microsoft

Heart Group suffers computer breach

June 2nd, 2015

 

New York’s Buffalo Heart Group, LLP suffered data breach which potentially affected 500 to 600 patients. The exposed information includes patient names, dates of birth, addresses, telephone numbers, e-superbills, and appointment schedules. However, Social Security numbers, health information and financial information were not included.

“The recently completed internal investigation indicated insider wrongdoing resulted in the access of certain health information by unnamed third parties operating under the direction of a physician then associated with the medical practice and used by the physician to solicit patients in connection with the physician’s new employment,” according to a statement by the law firm Hurwitz-Fine that was published by WKBW Buffalo.

According to the statement:

The medical practice is working with the NYS Department of Health, Office of Professional Medical Conduct, on the matter, but emphasized that the computer system is secure, there has been no unauthorized access since June, 2014 and that it is unlikely that any precautionary or preventative measures are required to be taken by affected individuals.

Buffalo Heart Group has begun sending patient notification letters this week to affected individuals and has notified the federal Department of Health & Human Services.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

 

Common sense can stop phishing attack

April 15th, 2015

What is phishing attack?

Phishing emails, websites and phone calls are designed to steal money. It can be also be done by installing malicious software. Cybercriminals asks you to install malware under pretext of useful software.

How to stop phishing attack?

Spelling & Grammar – Cybercriminals are not that good at spellings and grammar. Professional organizations have dedicated writers for drafting emails. So, the possibility of error in the phishing write up is more.

Fake Alerts – You may get the update from the company you know. Please check for the authenticity of the email and then take any action.

Website Links – Do not click the links from the email. They may also include direct download .exe file which installs malicious software on your computer.

Threats – One of the popular ways to steal the user is by threatening email which states that your account will get closed if you didn’t respond to the said email. Ignore such emails or mark them as spam.

Report Phishing Attack

Company Pretension – Verify the information with the official company helpdesk before taking action for the email, phone etc.

Phone Calls – Report to your local authorities if you receive any phishing phone call.

Emails – Report it to your email service provider like Google, Yahoo etc. if you receive phishing emails.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Texas warehouse vandalized

March 4th, 2015

A warehouse in Texas which stores patients’ records was vandalized leading to the data breach. The affected entity involves Westlake Medical Centre patients as intruders gained access to that particular section. The affected information includes patient addresses, health information, and Social Security numbers. The affected numbers of patients is not known.

According to the statement on website:

Having recently purchased the practice formerly known as Westlake Medical Center, Hunt Regional Medical Partners Family Practice at Westlake is taking full responsibility for the potential breach.

The protection of private information is something we take very seriously. After being informed of the incident, Hunt Regional Medical Partners and the local Sherriff’s department began an immediate investigation and are in the process of notifying the affected patients. We have relocated the records and are reviewing internal procedures to determine added safeguards for the future.

As a precaution, Hunt Regional Medical Partners will also cover the cost for one year for you to receive credit monitoring from AllClear ID Alert Network.

We are committed to protecting the privacy of our patients. Please do not hesitate to contact us with any questions at our toll-free telephone number

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Laptop theft leads to data breach

January 12th, 2015

Sunglo Home Health Services patients were affected by the recent breach as laptop containing sensitive data was stolen from the Harlingen, Texas-based facility. According to the reports, the burglar broke into a van in the Sunglo parking lot and drove away after filling the vehicle with various tools and gear.

It happened that he returned and broke into the Sunglo building by breaking a window with a fire extinguisher and stole computer that held patients’ Social Security numbers and personal information, including PHI.

The numbers of affected patients are not known which also include elderly and disabled persons. Sunglo drives patients across the Valley in the vans, which are kept in a parking lot at the Harlingen corporate office.

“We’re just worried about the safety of the patients themselves because of the information. We had to contact local police to see what we could do,” Means told.

The potential suspect is behind the bar. Harlingen police arrested Matthew de la Cruz based on surveillance camera footage. The security aspect of the laptop was not known including the status of encryption.

“It leaves you uneasy, just something that was there that you can’t recover, it’s an uneasy feeling,” Means told Action 4. “We don’t really want this to happen again.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Unencrypted computer stolen from IEHP

January 9th, 2015

Inland Empire Health Plan (IEHP) revealed that an unencrypted desktop computer was stolen from its Rancho Cucamonga facility. The affected information includes names, IEHP member ID numbers, dates of birth, addresses, phone numbers and dates of past or future appointments.

Children’s Eyewear Sight was the owner of the machine, which is a participating provider with IEHP that provides vision services. Social Security numbers were not present on the stolen computer.

“Rancho Cucamonga police were notified of the incident and subsequently apprehended a suspect,” IEHP stated on its website. “At this time, there is no evidence that the information has been accessed. The desktop computer was password protected, but the data was not encrypted.”

According to the statement:

The Compliance Department at IEHP has taken appropriate steps to report this incident to the Department of Health Care Services (DHCS), the Department of Health and Human Services (DHHS), the California Office of Attorney General (OAG) and to local media.

While there is no indication that your information will be used for fraudulent activities,IEHP would like to offer you the option of applying a confidentiality alert to the electronic record maintained by IEHP.

IEHP takes its duty to secure the personal information of our Members very seriously, and we appreciate the trust you have placed in us by choosing us as your health plan,” the letter stated. “We apologize for any inconvenience this may cause you.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Discharge Paper work causes data breach

January 4th, 2015

Around 20 patients suffered data breach when their medical information was passed to other patient along with her discharge papers. The breach in Medical Center of Aurora apparently gave Karen Billings seven pages of operating room records after her hospital release.

The information contained Protected Health Information (PHI) for other patients. The data also included patient names, dates of birth, the doctor’s name, the procedure done, and the prescribed medication.

“I was shocked. I was mad. I was hurt that I had somebody else’s information,” Billings said.  “I wouldn’t want my stuff out there.”

In a statement, the healthcare organization said that it takes the protection of patients’ private information very seriously.

“We were made aware that one day’s surgery schedule was mistakenly given to a patient on November 22nd and, per policy, our Facility Privacy Official immediately began an internal investigation and we are notifying the affected patients,” the statement read. “We are committed to protecting the privacy of our patients and are reviewing internal procedures to determine additional safeguards we should implement.”

The affected individuals were shocked to get the data breach information from media rather than Medical Center of Aurora itself.

“If the doctor knew about it, the administrators knew about it, the hospital knew about it, then they should’ve been proactive instead of waiting, trying to hide it,” Scott Anderson told the news station.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

 

Browsers under attack

July 26th, 2014

Hackers have focused their attacks on browsers which ultimately has common theme for benefiting from the end users. As old versions of the Java Runtime Environment (JRE) are typically now blocked in the browser by default, Java applets require explicit activation from users.

Bromium Labs researchers said, “so this attack vector becomes harder and harder to leverage” and “It’s evident that attackers continue to shift focus in between ubiquitous internet facing applications, but there’s a common theme throughout – attacking the end users.” It leaves hackers looking to other popular applications to exploit.

According to the reports by the lab, Microsoft’s IE was one of the most patched and one of the most exploited applications in 2014’s first half, targeted more often than Mozilla’s Firefox, Google Chrome, Java, Adobe Flash, Adobe Reader or Microsoft Office.

The lab also mentioned different techniques used in the attacks which are given below –

  • Zero day techniques in which attackers used Adobe Flash to launch action script virtual machine (ASVM) attacks.
  • Action script spray facilitates the use of return-oriented programming (ROP), which allows attackers to execute malicious code in the presence of security defenses

“This technique leverages the way dense arrays are allocated in memory,” wrote Bromium researchers. “If a vulnerability allows an attacker to control the size of a vector, they could make it as big as the whole memory space and then search for the necessary API calls and ROP gadgets.”

“Traditional heap spray was supposed to deal with early address randomization techniques implemented in various operating systems. Nowadays defenses are much more sophisticated. Malicious code must ‘know’ addresses of crucial libraries and API functions in order to execute,” said Vadim Kotov, Bromium’s senior security researcher. “Actionscript spray provides this ‘knowledge,’ while its ancestor doesn’t even address this issue.”

“Action heap spray — as well as traditional heap spray — is merely an instrument to exploit security vulnerabilities,” Kotov said. “If you want to reduce the probability of being compromised, you need to have reasonable patching policy and invest in protection software.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

What is Use-After-Free Memory Risk?

July 19th, 2014

Recent updates from the Microsoft, Google or Mozilla shows use-after-free memory errors. Attackers take advantage of vulnerabilities in allocated memory and inject virus or arbitrary code to extract information.

“It does take a lot of knowledge and sophistication,” Karl Sigler, manager, SpiderLabs Threat Intelligence at Trustwave said. “But of course it only takes one researcher to make the discovery, and then everyone else can just copy the research. We’re seeing more use-after-free memory attacks than we ever have before,”

Evolution of attacker methods

It’s not that easy to hack free memory space and install arbitrary software. It requires certain level of sophistication.

“It can take some ninja-fu, it’s not brain dead easy,” Sigler said.

As said earlier, one research to exploit leads to many attacks using same techniques. Researchers make vulnerability exploitable using a technique known as return-oriented programming (ROP).

“ROP has become the method of getting executable code onto the stack,” Stigler said. “ROP chains hop through memory looking for executable pieces of code they can chain through and eventually find a method of getting to run.”

How to reduce the risk

There are ways suggested to stop the attacks as given below –

  •  A Web application firewall (WAF) can be used in some cases to provide a network-layer protection.
  • Microsoft recommends the use of its Enhanced Mitigation Experience Toolkit (EMET) as a technology.
  • Application developers should strive to build better security into their apps.

“Developers should understand what their code is actually using in memory,” Sigler said. “If the program is freeing memory and still flagging it as being able to be used, the program should be able to control what the memory is used for. That would eliminate a lot of the vulnerabilities that attackers have.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

 

Microsoft to Fix two more flaws in IE

June 3rd, 2013

Microsoft will patch 33 vulnerabilities in 10 bulletins relating to Internet Explorer, with two bulletins rated “critical.”

While few details are given about the security issues, today’s advanced security bulletin outlined flaws in a range of other products, including Microsoft Office, .NET Framework, Microsoft Lync, and Windows Essentials.

Bulletin 1 relates to all versions of Internet Explorer 6 to 10, including Windows 8 and Windows RT devices. A patch will be released to fix issues discovered at two security conferences earlier this year.

Bulletin 2 relates to the recent Internet Explorer 8 zero-day flaw designed to target U.S. government workers. The software giant said it was “working” to have a full patch ready for a critical zero-day flaw for Internet Explorer 8, in which the company issued an emergency out-of-band “Fix It” patches on Thursday.

The other eight bulletins are considered “important.”

The remaining eight patches will address flaws that range from denial-of-service errors that can cause Windows to crash, to remote code execution issues in Microsoft Office and Lync, an elevation of privileges that would allow an attacker to gain additional rights to the affected system, and information disclosure issues relating to Windows Essentials 2011 and 2012.

Included with the security patches, we can expect Microsoft to issue a number of non-security related fixes to its Surface Pro and Surface RT tablets, in line with previous months.

Microsoft has delivered 739 updates for Windows 8 and Windows RT in the nearly seven month period since the two versions were launched in October. These fixes included battery life improvements to additional driver support.

The security fixes will be released on May 14 through the usual update channels, such as Windows and Microsoft Update.

Microsoft is doing its best to enhance data security.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta