laptop theft

Stolen laptop results in data breach

February 2nd, 2017

Children’s Hospital Los Angeles (CHLA) and Children’s Hospital Los Angeles Medical Group (CHLAMG) recently suffered data breach when one of its unencrypted laptop was stolen. The laptop contained personal health information of 3,600 patients.

According to the reports, laptop was taken away by thief from the locked vehicle of a CHLAMG physician at CHLA. Investigation conducted by the facility found that the laptop was encrypted to up-to-date institutional standards along with password-protection. But later review mentioned the possibility of unencrypted status of laptop.

Facility is notifying patients whose information was stored on the laptop. Affected information includes names, addresses, medical record numbers, and certain clinical information.

“Following the notification regarding the burglary, an investigation took place to determine whether patient health information existed on the laptop,” CHLA spokesman Lorenzo Benet said in a statement. “Based on the investigation, the laptop has not been used to access the internet. From that information, we believe that all data may have been erased from the device without any patient data being accessed.”

Also, a protocol is created to erase data from the laptop when it logs onto the internet next time. Notification letters sent by facility will instruct individuals to review health insurance documents for evidence of misuse or identify theft.

Facility also asked patients to review their Explanation of Benefits statements in case of any unusual behavior . Also, they are advised to notify the hospital immediately for any issues.

About Childrens Hospital Los Angeles

“Children’s Hospital Los Angeles has been named the best children’s hospital in California and among the top 10 in the nation for clinical excellence with its selection to the prestigious U.S. News & World Report Honor Roll. Children’s Hospital is home to The Saban Research Institute, one of the largest and most productive pediatric research facilities in the United States. Children’s Hospital is also one of America’s premier teaching hospitals through its affiliation with the Keck School of Medicine of the University of Southern California since 1932.”

___________________________________________________________________________________

Alertsec Endpoint Encrypt is certified according to Common Criteria AEL4 and FIPS 140-2.

Stolen laptop and Data breach

May 4th, 2016

EqualizeRCM Systems, a billing and collection services vendor recently suffered healthcare incident when one of its
laptop was stolen. Laptop contained patients information which included names, addresses, phone numbers, dates of birth, insurance information, genders, healthcare provider information, billing and diagnosis codes, medical record numbers, internal reference numbers, dates and types of service, locations of services received, and other administrative data.

Affected facilities included-

  • Northstar Healthcare Surgery Center (Scottsdale, Houston, Dallas)Microsurgery Institute (Houston, Dallas)Hermann Drive Surgical HospitalVictory Medical Center Houston
  • Central Dallas Surgery Center
  • Southwest Freeway Surgery Center
  • Kirby Surgical Center
  • Plano Surgical Hospital

Stolen laptop belonged to one of its employees. EqualizeRCM Systems launched investigation after the incident. Financial information and Social Security numbers were not affected. Number of affected individuals were not specified by the facility. But the letter to the New Hampshire Department of Justice mentioned that two individuals from the state were affected.

Facility believes that the information is not misused. But it has offered affected individuals with complimentary identity theft monitoring and remediation services.Notification letters are also sent to affected individuals. EqualizeRCM Systems mentioned that it has developed and implemented additional security measures.

“The privacy and protection of patient information is a top priority for EqualizeRCM, and we deeply regret any inconvenience or concern this incident may cause,” explained the statement. “We are working closely with the affected facilities in our response to this event, and have taken steps to help prevent this type of incident from happening in the future including reviewing our policies and procedures, implementing additional safeguards to ensure information in our control is appropriately protected, and retraining employees on existing policies for the proper handling of sensitive information.”

“EqualizeRCM provides a variety of scalable services to healthcare entities across many segments including ambulatory surgery centers (ASC), durable medical equipment manufacturers (DME), Mental Health Facilities, physicians and providers, hospitals, and urgent care facilities.”

————————————————————————————————————————————————————-

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software

Stolen laptop and data breach

April 14th, 2016

Laptop theft can lead to data breach. OptumRx, the pharmacy care branch of a health services and technology company in Minnesota suffered data breach due to the theft incident. An unencrypted laptop was stolen from an employee’s vehicle in Indianapolis, Indiana as per the reports. OptumRx mentioned that laptop belonged to an unnamed vendor who provides home delivery services to patients.

Affected information included names, health plan names,addresses, prescription drug information, and prescribing provider information. For some individuals, dates of birth may have been exposed.

It also confirmed that Social Security numbers, credit cards, and other financial information was not involved.

Company did not specify the number of affected individuals. Also, Office of Civil Rights data breach portal didn’t mention the number of individuals affected by the security incident.

OptumRx has now contacted local authorities and launched an outside investigation. It has also mailed notification letters to potentially affected individuals.

“In addition, we have worked with the vendor to put immediate and additional protections in place to prevent the occurrence of similar incidents in the future,” explained OptumRx’s notification letter. “These measures include additional security requirements on laptops they use for OptumRx work, training and reinforcement of existing policies and practices, and further evaluation of additional safeguards.”

The company is also working with local law enforcement. Vendor is asked to put in place additional levels of protection for its laptops. One free year of identity theft protection services is also offered to individuals. It is supplying each with a one-year subscription to LifeLock.

LifeLock subscription includes following facilities to users:

  • Identity Threat Detection and Alerts:

With this service, LifeLock actively monitors an extensive online network for attempts to use your personal information. Whenever suspicious activity is detected, user will receive an alert via email or phone.

  • Wallet Protection

It also provides services for missing wallet. It has asked users to just call— anytime, anywhere—and LifeLock will help cancel or replace the contents to stop fraudulent activities. Coverage under this scheme includes credit and debit cards, Social Security cards, driver’s licenses, insurance cards, checkbooks and travelers checks.

  • Address & Verification

Impersonating can be done and Identity thieves can redirect your mail, containing financial information and providing a fraudulent new address. LifeLock monitors these such kinds of requests and notifies the user.

  • Black Market Surveillance

Identity thieves also get involved in illegal buy, sell and trade sensitive personal information on black market Internet sites. LifeLock now patrols over 10,000 criminal websites. Any suspicious activity is  notified to the user.

  • Pre-Approved Credit Card Offers

LifeLock works with bank to reduce emailing to affected individuals to avoid identity theft.

  • LifeLock Member Service 24/7/365

Sign in to your secure member portal at LifeLock.com is available all the time.

————————————————————————————————————————————————————-

Alertsec is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Northwestern Memorial laptop stolen

December 19th, 2014

 

Data breach occurred when Northwestern Memorial password protected, unencrypted laptop containing patient information was stolen from inside of employee’s vehicle. The affected information includes patients’ names, addresses, dates of birth, health insurance information, billing codes, date of services, physician’s name, medical record numbers, diagnosis, and treatment information. In a few cases, Social Security numbers might have also been compromised.

According to the statement on the website:

“We deeply regret any inconvenience this may cause you,” the statement read. “NMHC has a robust privacy and security program, including encryption of laptop computers. To help prevent something like this from happening again, NMHC is confirming and ensuring encryption of all laptop computers and reinforcing education with our staff on the importance of handling patients’ information securely.”

Northwestern Memorial has notified around 3,000 patients that their PHI was potentially compromised. According the reports, there is no malicious use of data. However, notification letters were sent to potentially affected patients and individuals are urged to reach out to a dedicated call center if they have any questions or concerns.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Child Vaccination records stolen

July 2nd, 2014

 

The San Antonio Metropolitan Health District recently suffered data breach when laptop containing information was stolen. According to reports, number of child patients stands at 300 whose vaccination information was present on the laptop. Information on the laptop included patients’ last names, dates of birth, doctor identifier and immunization names.

“Metro Health takes the privacy of individual health information seriously and is reviewing all practices and policies associated with the handling and transport of protected health information,” a spokeswoman said to woai.com.  “While the likelihood of harm from this breach is minimal, those affected by this theft are being individually notified and advised to monitor their health insurance statements closely for any unusual activity.”

Metro Health’s site fails to explain the laptop location at the time of the theft. Also it has been come to the notice that laptop which contained vaccination records from the Vaccines for Children program, has not been recovered.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Stolen laptop of Coordinated Health may affect 700 patients

April 22nd, 2014

Coordinated health breach may impact around 700 patients as laptop was stolen containing PHI information. It was observed that laptop belonged to one of their employee. Laptop contained Protected Health Information (PHI) such as patient names, dates of birth, addresses, insurance information, appointment dates and physician names as well as their Social Security numbers.

Breach can be considered as HIPAA violation. Incident of stolen laptop occurred when an employee left the laptop in car. According to release from the Coordinated Health, the device was password protected but it appeared that laptop was unencrypted. The laptop was stolen from the car of an employee in Bethlehem. The incident was immediately reported to local authorities with a formal police report filed.

According to release of Coordinated Health –

Coordinated hired a forensic investigator to conduct a full review of the content on the computer. While the laptop was password protected, the investigation revealed that the device may have contained an email with an attached file of 733 CH patient files, their social security numbers and their protected health information including (PHI): name, date of birth, address, insurance, appointment date and physician name.

This is the second breach reported by Coordinated Health within the past month. In the first incident, Whitehall township office had been robbed and patient information and cash were stolen. In this incident around 70 patients were affected. The patient information included the last four digits of patients’ credit cards and Social Security numbers, as well as names, birth dates, phone numbers and some health information.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

Michigan Health Department notifies data breach

April 5th, 2014

 

The Michigan Department of community Health (MDCH) announced details about the data breach that happened due to stolen laptop and flash drive. It was observed that laptop was encrypted but flash drive was unencrypted. Incident happened in a State Long Term Care Ombudsman’s Office employee.

After the breach MDCH sent the notification to the 2595 affected patients. Flash drive contained information of the living and deceased individuals like names and addresses, social security numbers for 1539 patients.

“MDCH takes any potential breach of security with the utmost seriousness and sincerely regrets that this breach occurred,” said Nick Lyon, Chief Deputy Director of the MDCH. “We are working swiftly to notify any individuals who may have been impacted and with staff to tighten our security procedures going forward.”

Statement on the MDCH website mentioned –

All individuals with data on the flash drive are being notified so that they can monitor their accounts and other financial affairs for any unauthorized use. MDCH is working with the LTC Ombudsman’s Office to offer credit monitoring services at no cost to people whose Social Security number or Medicaid number were compromised.  In addition, a credit file death suppression service is being offered to the families of deceased individuals to assist them in securing their deceased loved one’s credit file.

If you are an affected person, and wish to take action to protect yourself from potential identity thieves, you may place a fraud alert on your credit file.  A fraud alert tells creditors to contact you before they open any new accounts or change your existing accounts.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

University of Kentucky (UK) Healthcare reports 1,079-patient data breach

March 27th, 2014

UK healthcare has informed 1,079 patients about the data breach after the incident of stolen laptop. Data breach involved one of its vendor HIPAA business associates (BAs).  Laptop was password protected.

Laptop contained Personal healthcare Information (PHI) which included name, date of birth, medical records number, diagnosis, medications, laboratory results, progress notes, allergies, height and weight, date of service, physician name and clinic. According to UK information related to Social Security numbers, credit cards, debit cards or bank account numbers were not present on the laptop.

Status of the encryption of laptop is unknown. A statement linked from the UK website mentioned –

UK HealthCare and Talyst deeply regret any inconvenience this causes. UK HealthCare and Talyst have policies and procedures in place and are committed to safeguard the privacy of all patients.

We have no evidence your information was misused.

Stay alert for the signs of identity theft, such as:
• Accounts you did not open and debts on your accounts that you cannot explain.
• Fraudulent or inaccurate information on your credit reports, including accounts and personal information, such as your social security number, address(es), name or initials, and employers.
• Failing to receive bills or other mail. Follow up with creditors if your bills don’t arrive on time.
• Receiving credit cards that you didn’t apply for.
• Being denied credit or being offered less favorable credit terms, such as a high interest rate, for no apparent reason.
• Getting calls or letters from debt collectors or businesses about merchandise or services you didn’t buy.

We also recommend that you regularly review the explanation of benefits statement that you receive from your health insurer. Please immediately contact your health insurer if you identify services listed on your explanation of benefits that you did not receive.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

Two Men Jailed for Identity Theft

February 22nd, 2014

Angelo Ponds, 32, of Miami Gardens, Fla., and Sean Guillaume, 31, of Miramar, Fla. were sentenced to jail for their involvement in identity theft at medical Lab. Incident was related to stolen identity tax refund (SIRF) scheme. Ponds was sentenced to 48 months in prison and Guillaume was sentenced to 94 months in prison both to be followed by three years of supervised release.

Guillaume stole medical records with names, dates of birth, and Social Security numbers, and sold data for 5,000 individuals. He worked for unidentified medical laboratory testing company .He sold this information to Ponds. He knew that Ponds would use the PII to file fraudulent tax returns seeking refunds.

According to court documents, Guillaume worked for a company that performed medical laboratory tests where he had access to medical records with names, dates of birth, and Social Security numbers (personal identity information or “PII”) of individuals in the course of his employment with that company.

According to justice records, Ponds filed other people record fake taxation earnings with Internal Revenue Service seeking refunds.

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta

1,100 patients of St. Vincent Hospital notified about laptop theft

February 15th, 2014

St. Vincent Hospital notifies 1,100 patients of laptop theft. Letters were sent out for same. Laptop was used with an EEG machine went missing leading to potential data breach. Laptop was password protected which was connected to an EEG machine (for recording electrical activity in the brain) used for diagnostic testing was detached and stolen. Police was notified immediately after the incident. It is considered by the hospital that laptop was not stolen for the information it contained and thus there may be low risk involved in the data breach.

ST. Vincent spokesperson said that laptop was taken from euro diagnostic department of the main St. Vincent Hospital campus in Indianapolis, a unit where doctors, patients and family members of patients can usually be found.

In a statement issued by the hospital, it mentioned that laptop contained patients’ protected health information (PHI) which includes name, date of birth, gender, date of service, type of service and physician name. This diagnostic testing device didn’t contain information related to the social security numbers or financial data. Affected patients of this stolen incident were advised to request free credit reports from Experian, Equifax, or TransUnion. It is advised to the patients to get the report check for any breach.

According to the spokesperson, “St. Vincent is taking precautionary steps to avoid future incidents, and is evaluating its medical devices, and installing encryption protection software as appropriate. Also, the hospital is working to enhance its physical security measures.”

Alertsec strengthens security

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Enhanced by Zemanta