New Jersey

Routine audit reveals data breach

June 25th, 2015

A Maryland medical center discovered that a PHI data breach had taken place, affecting approximately 1,000 patients during routine audit. Affected information includes patient names and demographic information, such as dates of birth, ages, gender, medical record numbers and health insurance information in a few cases. Clinical information, such as treatment and/or diagnosis information, may also have been included.

According to the reports, Meritus Health was running routine compliance and self-audit efforts. It found out that an employee at one of the company’s vendors may have accessed patient information outside of normal job functions.

The company added that few patients may have had their Social Security number accessed but believes that financial information, such as credit card or bank account numbers, was not affected.

“We deeply regret any concern this may cause you,” Meritus said. “To help prevent something like this from happening again, we are working to further strengthen controls related to vendor access to patient information and we are enhancing our existing system monitoring capabilities with regard to vendor access.”

Meritus Health spokeswoman Mary Rizk mentioned that there is no evidence of information misuse.

“The letters were prepared and sent as quickly as possible; as soon as the incident was discovered by our security/privacy audit and a thorough investigation conducted to determine any individuals who may have been affected,” Rizk said. “As soon as the investigation was complete, and the names of potentially affected individuals determined, the letters were prepared and sent.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

 

 

Heart Group suffers computer breach

June 2nd, 2015

 

New York’s Buffalo Heart Group, LLP suffered data breach which potentially affected 500 to 600 patients. The exposed information includes patient names, dates of birth, addresses, telephone numbers, e-superbills, and appointment schedules. However, Social Security numbers, health information and financial information were not included.

“The recently completed internal investigation indicated insider wrongdoing resulted in the access of certain health information by unnamed third parties operating under the direction of a physician then associated with the medical practice and used by the physician to solicit patients in connection with the physician’s new employment,” according to a statement by the law firm Hurwitz-Fine that was published by WKBW Buffalo.

According to the statement:

The medical practice is working with the NYS Department of Health, Office of Professional Medical Conduct, on the matter, but emphasized that the computer system is secure, there has been no unauthorized access since June, 2014 and that it is unlikely that any precautionary or preventative measures are required to be taken by affected individuals.

Buffalo Heart Group has begun sending patient notification letters this week to affected individuals and has notified the federal Department of Health & Human Services.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

 

Beacon Health attacked by phishing scam

May 30th, 2015

Beacon Health System in South Bend, Indiana suffered a data breach when it was attacked by sophisticated phishing attack and unauthorized individuals gained access to employee emails. The affected information includes patient names, doctor names, internal patient ID numbers, and patient status (either active or inactive).  According to the reports, Social Security numbers, dates of birth, driver’s license numbers, diagnoses, dates of service, and treatment and other medical record information could also have been accessed for some individuals.

“Beacon continued an extensive review to determine if sensitive information was affected,” Beacon explained in the statement. “On May 1, 2015, Beacon was advised that protected health information was contained in the affected emails. While there is no evidence that any sensitive information was actually viewed or removed from the email boxes, Beacon confirmed that patient information was located within certain email boxes.”

Notification letters are sent to the affected individuals. According to beacon, there is no evidence of attempted or actual misuse of information. The statement fails to mention the number of people affected by the incident.

“Beacon is reviewing its policies and procedures and is implementing additional measures to prevent an incident like this from happening again,” the health system explained.

According to the statement:

Individuals are encouraged to regularly review any Explanation of Benefits statements received from insurers for suspicious activity. If an individual does not receive a regular Explanation of Benefits statements, he or she can contact his or her insurer and request copies. Individuals may want to order copies of credit reports and check for any unrecognized medical bills. If an individual finds anything suspicious, he or she can call the credit reporting agency at the phone number on the report.Individuals should keep a copy of notices in case future problems arise. Individuals may also want to request a copy of medical records from providers, to serve as a baseline.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

CD containing sensitive information goes missing

August 2nd, 2014

Jersey City Medical Center recently notified a Medicaid patient data breach that occurred as United Parcel Service (UPS) failed to deliver an unencrypted CD with patient data on it. The CD contained unknown number of Medicaid patients’ names and some Social Security numbers.

For some patients information like date of birth, medical record number, gender, and information on visits to the Medical Center: admission and discharge dates, inpatient or outpatient status, number of days care was received, dollar amount of Medical Center charges incurred for care, name of health insurance payer(s), amounts paid by patient or insurers, and/or general type of claim and/or revenue code was present on the CD.

CD was supposed to be couriered at Jersey City Medical Center. The location of the CD remains mystery as no one knows where it is currently. According to the reports, Barnabas Health system will be offering one year credit monitoring.

“While UPS has no evidence that personal information has been made available to any unauthorized parties, or misused in any way, patients are being advised to be aware of any suspicious activity and to monitor their credit reports and financial accounts.” The notification letter, signed by Shani Newell, Privacy Officer says.

Facts related to this incident are –

  • There was a breakdown in protocols to locate and find lost packages.
  • Medical Center reviewed its incident prevention technology to avoid future instances of breaches.
  • Medical Center will attempt to encrypt patient data henceforth
  • Medical Center has since changed its policies to no longer send unencrypted CDs with patient information

“We have followed up extensively with UPS regarding this incident, attempting to ensure that UPS has followed all of its internal procedures designed to locate missing packages.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

 

1,100 Pediatric Patients’ Health Information breached after stolen laptop

January 7th, 2014

New Jersey’s Barnabas Health recently informed about an unencrypted laptop was stolen on September 24, 2013 from the Barnabas Health Medical Group’s Pediatric Specialty Center which is located in Livingston, N.J. Although the theft was discovered on the same day and police were notified for it but the laptop has not been recovered. Letters were sent to the affected customers.

The stolen laptop contained information which was attached to pulmonary function testing (PFT) equipment information on its hard drive. There is a possibility of data theft of patients’ names, birthdates, testing dates, testing results, physicians’ names, and other demographic information. More information like addresses, financial information or insurance or other identification numbers was not available on it.  Company has informed customers to report any unauthorized activity related to data breach.

Despite the laptop theft, any violation of personal information has not been reported to the company. Company stated availability of printout of PFT forms of the patients ensuring continuity of care and accessibility by the treating physician.

“Patients with questions relating to this incident should call 800-583-1191 between the hours of 9:00 AM and 5:00 PM. Barnabas Health Medical Group sincerely regrets this unfortunate incident and considers the security of patient information to be of utmost importance.” Barnabas Health mentioned in the notification to the customers.

Many measures have been added up like review of applicable safeguards and use against unencrypted laptops to avoid such incidents. Retraining of various patient privacy and security obligations and policies took place for employees of the centre.

Organizations can use encryption software like Alertsec Xpress to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

Two Horizon Blue Cross Blue Shield of New Jersey laptops stolen

December 19th, 2013

More than 800,000 members of Horizon Blue Cross Blue Shield of New Jersey (BCBSNJ) were sent notification letters after two unencrypted laptops were stolen from the insurance provider’s Newark headquarters. The notice was sent to alert the members that their personal information may have been compromised.

The stolen laptops were unencrypted, but what comes as a relief is that they were password-protected. Sensitive information on roughly 840,000 members was stored in the laptops, including names, addresses, dates of birth and Horizon BCBSNJ identification numbers. Social Security numbers and clinical information were also included.

“Our top priority at the moment is making sure our members are protected. We are in the process of notifying our members, who are affected, to apologize for this incident and to provide free credit monitoring and identity theft protection to those members’ whose Social Security numbers were involved” said Thomas Vincz, a Horizon BCBSNJ spokesperson.

Horizon BCBSNJ officials were informed that two laptops were stolen, despite being cable-locked to employee workstations. The insurance company began notifying affected members via mail following an initial investigation with the Newark Police Department.

Horizon BCBSNJ also hired outside computer forensic experts who determined that not all the information contained on the laptops would be accessible due to the configuration of the machines.

The laptops have yet to be recovered and an investigation is still ongoing, Vincz said. The information has not been used in any way and officials with Horizon BCBSNJ do not believe the laptops were stolen for the information the devices contained, according to a statement posted to the website.

Vincz said “Horizon is still investigating the encryption procedures and the use of member information as it relates to the two stolen computers. Horizon is also reviewing its inventory of computers and its security and encryption procedures in general. We will also be enhancing employee training with respect to the security of company property and member information”.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

Largest Data-Breach Scheme in U.S.

August 15th, 2013

Five hackers were charged in the largest hacking scheme ever in U.S. history. It was a break-in to computers of retail chains that included 7-Eleven Inc. and Carrefour SA (CA), said the French retailer.

This hacking scheme targeted the Nasdaq OMX Group Inc. (NDAQ) and 800,000 bank accounts at Citigroup Inc. (C) and PNC Financial Services Group Inc.

Paul Fishman, the U.S. attorney in New Jersey said “In this worldwide scheme that targeted major corporate networks, the hackers stole more than 160 million credit card numbers and resulted in hundreds of millions of dollars in losses”.

He further commented “this type of crime is the cutting edge. Those who have the expertise and the inclination to break into our computer networks threaten our economic well-being, our privacy and our national security.”

“Sniffer” programs were used to steal credit card information, by targeting companies that processed financial transactions and retailers that received and transmitted financial data.

According to an indictment unsealed in federal court in New Jersey, “The five men operated ‘a prolific hacking organization’ that penetrated the secure computer networks of several of the largest payment-processing companies, retailers and financial institutions in the world”.

 

The data stolen by the hackers, known as “dump”, was sold to “dumps resellers”, who then sold it to organizations or individuals through online forums.

The men encoded the data into the magnetic strips of blank plastic cards and withdrew money from automated teller machines and made credit-card purchases, the U.S. said.

“Financial institutions, credit card companies and consumers suffered hundreds of millions in losses, including losses in excess of $300 million by just three of the corporate victims, and immeasurable losses to identity-theft victims,” according to the indictment.

The hackers used the stolen data to create ATM cards, which were used to withdraw $2.9 million from Citibank accounts. Back in 2008, Citibank’s online banking website was attacked by use of a computer program, it resulted in the theft of account information of more than 300,000 accounts. That data was also stolen to create ATM cards and it led to theft of $3.6 million.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta