Los Angeles

Howard University Hospital suffers data breach

July 18th, 2015

Howard University Hospital in Washington, D.C. suffered data breach when more than 1,400 patients received letters intended for other individuals. The letters included names, account numbers, and dates that other individuals visited Howard University doctors. Social Security numbers, dates of birth, and other personal information were not included

According to the reports, data error reportedly caused letters to go out to people with the right surnames, but the wrong addresses. Howard University explained that California Healthcare Medical Billing, Inc. and JP Recovery Services, Inc. had been hired to mail letters to patients who had not yet paid their bills.

University said that they become aware of the incident on May 11 and will notify affected individuals.

Similar incident includes the breach at Virginia Commonwealth University Health System. The incident involves employee taking CDs which were no longer needed for the organization’s services and donating them to assist with children’s art projects. The affected information includes names and one or more of the following for 1000 patients: home addresses, dates of birth, medical record numbers, clinical information and health insurance information.

“This error brought to light a vulnerability in our system that developed over time and that we are working to correct, and we are deeply sorry for the inconvenience this may have caused some of our patients,” said John Duval, CEO of MCV Hospitals and Clinics.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Medical document found in confetti

July 15th, 2015

The incident involves confetti during the world cup victory parade of U.S. Women’s soccer team. According to the New York news station, some of the confetti used in the victory parade for the US Women’s soccer team contained medical information.

The incident came to notice when a reporter tweeted a photo with confetti strips which made up an entire prescription after pieced together. Affected information includes patient names and the doctor’s office address.

The incident could be a case of official confetti versus confetti made by local businesses and residents. In similar incident during year 2012 Thanksgiving Day, the official confetti supplied by Downtown Alliance was just colored paper while police department reports mention documents ended up as confetti containing information. Also, Downtown Alliance reported that it provided two tons of confetti in 2012, yet its cleaning crew picked up 34 tons of confetti.

In the current incident, news station also reported that Atlas Packaging Company provided two tons of strip cut, blank, news roll which can be considered as the official confetti for the victory parade. It seems that good intentions like victory parades potentially led to health data security issues, which is not entirely uncommon.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Unencrypted laptop theft in Cedars-Sinai

August 22nd, 2014

Cedars-Sinai Medical Center in Los Angeles suffered data breach when an unencrypted laptop was stolen. According to the reports, incident has compromised more than 500 patients’ data. Laptop contained information which included protected health information (PHI) such as medical record numbers, patient identification numbers, lab testing information, treatment information and diagnostic information, as well as some patient social security numbers.

Laptop was stolen from employee’s home and the whereabouts are still unknown. Cedars-Sinai removed remote access to its network from the laptop and is notifying affected patients via letter. Medical center has organization-wide device encryption policy in place.

“Cedars-Sinai retained independent experts in computer forensics to manually and electronically review the files that may have been on the laptop at the time of the theft and to identify any Cedars-Sinai patients whose information may have been stored on the stolen device,” the statement read. “This investigation is ongoing.”

Earlier, encryption software was not installed when laptop’s operating system was updated and thus resulted in policy violation.

“Cedars-Sinai takes the security of our patients’ health information very seriously, and has multiple security safeguards in place to protect health information,” said David Blake, Cedars-Sinai’s chief privacy officer. “Even a potential data security incident on a single computer, as has occurred here, is not acceptable to us. We apologize to the people affected by this incident, and have taken actions to prevent any re-occurrence.”

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.