New York

New York facility suffers data breach

May 22nd, 2015

A former employee at HHC Jacobi Medical Center in the Bronx improperly accessed and transmitted files containing PHI to her personal email account. According to the reports, the incident has put the PHI of 90,000 patients at risk.  Apart from that, the employee also sent the information to her email account at her new employer, New York City agency.

Affected information includes patient names, addresses, dates of birth, telephone numbers, medical record numbers, treatment dates and types of services, and limited sensitive health information. Information related to health insurance identification numbers, which may have included Social Security numbers

, were also potentially exposed for some patients.

“The unauthorized disclosure was discovered by HHC’s information governance and security program that, among other things, monitors and detects all email communications that contain PHI and other confidential information that are sent from HHC’s information systems without proper authorization,” the statement read.

HHC believed that there is no evidence showing that the data was misused in any way, or that it was viewed or sent to anyone other than the former employee.

“HHC has taken immediate measures to prevent the recurrence of this incident, including the automatic blocking of communications containing PHI and other confidential information from being sent from HHC’s information systems to any site or entity outside of the HHC security network other than for legitimate business purposes,” the organization said.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Security Breach in California

January 20th, 2015

California Pacific Medical Center (CPMC) mentioned in recent press release that one of its pharmacist employees possibly accessed patient records with no apparent business or treatment reason. There is possibility of data breach due to this incident. As per the policy, CMPC terminated its relationship with the pharmacist employee when the incident was discovered. CPMC audit of its electronic medical record (EMR) system revealed the probable data breach.

Affected information includes the last four digits of patient Social Security numbers, clinical information, and prescription information. CPMC notified affected 844 patients about the incident. According to the press release:

 The type of information varied for each patient. While the employee potentially viewed the last four digits of some social security numbers, the employee did not have access to full Social Security numbers, driver’s license numbers, California identification numbers, credit card numbers or financial account information. CPMC has no evidence of a malicious intent or any unauthorized sharing of patient information by the employee. CPMC believes that the employee accessed the information out of curiosity.

No action is required by the patients in response to CMPC’s notice.

CPMC takes patient privacy very seriously. CPMC has also reiterated to all staff that policy allows them to access patient information only when necessary to perform job duties and that violating this policy may result in loss of employment.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

 

Stolen cellphone causes data breach

January 18th, 2015

 

Albany, New York-based St. Peter’s Health Partners revealed that its manager cellphone got stolen and may lead to potential healthcare data breach.  The affected entity involved emails from the cellphone. After the investigation by St. Peter’s officials, it was determined that the cellphone was not encrypted.

 

According to the reports, the stolen cellphone may have contained emails that included patient appointment scheduling information for St. Peter’s.  Emails within the stolen device did not include any health record information or information on inpatient hospital treatment or emergency care.

 

Officials at the healthcare facility said there is no indication that emails have been accessed or viewed at this time. According to the news source, they believed the theft was random. After the incident, St. Peter’s reviewed all mobile devices networked to its corporate email system to ensure security compliance in response to this incident.

 

Steps to prevent data breach – cellphones:

 

  • Proper antivirus should be installed on cellphones
  • Periodically change the password to the corporate accounts
  • Encryption of the cellphone
  • Don’t install malicious software
  • Visual notifications for abnormal activity
  • Biometric identification
  • Using secured network access
  • Conducting security audit
  • User awareness about the proper usage

 

Alertsec strengthens security

 

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

 

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

 

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Data breach may affect 200,000 individuals

December 17th, 2014

Belle Glade office of Family Central, Inc. in Florida suffered data breach when former employee accessed the electronic database inappropriately. The said database manages the personal information of individuals applying for or receiving services from the coalition.

“The security breach compromised the personal information of individuals whose data is contained in the system, including parents and children residing in Palm Beach County who have received school readiness services or participated in the Voluntary Prekindergarten Education Program,” the statement read.

According to the reports, federal officials are investigating the incident. Individuals who have received services from the organization are encouraged to carefully monitor their credit history and enroll for free fraud alerts with one of the three major credit agencies.

“Family Central has implemented additional security measures including expanded security training for all employees, further restricting access to the information system and revising data security policies,” the statement said.

Currently, 177 individuals are affected but the number can grow.

According to the statement published on company’s website –

Individuals who have received services from the coalition and Family Central, Inc., may wish to review their credit history for any potential fraudulent or suspicious activities they have not authorized.  To protect themselves from the possibility of identity theft, they may also place a free fraud alert on their credit files.  A fraud alert notifies creditors to contact individuals before opening new accounts in their name.  

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Series of lawsuits against Good Samaritan

December 7th, 2014

Troy, NY-based Good Samaritan Hospital breach has various pending lawsuits from seven parties which include four current or former correction officers, a jail employee, the family of a correction officer on behalf of a minor child, and a private individual who sued the county.

“Rensselaer County has paid $25,000 in a court award and set aside $90,000 for expected legal fees in a flurry of lawsuits brought by jail officers and others whose medical information was viewed for years by employees using a computer in the jail nurses’ office,” the article stated.

Good Samaritan has earlier notified 23 people about data breach which resulted from stolen data from Rensselaer County Jail’s nurse’s station. The recent example involved inappropriate access to girl’s record. Case was resolved by parents agreeing for $25,000 settlement. Incident involved next door neighbor who is Rensselaer County Jail officer reportedly gaining access to the girl’s data.

To safeguard information companies should follow below steps:

  • Keep all HIPAA safeguards up-to-date
  • Training employees for importance of securing the data
  • Staff members must understand what type of medical access is appropriate
  • Proper HIPAA technical safeguards can monitor when employees log in, and whether that access is necessary

One should understand importance of technical safeguards whose definition goes by:

The technology and policies meant to protect electronic health information is safe. There used to be two divisions for this safeguard called “technical security and mechanisms” and “technical security services.” Covered entities are not forced to choose a specific type of technical safeguard as long as what they choose permits them to remain HIPAA certified and compliant.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.