Illinois

Improper disposal of paper documents leads to Lawsuit

May 12th, 2015

A lawsuit was filed against a Chicago area storage company, after it allegedly exposed sensitive patient information by dumping paper records in a public dumpster. Illinois Attorney General Lisa Madigan filed a lawsuit when improper disposal of paper records breached patient names, dates of birth, Social Security numbers and other sensitive personal information.

FileFax Inc. “failed to provide safe, secure and proper collection, retention, storage and destruction of Suburban Lung records, Madigan explained.

“This company brazenly violated the law and jeopardized the personal information and privacy of thousands of Illinois residents,” she said.

Earlier, Suburban Lung Associates had contracted with FileFax to maintain and destroy patient medical records. Affected individuals had been patients at Suburban Lung Associates. The facility operates in numerous north and northwest suburban Chicago locations.

According to Madigan, FileFax violated Illinois’ Personal Information Protection Act. The act was passed to ensure consumers’ personal information protection in the state. The lawsuit states that the company violated Illinois’ Consumer Fraud and Deceptive Business Practices Act. According to the lawsuit statement, in some instances, FileFax disposed of Suburban Lung records in an unlocked garbage dumpster outside of its facility that was accessible to the public.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Series of lawsuits against Good Samaritan

December 7th, 2014

Troy, NY-based Good Samaritan Hospital breach has various pending lawsuits from seven parties which include four current or former correction officers, a jail employee, the family of a correction officer on behalf of a minor child, and a private individual who sued the county.

“Rensselaer County has paid $25,000 in a court award and set aside $90,000 for expected legal fees in a flurry of lawsuits brought by jail officers and others whose medical information was viewed for years by employees using a computer in the jail nurses’ office,” the article stated.

Good Samaritan has earlier notified 23 people about data breach which resulted from stolen data from Rensselaer County Jail’s nurse’s station. The recent example involved inappropriate access to girl’s record. Case was resolved by parents agreeing for $25,000 settlement. Incident involved next door neighbor who is Rensselaer County Jail officer reportedly gaining access to the girl’s data.

To safeguard information companies should follow below steps:

  • Keep all HIPAA safeguards up-to-date
  • Training employees for importance of securing the data
  • Staff members must understand what type of medical access is appropriate
  • Proper HIPAA technical safeguards can monitor when employees log in, and whether that access is necessary

One should understand importance of technical safeguards whose definition goes by:

The technology and policies meant to protect electronic health information is safe. There used to be two divisions for this safeguard called “technical security and mechanisms” and “technical security services.” Covered entities are not forced to choose a specific type of technical safeguard as long as what they choose permits them to remain HIPAA certified and compliant.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

personal data of 4 million Advocate Patients at risk

August 2nd, 2013

Patients of Advocate Medical Group, located in Central Illinois are among those whose personal information may be at risk after four computers were stolen in a burglary of an Advocate administrative building in Park Ridge.

Advocate Medical Group is a physician-led group that includes about 1,000 doctors at more than 200 locations in the Chicago area and central Illinois. It is part of Advocate Health Care, the largest health system in Illinois with 13 hospitals.

The computers stolen did not contain any patient medical records, however  4 million patient’s information including names, addresses, dates of birth and Social Security numbers were compromised during this overnight burglary. The computers also contained some clinical information, such as medical record numbers, treating physicians and/or departments, medical service codes, diagnoses and health insurance data.

Advocate sent the letters about the burglary to an estimated 4.03 million patients, including people who have visited a doctor in the Advocate Medical Group.

Advocate’s chief medical officer, Kevin McCune, said in a statement “Security is a top priority for our health care ministry. Nothing leads us to believe that the computers were taken for the information they contained or that any patient information has been used inappropriately”.

Officials said that the stolen computers were password protected, but unencrypted.Security cameras were in place at the time of the burglary.

Security measures have been improved by the officials by adding 24/7 security personnel at the office where the break-in took place, said Stephanie Johnson, an Advocate spokeswoman.

The Park Ridge Police Department was notified after the break-in occurred, but till date they have not been able to recover the computers. Police officials did not return a call seeking comment.

When asked why patients were being noticed more than a month after the burglary, Johnson said: as the Advocate officials wanted to first conduct an internal audit to find out what data the computers contained and then inform the affected patients, the officials waited more than a month to contact patients after the data theft occurred.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta