Information sensitivity

Rady Children’s Hospital notifies patients of data breach

June 20th, 2014

Around 14,121 patients were notified after data breach in Rady’s Children Hospital, San Diego.  Incident of data breach occurred due to human error when patient data was sent to job applicants. According to reports, hospital’s employee sent a spread sheet to unintended receiver.

Spread sheet contained sensitive information which includes patients’ names, dates of birth, primary diagnoses, admit and discharge dates, medical record numbers, and other insurance information. There were no Social Security numbers or financial data included in the files, Ben Metcalf, a hospital media relations representative said.

After the incident, hospital hired security experts to confirm the deletion of files from computers of job applicants. Security experts can also verify whether the files have been shared to know the extent of breach. When Rady conducted investigation on recent breach it was found that this type of breach occurred even in past when mail error exposed 6307 patients data

Rady said that it will begin using only onsite testing programs for job candidates, improve email security approval protocols and encryption methods and better educate employees on patient privacy requirements. Rady Children’s Hospital spends lots of time and money protecting its patient privacy and information from outside hackers. But error by an employee that recently exposed the information.

“Some families were upset,” said Kearns acting president of hospital. “But the vast majority understood that this is something that was not done purposely. This is something that was done on a human error.” Rady Children’s has notified county and state officials and will also need to report the breach to federal regulators.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

UCI notifies students of malware incident

May 22nd, 2014

University of California Irvine (UCI) notified 1,813 students and some non-students affected by a data breach involving key logging software malware. Three UCI student health care computers were affected by the malware incident. The incident came to notice when UCI IT security office learned about the malware on computers.

Information compromised includes patient name and unencrypted medical information. It also potentially included health or dental insurance number, CPT code(s), ICD9 code(s) and/or diagnosis) and student ID numbers. The affected group also included non student’s information like patient ID numbers, mailing addresses, telephone numbers, amount paid for services received, and bank name and check numbers. Information may have been transmitted to unauthorized servers.

According to reports, UCI immediately disconnected the affected computers and made sure that no other components of network were affected.

UC Irvine regrets that your information may have been subject to unauthorized access, and we have taken and continue to take remedial measures to ensure that this situation is not repeated. UC Irvine is committed to maintaining the privacy of students’ and non-student patients’ personally identified information and takes many precautions for the security of personal and medical information. The University is continually modifying its systems and practices to enhance the security of sensitive information.

The university has no indication that the data have been misused.  The  number of patients affected was not reported.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta

Data breach in North Carolina’s Cornerstone Neurology

March 17th, 2014

 

Information of 548 patients from Cornerstone Health Care in high Point was stolen which may lead to data breach. Incident came to notice when employees didn’t find the laptop. It contained protected health information (PHI) including patient names, dates of birth, physician names, and nerve conduction scan summaries, but did not have addresses, billing information, or Social Security numbers.

Thief was not able to access additional information as computer was not connected to the billing system or electronic security numbers. Compliance and patient safety officer said, “This wasn’t one of our laptops that our providers use to see all of our patients. Because this computer isn’t integrated into our systems, we didn’t have an easy way to figure out what patients might have been involved.” Officials believe that laptop was not stolen for the information.

Cornerstone after the incident revised its policy and procedures to restrain staff securing sensitive information. It was not clear whether Cornerstone has informed the Department of Health and Human Services (HHS) about the stolen equipment and data breach.

Excerpts of the notice from home page says,

Cornerstone Health Care values the trust placed in us by our patients and takes our responsibility to maintain the confidentiality of our patients’ data very seriously. Regrettably, this notice concerns an incident involving some of that information.

We sincerely regret that this incident occurred. To help prevent similar events in the future, we have installed new locks on all rooms in the facility that contain electronic devices, reviewed our information privacy and security policies, and provided education and training to Cornerstone staff regarding the importance of securing patient information. Please be assured that we take the privacy of our patients’ personal information seriously and that we will continue to implement improvements to protect our patients’ personal information.

Alertsec strengthens security

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Enhanced by Zemanta

Seattle sheriff’s laptop stolen from her truck

July 3rd, 2013

People sleep peacefully on their beds at night only because they know that cops stands ready to flee away the thieves and criminals. Yes, there are some people who do not fear cops, read this article to find out how a laptop belonging to a detective of a Seattle sheriff’s office was stolen.

You must have heard of laptop theft incidents but this time the thieves had planned something big. A laptop belonging to an undercover officer of a Seattle sheriff’s office was stolen from her truck.  Around 2,300 individuals were informed that they might have become victims of identity theft.

As per the information by Komo News, the stolen laptop contained sensitive unencrypted information such as social security numbers, driver’s license numbers and case files containing personal information about crime victims, witnesses, suspects and cops officers.

According to a detective with the Sheriff’s office, the notification letters were not sent immediately because it took them a while to find out whose information was compromised. “Somebody had to go through and read everything and cull out all of that information,” she said.

The detective violated KCSO policy which says: (1) always use encryption software when sensitive data is stored on a digital storage device, like a laptop or an external hard drive, (2) not to store any sensitive data on devices that were not issued by the Sheriff’s Office, (3) never taking sensitive data outside of the office.

This might not have been the first time that they have experienced such data theft, but this one was definitely the worst till now, said the detective. She was questioned by many people that why they not enforce encryption at the time of theft to prevent any possibility of data breach. In her reply she said that they were currently adding encryption software to all the computers in the office and they did not manage to do it in all the systems when the laptop was stolen. Sixty percent of the computers were finished, but the stolen laptop was not one of them.

But the question remains that why would anyone leave an unencrypted laptop in the car knowing that it contains highly sensitive information which can cause huge damage if stolen.

Encryption software like Alertsec would have helped!

The use of encryption software would have helped to keep files protected on the computer. With encryption installed, none of the information or credentials would have been lost. Alertsec uses industry leading Check Point Full Disk Encryption (former Pointsec) software to create a web based encryption service that simplifies deployment and management of PC encryption.

The best way to protect information stored on a PC is by using encryption. Alertsec Xpress offers full disk encryption and is therefore superior to other encryption methods when comparing security, performance, robustness and ease-of-use for both administrators and users.

Enhanced by Zemanta