The Federal State Commission issues data protection guidelines. Lexington Clinic suffers data breach

We have mentioned this before and are reiterating – Medical data is very very vulnerable. Most data breach and laptop stealing cases are related to Medical data. We have covered so many posts related to medical data breach that they have almost become a routine now! It is as if Medical data simply cannot be secured. Is the data security world listening? It is so very important to protect data, especially patient data.

Breaking news: Today’s post highlights the vulnerability of medical data breach and laptop thefts.

Lexington Clinic Laptop Theft

According to the Lexington clinic the laptop was atolen last month from the neurology department in the Saint Joseph office park on Harrodsburg Road.

The clinic further adds that the laptop contained patients’ names and some medical information. Fortunately it did not contain Social Security, credit card, or bank account numbers. A total of 1,018 patients lost their private data.

Letters are being sent to the affected parties.

The moment Lexington Clinic  found out about the theft, it informed the police and all door locks to the neurology department were urgently changed. Lexington Clinic is currently working with the St. Joseph security officials to ascertain the security of offices located in the St. Joseph Office Park.

Note for Lexington Clinic patients – In case you have been or currently are a patient of the Lexington Clinic Neurology Department, and if you have not received a letter about this theft then it is safe to assume that your data was not on the stolen laptop. So far there is no proof that any of the stolen data has been misused.

The Federal Trade Commission is requesting everyone to take steps to protect information:

Beware of signs of identity theft, such as:

• Bank Accounts you didn’t open and debts on your accounts that you  are not aware of

• Wrong information on your credit reports, including accounts and personal information, such as your Social Security number, address(es), name or initials and employers.

• In case you do not receive your bills on time, follow-up with your creditors.

• Receiving credit cards that you didn’t apply for.

• Being denied credit or being offered less favorable credit terms. If it is too good, then it is not true

• Receiving calls or letters from debt collectors or businesses about merchandise or services you didn’t buy.

About Lexington Clinic – It is Central Kentucky’s oldest and largest group practice, with more than 200 providers offering primary and specialty care services. Founded in 1920, Lexington Clinic offers more than 30 specialties and operates offices in more than 25 locations throughout Central and Eastern Kentucky.

Source: LexingtonClinic.com

Alertsec secures your Laptops

3 easy steps to encrypt your data with Alertsec

a. Register for your subscription or 30-day free trial of our encryption software

b. Download and activate Alertsec Xpress online

c. Your laptop is now powered by Check Point Full Disk Encryption

EU Justice Commissioner Viviane Reding talks about introducing new data protection regulations

The European Union is in the process of proposing new regulations regarding how companies use the personal information of Internet users this week. The new regulations are going to have a major impact on companies like Google and Facebook. This is going to put stricter limits on how they use the information of the people that use their services. According to Viciane Reading, vice president of the European Commission, a branch of the EU, these new regulations are absolutely required to protect personal data of the users and rebuild a sense of confidence in them.

Laptop stolen from vehicle belonging to the Kansas Dept. of Aging

Stealing valuables, especially laptops and pen-drives, are in vogue. Thieves have gotten very smart and have realized the value of laptops and mobile devices. It is very difficult to track such thefts and data thieves are getting away easily.

The above will be more clear after reading the following news story.

A laptop computer, flash drive and paper files were stolen from a locked vehicle that belonged to an employee of the Dept.on Aging, Wichita. The Kansas Department on Aging is informing clients tabout this information breach.

The theft took place on Jan. 12 at the Best Western Airport Inn, 6815 W. Kellogg. The suspects broke a rear window on a state-owned car that contained the laptop and paper files. Apparently the employee had covered the items with a blanket before getting into the hotel for safety sake.

Emerging details

The laptop contained data about department clients in Sedgwick, Harvey and Butler counties. So far the police have not been able to recover any of the items. At the same time there is no proof that the stolen information has been misused.

According to the Department on Aging no banking or driver’s license information was involved. But there is a possibility that the stolen information could have full names, addresses, Social Security and Medicaid information and other personal or protected health information. The stolen data also contained social security numbers of 100 people that were a part of the Senior Care Act program.  The Department of Aging is trying to reach these people over phone to inform about the theft.

Comments by Secretary Shawn Sullivan of the Department on Aging: ”To date, the laptop, the flash drive, and the paper files that were stolen, has not been recovered. There’s also no evidence to date that shows the information has been accessed or been misused,”. ”Our staff immediately began notifying and calling the families and the customers that was affected with those 100 files. For the most part, they’ve all been very understanding, very appreciative that we notified them immediately,”

The affected parties have been requested to check all bills and check on credit reports.

“You want to know what’s on your credit report. You want to see and recognize any changes or things that you don’t understand. You can see what changes are happening in your credit report and make sure they’re all accurate and up-to-date,” said Clifton O’Neal, communications director for TransUnion.

Data security with Alertsec

Alertsec is here to take care of our security issues especially for anyone working with PCs. Alertsec Xpress is the service that automatically protects ALL information you store on your PC. The fact that we now buy more laptops than desktops shows that the information we all store is increasingly more vulnerable to be exposed. It is a much higher risk to lose a laptop than a desktop computer.

Encryption is the only secure method for complete protection of data stored on your hard disk. Today laptops are overtaking desktop PCs as the major source of computing and media storage, laptops frequently store an organization’s most valuable information. Thus laptop encryption is becoming more and more important.

Alertsec Xpress offers full disk encryption and is therefore superior to other encryption methods when comparing security, performance, robustness and ease-of-use for both administrators and users.

Today’s news story revolves around data theft at the University of Victoria, B.C. Canada.

Over the weekend electronic devices like laptops, mobiles and storage devices were stolen from the University. In addition, cheques and a small amount of cash was stolen too. The stolen information contained names, payroll information and social insurance numbers of UVic employees dating back to Jan. 1, 2010. The disturbing aspect of this case is that the information stolen belonged to current and former employees and also contractors. Also disturbing is the fact that some of this information, especially the names, social insurance numbers and banking information was unencrypted.

According to Gayle Gorril, the univerity vice-president “It included … bank account information needed for direct deposits, social insurance numbers and payroll information,” Gorrill told CBC News late Monday. She further added that an information line has been set up on the website and that employees are being contacted. The affected individuals will be reimbursed bank fees and new checks, promised Gorrill.

Saanich police  and a forensic investigator are working on the case. According to the Police this work is of more than one person.

“Number of credit alerts successfully placed on my credit report: None.”

Caitlin Morrison, a graduate student and employee, said, “You would hope that an organization like the university would have better systems in place to avoid such a widespread problem.”

Janni Aragon, a political science instructor, feels that the university should have informed employees immediately.

“I know a lot of my colleagues are angry we found out at the end of business day [Monday],” she said.

More about laptop security from Alertsec

Laptops generally get stolen from the work place, conference centers, hotel rooms, cars, airports and train stations.  It is difficult to prevent theft as opportunists are everywhere in our society.

Best bet would be to make sure  having a fresh back-up on a server or back-up device.

Lastly, by using encryption software, you greatly enhance the laptop security as there is no way that the information is compromised if lost or stolen.

Data stolen from the University, suspects at large

How did Telstra manage to become a victim for the second time?

The Australian reports that the breach took place Friday morning. Customer data was seen online via a spreadsheet  that was deployed by one of the company’s consultants on Editgrid.com. As soon as Telstra learnt about it, the site that contained the sheet was taken down and access to Editgrid was disabled. The company admits that thousands of emails addresses, phone numbers and postal details were leaked but passwords, credit or financial information was not compromised. A total of 1500 customers were affected by this breach.

Telstra back in news for another data breach

The earlier breach

Customer data was seen online via a spreadsheet  that was deployed by one of the company’s consultants. As soon as Telstra learnt about it, the site that contained the sheet was taken down. The company admits that thousands of emails addresses, phone numbers and postal details were leaked but passwords, credit or financial information was not compromised. A total of 1500 customers were affected by this breach.

As per the latest update, Telstra customers have not yet been contacted about this latest breach. No wonder they are angry and are waiting to hear from the company.

Data security with Alertsec

Alertsec is here to take care of our security issues especially for anyone working with PCs. Alertsec Xpress is the service that automatically protects ALL information you store on your PC. The fact that we now buy more laptops than desktops shows that the information we all store is increasingly more vulnerable to be exposed. It is a much higher risk to lose a laptop than a desktop computer.

Encryption is the only secure method for complete protection of data stored on your hard disk. Today laptops are overtaking desktop PCs as the major source of computing and media storage, laptops frequently store an organization’s most valuable information. Thus laptop encryption is becoming more and more important.

Alertsec Xpress offers full disk encryption and is therefore superior to other encryption methods when comparing security, performance, robustness and ease-of-use for both administrators and users.

According to the Middletown police Larry A. Osborne Jr., 29,has been charged with third-degree felony theft on Nov. 9 in Middletown Municipal Court. He is accused of stealing computers since 2008. Osborne, a computer technician, was a former contractor of the Butler County Educational Service Center. The approximate value of the 400 laptops is $123,000. Osborne used to sell these computers on ebay.  He sold around 350 computers to a man in PA who had no clue that these computers were stolen property. The PA man has not been charged. The machines were either used ones or non-working.

Former school contractor stole 400 laptops

The first theft was reported on Nov. 8 where eight Apple laptop computers were stolen from the district’s warehouse, 110 Baltimore St.

The case of the missing laptops and their recovery

The York County Sheriff’s Department has succeeded in recovering 50 Apple laptop computers that were stolen from Massabesic High School this week. Where exactly were they found is not revealed as yet, only that it was a good distance away from the school.

According to Sheriff Maurice Ouellette the laptops are in good condition and had been placed inside two, large plastic tubs with covers on them at the time of recovery.

“This was stuff that kids used to study with … That’s something I take personally,” Ouellette said.

How did the thieves manage to steal these computers?

It appears that the thief or thieves pried open a window to gain entrance to the school. The thieves entered the East Building of the school and did away with the computers and a projector.

“I’ve been working for this school district for a number of years and this is certainly the largest theft of any equipment that i’ve ever experienced or that i know of”, said RSU 57 Technology Director Bob Stackpole

School staff and students were interviewed in detail by the police in hope of getting clues about the theft.

A TV viewer caught this piece of news item on TV and got in touch with the authorities. The total value of the computers was around $60,000.

Alertsec equips firms with encryption software

Alertsec is here to take care of our security issues especially for anyone working with PCs. Al

Stolen Laptops from Massabesic School recovered

Aertsec Xpress is the service that automatically protects ALL information you store on your PC. The fact that we now buy more laptops than desktops shows that the information we all store is increasingly more vulnerable to be exposed. It is a much higher risk to lose a laptop than a desktop computer.

Encryption is the only secure method for complete protection of data stored on your hard disk. Today laptops are overtaking desktop PCs as the major source of computing and media storage, laptops frequently store an organization’s most valuable information. Thus laptop encryption is becoming more and more important.

Alertsec Xpress offers full disk encryption and is therefore superior to other encryption methods when comparing security, performance, robustness and ease-of-use for both administrators and users.

Details from the Information Commissioner’s Office (ICO)

The Southwark council failed to manage its paperwork and a computer that contained data of 7,200 individuals when it moved from its site at the Spa Road Complex in December 2009. When the new company moved in, it found this data that contained addresses, names and information relating to medical history, criminal convictions and ethnicity.

Sally Anne Poole, Acting Head of Enforcement at the ICO, said “The fact that thousands of residents’ personal details went missing for over two years clearly shows that Southwark Council’s policies for handling personal information are below standard. As this information was lost before the ICO received the power to issue financial penalties we are unable to consider taking more formal action in this case,”.

Investigation report

The investigation revealed that this data was unencrypted and that the protocol supposed to be followed while moving was not up to the mark. Had this incident taken place recently, Southwark would have been fined by the ICO. Thus Southwark Council had breached the Data Protection Act.

According to an Information Commissioner’s Office (ICO) spokesman”The computer was an old Apple iMac,”. “It had some security features, like password protection, but no encryption. The vast majority of details were on the computer.”

More details emerge

It appears that the unencrypted iMac and other papers were left in the vacant building for two years. The new tenants discovered these documents in June and threw them into a skip.

What is Southwark doing post incident?

The Council is in the process of revamping its data security procedures and ready to be audited in 2012.  It plans to join the other 105 councils, schools, trusts and businesses that have signed undertakings with the Commission since January 2010. The ICO has in addition, issued three enforcement notices, conducted two prosecutions, and has issued fines to six organisations ranging from £1,000.

A Southwark Council spokesman said: “As soon as this incident was reported to us, we instantly launched an internal investigation and worked closely with all other relevant authorities to ascertain exactly what had happened.

“We treat any reporting of a possible breach of data very seriously indeed. Throughout this issue the council advised and co-operated with the Information Commissioner’s Office and has now put in place a number of measures to improve its handling and storage of personal data.”

Southwark council in trouble for data breach

Secure your Data with Alertsec

Following the essential guidelines is very necessary for data security in any organization. This news exemplifies the need for data protection applications. In an incident which highlights the need of Data encryption software and recovery software, the threat could have simply been reduced to an insurance matter by a mere investment of $13/month. The information would have been secure with no loss what so ever. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data. Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial.

Ruth Crawford QC was on a holiday when her laptop went missing. The laptop contained personal information related to clients who were a part of Ms Crawford’s eight court cases. This data was specifically about the mental and physical health of the clients.

Ms Crawford was lucky that the incident took place in 2009. Had it taken place seven months later, she would have been fined for breaching the data protection Act as that was when the ICO was given new powers to impose fines of up to £500,000.

As of today Ms Crawford has signed an undertaking that says she is going to encrypt all her portable devices and secure them properly. These are the exact words of the undertaking ”The theft occurred while the data controller (Ms Crawford) was on holiday, having left plumbers to fit a new boiler at her home. The data controller provided the plumbers with keys and the code to her alarm. She highlighted the importance of keeping her front door locked and of activating the alarm when leaving the house.

“Upon returning from holiday on September 3 2009, the data controller discovered that the laptop and a purse were missing from her study. She subsequently reported the matter to the police. The commissioner has noted that physical security measures were in place at the time of the incident but that there was insufficient technical security employed on the laptop to protect the data.”

According to Ken Macdonald, Assistant Commissioner for Scotland: “The legal profession holds some of the most sensitive information available. It is therefore vital that adequate security measures are in place to keep information secure.”

“As this incident took place before the 6 April 2010, the ICO is unable to serve a financial penalty in this instance. But this case should act as a warning to other legal professionals that their failure to protect personal information is not just about potentially being served with a penalty of up to £500,000, it could affect their careers too. If confidential information is made public, it could also jeopardise the important work they do in court.

“The ICO would also like to assure the legal profession that any information reported to this office will not be disclosed unless there is specific legal authority for us to do so. Therefore all breaches should be reported to our office as soon as practically possible.”

Alertsec is a data encryption service company. Organisations, be it big or small, must have encryption in place. If you are an individual works independently or is not covered by the organisation can  also use self-encrypted drives. Alertsec helps with the installation, the cost of this encryption service is negligible compared with the hassle, cost and embarrassment.

Safeguard your data with Alertsec Encryption Service

The complete story

Razer co-founder Min-Liang Tan’s statement says”As you can imagine, the return of these prototype units is very important to the company,” he said. “We have already reported this to the authorities who are working closely with us on this matter.”

“We take this act of theft seriously and would like to appeal for its return and discourage anyone from buying the Razer Blade prototypes from the perpetrators, whether online or otherwise, as they are stolen property.”

Razer came up earlier this year with a ultra-thin laptop, called the Blade– a $2,800 laptop that’ is not even an inch in thickness and weighs less than 7 pounds.

The break-in

Apparently the thieves had access to the building as it was not exactly a ‘break-in’. They seem to have entered the lobby and quietly nicked off the two laptops. What makes this case more interesting is that none of these laptops were completely functional, so looks like the robbers were not that lucky.

A great loss to the company

Speciality of this Razer laptop was the touchscreen on the right where generally the number pad is located. Razer is requesting the thieves to return these laptops as they contain a lot of diagnostic data. These laptops were getting tested that weekend. Customers are being requested not to buy any such laptop if they are offered one for sale or come across e-bay or craigslist.

Investigation

Police are investigating thoroughly every employee at Razer who swiped their security cards that weekend, in hope to catch the thief. Access logs are being checked out too. Razer has further asked that they are to be contacted about the break-in and/or missing prototypes on the following email “cult@razerzone.com”.

Was this just a publicity gimmick? Did Razer secretly want this? What did Razer have to say about it?

Razer has flatly denied these speculations and provided details about the theft. Razer has further stated that it won’t delay the release of the product because of this theft.

Alertsec offers good encryption service

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software. Encryption is the only secure method for complete protection of data stored on your hard disk. Today laptops are overtaking desktop PCs as the major source of computing and media storage, laptops frequently store an organization’s most valuable information. Thus laptop encryption is becoming more and more important.

Razer's CEO Min-Liang Tan hopes for the return of the laptops