Mobile device

Laptop stolen from Doctor’s Car

March 2nd, 2015

Heath information was potentially compromised when laptop was stolen from doctor’s car. Around 400 patients are notified about the recent data breach. The incident took place at the Medical College of Wisconsin. According to the Medical College spokesperson, that a document with private information on about 400 patients was stolen from the vehicle, while a laptop with data on one patient was also taken.

“Firm policies are in place prohibiting the downloading of patient information to portable media, as well as the secured transport of documents containing patient information,” read a Medical College statement obtained by WDJT. “We sincerely regret that this unfortunate event occurred.

According to the statement, the affected patients are contacted and steps are taken to prevent this type of event. Institutional policy is revisited to safe guard the sensitive information. Excerpts from the statement on website –

The purpose of this policy is to address the appropriate protection and encryption of all MCW Electronic Protected Information (EPI) when it is stored, transferred or accessed on any mobile device.  Full mobile device encryption and related controls are required to access MCW’s electronic network or information through another means.

All Workforce members must protect MCW EPI. Workforce members using a Mobile Device owned by a workforce member, an external entity or one provided by MCW, to access or store EPI must have encryption using an institution-approved tool.

On personally owned devices (i.e. BYOD), should a workforce member choose not to permit MCW’s MDM tools and supporting processes on their personal device, access to MCW’s secured resources will be limited as outlined in procedure below.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Hackers potentially compromise data of 80 million individuals

February 2nd, 2015

Anthem, Inc.’s database was attacked by hackers potentially compromising the personal information of approximately 80 million former and current customers, as well as employees. The affected information includes  names, dates of birth, medical IDs or Social Security numbers, street addresses, and email addresses.

According to a statement from Anthem president and CEO Joseph Swedish posted on the company website:

“Based on what we know now, there is no evidence that credit card or medical information, such as claims, test results or diagnostic codes were targeted or compromised,” Swedish said. “Once the attack was discovered, Anthem immediately made every effort to close the security vulnerability, contacted the FBI and began fully cooperating with their investigation.”

Swedish added that the personal information of Anthem employees, including himself, were also compromised in this data breach using “very sophisticated external cyber attack”.

“We join you in your concern and frustration, and I assure you that we are working around the clock to do everything we can to further secure your data,” he said.

Anthem will notify the affected individuals.

“I want to personally apologize to each of you for what has happened, as I know you expect us to protect your information,” Swedish said. “We will continue to do everything in our power to make our systems and security processes better and more secure, and hope that we can earn back your trust and confidence in Anthem.”

The HITRUST Cyber Threat Intelligence and Incident Coordination Center (C3) has been collaborating with Anthem since it discovered the breach.

“As additional information becomes available, Anthem has committed to continue to work with the HITRUST C3 to disseminate any findings and lessons learned that can help other organizations better prepare and respond to these type of cyber incidents.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

 

Mobile devices malware detection

May 9th, 2013

A new method for identification of mobile devices malware, which usually are not detected by the common detection methods, and uses advanced methods of machine learning.

Cellular phones security is an intensively studied area by security companies and research institutions around the world since the release of G1 devices Android based operating system in 2009.

Recently discovered a new and sophisticated type of malware named Dropdialer, which was distributed to the Google apps store. This malware is installed as legitimate software by the user. Hostile code actually installed later using the ability of the “Automatic Update”, which is used by the software and allows it to “pull” independent software updates from a remote server. In this way malware can spread to a large number of devices without being detected. Retrieving hostile code can occur at a future random or fixed time, or as a command received from a remote server. This capability can be implemented in any malicious application.

The standard Antivirus software usually cannot detect this type of malware (self-updating malware) because the original app is completely innocent and therefore can escape from any static analysis method (code analysis without execution) or dynamic analysis (monitoring software at runtime). The difficulty in identifying such malware is also due to the fact that the ability to self-update serves application developers’ legitimate needs such as application version upgrade, adding stages in different games, bug fixes, and more.

The new method for self-updating malware identification uses advanced algorithms of machine learning, which learns the normal behavior of applications, thus allow detecting abnormal behavior in real time which may indicate that the app is malicious. An analysis of mobile smart phone malicious apps shows that about 70% focus on stealing sensitive information. Therefore, in this study we use the characteristics of a network to study the behavior of applications because they can point to information leakage.

The use of a limited number of characteristics (network characteristics) and the machine-learning algorithm allows to perform the learning behavior of applications, the monitoring and identification on the device itself, which is of course resources limited (i.e. battery).

Examples of properties which are used for studying the behavior of applications are: number of bytes sent or received in different time windows, such as 5 minutes or time since the app was active and connected to the net, etc.

The degree of behavior of an application is performed by using an algorithm based on a technique called Cross-Feature Analysis, which “learns” the relationship of each property relative to other properties of a normal behavior. In the monitoring phase, each sample is checked against each feature and whether the same relationship with other properties is maintained. In other words, we calculate each characteristic probability that it is normal given the values of other viewed properties, and take into consideration the probabilities along the value that represents the distance from normal behavior.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta