be on the safer side, some consumers purchased identity theft insurance and/or credit monitoring services. The plaintiffs in the above lawsuit of Hannaford claimed damages that included these fees and services. In addition, allegations included loss of accumulated miles reward points, inability to earn reward points, emotional distress, and the time and effort spent during this period.

As per the initial Maine law time and effort were not to be counted as cognizable offences. Hence previously the court had ruled in Hannaford’s favor dismissing all claims.

The circuit court’s appeal

The First Circuit  was trying to assess whether the mitigation damages alleged by plaintiffs for negligence and breach of implied contract could be considered as a cognizable injury under Maine law.

The court’s ruling

First Circuit held that mitigation damages that arise from negligence and breach of implied contract claims can be cognizable under Maine law. But they have to be “reasonably foreseeable” and “reasonable,” and are for actual financial losses rather than just time or effort expended.

The Hannaford decision is a classic example of what a common man can do against a faulty legal system. The legal system is harsh but if you are armed with information and know your rights, you can appeal in the court of law and get your voice heard. Data breach victims can now heave a sigh of relief.

Alertsec helps keep Data Safe

The above case is a clear indication that in the absence of full disk encryption, privacy of people can get affected. To keep your sensitive data safe from thefts and hacking, it is very important to use Data encryption software. Everyday we are reading incidents taking place across global organizations which highlight the need of a data security and recovery software. By a mere investment of $13/month, the information can be secured with no loss what so ever. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model.



Enhanced by Zemanta

Comments Off »

Posted in Computer security, Data Protection, data breach, data encryption

Tags:

Data of one out of every three people in the state of MA has been compromised in the past 20 months

September 25th, 2011
Announcement3

State of Massachusetts has seen the maximum number of data breaches in the past twenty months. Personal information of about two million Massachusetts residents i.e. one in every three people who are residents of Massachusetts, has been breached through electronic data breaches.

According to the 2007 state laws all companies doing business in Massachusetts must inform consumers and state regulators about security breaches that might result in identity theft. The list includes leaks of individual names along with sensitive data like Social Security numbers, bank account, credit card and debit card numbers. The law came into being in 2007 as a result of a 45 million hack of credit card numbers from Framingham-based retailer TJX Cos.

Martha Coakley, Attorney General, said that nearly 1,200 data breaches have been reported. Quarter of these were the result of intentional hacking.

The largest breach in the time period was the hacking of information of about 800,000 people that was lost by a vendor hired to destroy it. In addition, information on 210,000 residents entrusted to a state agency was put at risk.

These data breaches contained information from names and addresses to medical histories.

What MA residents had to say?

Daniel Paul, a courier, gets the jitters when he thinks about it. He made online purchases with his credit card but started getting charged for things he didn’t buy: his credit card had been hacked. It was a nightmare to get things back on track.

Here is what he had to say ”Just going through getting everything changed back, changed over, getting charges off your account, your credit– it was awful,” said Paul.  ”I hope I never have to go through it again.”

Mike Paquette, Chief Strategy Officer for Corero Network Security in Hudson, MA said ”In today’s internet world there are so many opportunities where information can be disclosed, as an individual, unfortunately there is very little that you can do,”said.

Consumers do have the option of suing, but it really doesn’t get them anywhere as it is very difficult to prove data theft.

Consumers must carefully keep a track of their online transactions. It is always advisable to deal with well-known companies and do your homework about the company’s info.

Data security with Alertsec

Alertsec is here to take care of our security issues especially for anyone working with PCs. Alertsec Xpress is the service that automatically protects ALL information you store on your PC. The fact that we now buy more laptops than desktops shows that the information we all store is increasingly more vulnerable to be exposed. It is a much higher risk to lose a laptop than a desktop computer.

Encryption is the only secure method for complete protection of data stored on your hard disk. Today laptops are overtaking desktop PCs as the major source of computing and media storage, laptops frequently store an organization’s most valuable information. Thus laptop encryption is becoming more and more important.

Alertsec Xpress offers full disk encryption and is therefore superior to other encryption methods when comparing security, performance, robustness and ease-of-use for both administrators and users.



.

Enhanced by Zemanta

No comments »

Posted in Data Protection, Encryption, Uncategorized, computer security software, data breach, data encryption

Tags:

Vacationland Vendors admit to serious data breach

September 15th, 2011
Vendstar 3000 Vending Machine at Approved Cash...

Vending machine exposes visitors' personal data

Should you be staying away from vending machines? Many folks keep themselves away from vending machines for health sake.

There is one more reason to stay away now. Your personal information is at risk here ! Folks swipe credit cards whilst buying from the vending machines thereby storing personal data.

The following incident makes one think twice before putting that chip from the vending machine into your mouth.

A hacker gained entry into certain parts of Vacationland Vendors point-of-sale systems used to process payment-card transactions at Wilderness Resorts located in Tennessee and in the city of Wisconsin Dells, Wisconsin. The breach has affected around 40,000 people. Company’s spokesperson said “a computer hacker improperly acquired credit card and debit information.”

It is still not known how the breach was discovered or when. Whether those affected by the breach have been notified or not is also not known. The breach affected only arcade systems. Fortunately the resort operations and systems — reservations, restaurants, and shops — were not breached.

According to Vacationland, internal security has nothing to do with the breach at either of the two Wilderness Resorts. The statement further adds “Vacationland Vendors has learned that other businesses just like its own have been affected by this computer hacker,”.

Vacationland Vendors is working with an outside consultant and has beefed up its security of point of sale systems to protect from future breaches.

Customers who have used their credit card or debit card at the Wilderness Resort locations from December 12, 2008 through May 25, 2011have been asked to take the following immediate steps in order to prevent the unauthorized and unlawful use of their personal information.

According to Bill Bray, spokesperson for the Wisconsin Dells-based Vacationland Vendors, the same intruder had hacked other businesses as well.

a. Keep a close watch on bank statements and credit card bills and if you notice something strange immediately get in touch with authorities

•b. Place a fraud alert on your consumer credit file. This can be done by contacting one of the three national credit reporting agencies – Equifax (800-525-6285), Experian (888-397-3742) or TransUnion (800-680-7289).
c. Inform the local law enforcement or the state attorney general of any incident related to identity theft

How can Alertsec help?

Thus in the absence of full disk encryption, privacy of consumers is compromised. It is vital to use Data encryption software in order to keep our data safe from breaches. Data security and recovery software is the need of the hour. $13/month is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software-licensing model

Why is Alertsec the number 1 laptop encryption service?

3 easy steps to encrypt your data

a. Register for your subscription or 30-day free trial of our encryption software

b. Download and activate Alertsec Xpress online

c. Your laptop is now powered by Check Point Full Disk Encryption


Enhanced by Zemanta

No comments »

Posted in Computer security, Data Protection, Identity and Information loss, Uncategorized, data breach, data encryption, identity theft

Tags: