Missing encrypted devices leads to data breach

March 17th, 2015

Home health and hospice company Amedisys suffered data breach when its encrypted devices which consisted of computers and laptops went missing. Amedisys failed to find near about 142 devices. The incident came to notice when risk management process was conducted. The devices were assigned to Amedisys clinicians and other team members who left the company between 2011 and 2014.

The compromised information includes names, addresses, Social Security numbers, dates of birth, insurance ID numbers, medical records and other personally identifiable data.

“The confidentiality and security of patient information has been and will remain a top priority for Amedisys,” Chief Compliance Officer at Amedisys Chief Compliance Officer Jeffrey Jeter explained. “We have worked actively with leading risk management and technology experts to inventory and assess devices that may contain personal or health information and ensure the integrity of our information security systems.”

Amedisys explained the situation on its website statement.

“All of the computers were encrypted, and the vast majority of them were used by licensed Amedisys clinicians to provide care for patients in their homes,” Amedisys stated, adding that it has not been able to rule out “unauthorized access to patient data.”

According to the statement:

We have received no reports of any hacking, fraud, or identity theft. However, as required by law and out of an abundance of caution for our patients, we are providing notice to all patients whose information was on devices because we cannot rule out unauthorized access to patient data on the devices.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Employee details leaked in a data breach

March 14th, 2013

Company officials at Allen County Information Technology Department detected on March 21 that personal details of employees has been accidentally made available to unauthorized users, including social security numbers and more than 1,100 employees has been affected in this data breach. During the weekly Allen County Commissioners’ meeting, Prosecutor Juergen Waldick of Allen County said, “The data breach was determined and blocked within minutes of the county becoming aware of it last Thursday.” The confidential information discovered of all the 1,152 county employees included social security numbers, said the Allen County Commissioners during a press conference. This has also led to impact some retired county employees too. Nobody is believed to have misused any single information till now. The fact about the exact manner of how the information was released and how long it was made available for others to see and/or access was not discussed and is still unknown.

“There’s nothing to hide,” said Jay Begg, Allen County commissioner. “It’s just that we want to be sure employees’ identities and information are protected before we tell everybody what happened.” The confidential information released did not include any financial, retirement or health care information, Waldick said. “While there is no indication that any individual’s information has been improperly used, the county has taken appropriate steps to protect its employees from the consequences of the data breach,” Waldick said.

“It wasn’t something that someone maliciously did,” Noonan said. “We learned a lot more about the Internet in the past couple days.” Becky Saine, Administrator at Allen County told that the company purchased one-year Lifelock security memberships at a price of $25,000 for all the affected employees. Lifelock is an identity data theft protection company that monitors data threats and send notifications to users when a suspicious activity occurs. Although the information on data breach is unavailable, also there are no signs of any personal information being misused, there could be a possibility of information being copied when it leaked out or during the time it was posted and the news about data theft developed. Most employees of the company have been informed of the issue occurrence through phone calls and mails. “Since this did involve some employees who recently retired, we have made every attempt to contact them, and in most cases, contacted all of them,” Waldick said.

The mails and letters which were sent to county employees contained instructions to obtain the free Lifelock membership. “We have no reason to believe that any information has been or will be used in an inappropriate way; however, out of an abundance of caution, we want to make you aware of the event,” the letter read. “The Allen County Commissioners have retained Lifelock(R) to provide one (1) year of complimentary identity theft protection.” Questions in order to investigate about the incident were referred to Waldick, who was found unavailable for any further comments. And the calls, made to the company’s IT Department were not returned.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software. Organisations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta