Patient

Prima Care suffers data breach

August 3rd, 2015

Prima CARE, P.C. recovered a binder containing personal information from the bushes in a parking lot on May 25, 2015. The document contained information of 1,651 patients. Potentially breached information includes names, addresses, phone numbers, dates of birth, medical record numbers, hospital account numbers, insurance numbers, treatment date and certain clinical information. Patients who received care from Prima healthcare providers between 2007 and 2012 were affected.

“The binders were promptly returned after being discovered and are now safely in Prima CARE’s possession,” the statement read. “An investigation determined that the binders were created by a former Prima CARE employee who used the information to track work performance, but had failed to appropriately file or discard the documents following their use.”

Prima mentioned that the improper disposal was done without its knowledge or consent, and was in violation of its practices.

“We take the privacy and security of our patients’ information seriously and have taken steps to mitigate the potential for any harm to result from this incident and to prevent a similar event from occurring in the future,” Prima explained.

According to the statement, Prima Care will review its policies and procedures. It will also review its employee training programs to ensure that a similar incident does not happen again.

“We understand the concerns of patients involved in this incident,” Orlando Health reportedly said in its letter. “The privacy and security of our patients’ health information is a top priority for us. We conducted a thorough investigation of the incident and found no evidence of malice or intent.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

 

Data breach in Mayo Clinic Health

July 23rd, 2015

The Mayo Clinic Health System in Red Wing, Minnesota reported data breach when 601 patient records were inappropriately accessed by an employee. According to the Mayo Clinic Public Affairs Manager Asia Zmuda – “an employee accessed patient records beyond the scope of authorized access and assigned job responsibilities.” The employee is no longer employed at the health system, according to the emailed statement.

“An internal investigation was immediately launched and a detailed analysis of the individual’s access yielded no evidence that financial information was accessed or that any health information was further disclosed,” Mayo Clinic explained. “Mayo Clinic will continue the proactive monitoring of patient records to prevent further incidents from occurring. Mayo Clinic takes this matter very seriously and is committed to maintaining the highest levels of integrity and trust for those it serves.”

Mayo Clinic is currently in the process of notifying patients who were affected by this incident, according to the organization’s statement. It was not specified what type of information was accessed, but Zmuda underlined the fact that financial information was not involved and that health information was not further disclosed.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Two computers stolen from Arkansas Blue Cross

July 21st, 2015

Arkansas Blue Cross Blue Shield members sent out potential data breach notification letters after its computers were stolen. Computers belonged to Treat Insurance Agency, which solicits applications from individuals for insurance coverage through multiple insurers which includes Arkansas Blue Cross.  ABCBS did not reveal the details of information present on the computers.

“Treat Insurance Agency very much regrets that theft from their offices has affected Arkansas Blue Cross members and applicants,” Arkansas Blue Cross Senior Vice President Ron DeBerry said in a statement.

“To reduce the risks that any similar thefts might affect our valuable customers, we will request independent insurance agents to protect their computer records by using encryption

technology on all computers storing any applications for Arkansas Blue Cross.”

The computers contained sensitive information of 560 Arkansas Blue Cross applicants. According to the reports, affected individuals by this incident will receive one year of complimentary identity protection services. The details of the theft are not known.

“The notification required by this section shall be made after the law enforcement agency determines that it will not compromise the investigation,” the legislation states. “Notification under this section is not required if after a reasonable investigation the person or business determines that there is no reasonable likelihood of harm to customers.”

As the device is stolen, ABCBS explained that there is no way to determine if an unauthorized person attempted to access the patient information. Also, it did not specify if the stolen computers were encrypted.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

 

Maryland facility scam hit by Email Phishing scam

April 27th, 2015

Maryland-based St. Agnes Health Care, Inc. recently mentioned on its website that it suffered data breach when one of its employees was the victim of an email phishing scam. St. Agnes said that it sent data breach notification letters to approximately 25,000 patients. It included the warning as protected information was potentially exposed.

“We are taking the necessary and appropriate steps to prevent this type of incident from occurring in the future,” Saint Agnes Corporate Responsibility Officer Sharon McNamara said in a statement. “Specifically, we will continue to implement administrative, technical and physical safeguards against unauthorized access of protected health information.  In this instance, we reported the incident to our email service provider and are evaluating additional ways to enhance our already robust security program.”

The affected information includes patient names, dates of birth, genders, medical record numbers, insurance information, and limited clinical information. There were four cases where Social Security numbers were exposed.

“Through a fraudulent e-mail communication, sophisticated hackers gained access to protected health information contained in an employee e-mail account,” the statement read.

The statement failed to mention the date and time of breach incident.  Identity monitoring and protection services will be offered free of charge as appropriate for individuals whose social security number has been compromised by this incident.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Missing documents lead to data breach

April 2nd, 2015

Life Care Center of Attleboro in Massachusetts suffered a data breach when the company that stores its patient records could not find certain documents. Iron Mountain which stores records for Life Care Center could not find certain documents which contained patients’ information. The breach came to notice during the audit. The affected patients involved those who received medical care in Life Care Center between 1992 and 2004. Employees who worked at Life Care between 1992 and 1999 may also suffer a data breach.

The compromised information includes patient names, addresses, Social Security numbers, dates of birth, diagnoses, and other medical status and assessment information. The missing box of documents may also contain financial information. It is not clear how the incident occurred.

“We are taking this matter very seriously and have conducted a thorough investigation,” the statement read. “Please be assured that we have taken every step necessary to mitigate the circumstances resulting from this incident and to ensure an incident like this does not happen again.

According to Iron Mountain, records were inadvertently destroyed during a planned consolidation of storage facilities by a predecessor company.

“We are taking this matter very seriously and have conducted a thorough investigation,” the statement read. “Please be assured that we have taken every step necessary to mitigate the circumstances resulting from this incident and to ensure an incident like this does not happen again.”

Iron Mountain mentioned that it will continue the search.

“Until Iron Mountain completes a full audit of its records, they will not be able to ascertain whether the stored boxes are located, missing, misplaced, or destroyed,” according to Life Care. “This audit is expected to be completed by December 2015.”

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Florida Hospital Employees compromise Patient PHI

March 21st, 2015

Two employees are terminated allegedly for printing documents which contained patients’ information. According to the Florida hospital, it was outside their normal job routines.  The affected count is 9000 patients. The employees printed patient facesheets, which are summary cover sheet to a patient’s medical record.

The affected information includes patients’ names, addresses, Social Security numbers, phone numbers, emergency contact information, health insurance information and certain health information such as physician names and diagnoses.

The incident affected below hospitals:

  • Florida Hospital Orlando
  • Florida Hospital Altamonte
  • Florida Hospital Apopka
  • Florida Hospital East Orlando
  • Florida Hospital Kissimmee
  • Celebration Health
  • Winter Park Memorial Hospital
  • Walt Disney Pavilion at Florida Hospital for Children

“This incident should not be a reflection of the collective workforce at Florida Hospital, who work tirelessly to provide the highest quality of care and protect patients’ rights,” Florida Hospital spokeswoman Samantha Kearns O’Lenick told the news source.

Florida hospital mentioned that till now there is no evidence of information being misused. Hospital has set up a dedicated call center to answer individual’s questions or concerns.

“We deeply apologize for the inconvenience this may cause our patients,” the statement read. “Rest assured, we investigated the matter internally and have taken measures to ensure this type of incident does not occur again by continuing to enhance security safeguards and reinforcing education with our staff on the importance of handling patient information.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Security Breach due to stolen device

January 30th, 2015

Premier Home Health (Premier) may likely suffer data breach due to stolen laptop and cell phone from a nurse’s apartment. The incident puts PHI at risks for 2,700 patients.  Premier is an Senior Health Partners (SHP) business associate. According to SHP, laptop was password protected and encrypted.

An SHP press release mentioned that a laptop bag that contained both the laptop and the cellular device was stolen. The cell phone was not password protected or encrypted and  the encryption key for laptop was stolen with the laptop bag

According to the forensic expert hired by SHP, it was unclear if the laptop was inappropriately accessed. Affected information includes names, addresses, Social Security numbers, Medicaid ID numbers, dates of birth, phone numbers, type of medical services provided, diagnoses and health insurance claim numbers.

According to the statement:

 Senior Health Partners sincerely regrets that this incident occurred.  It takes the privacy and security of members’ health information very seriously and expects its vendors to do the same. SHP values the trust its members have placed in it as their health plan, and it is SHP’s priority to reassure its members that it is taking steps to ensure its members’ information is protected.

Although there is no report of any attempted or actual misuse of member information, SHP has retained AllClear ID to protect its members’ identities. SHP members who have been affected by this incident will receive access to one year of free identity and credit monitoring and restoration services, along with access to a confidential assistance line and an identity theft protection specialist. SHP is reviewing and updating its policies and procedures, and those of its business associates, to prevent a similar incident from recurring. SHP has advised its members to contact the confidential assistance line or their Care Manager for more information.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Laptop stolen from Car

December 25th, 2014

According to the company statement, DJO Global employee’s laptop was stolen from a locked car in Roseville, Minnesota. While the laptop was password protected but it contained personal patient’s information. According to the company, apart from password protection, the laptop had firewalls, anti-virus software, logical access control and tracking/remote management software.

The affected information includes patient names, phone numbers, diagnosis codes, DJO products received by patients and the dates that products were ordered or shipped. According to the reports, information about doctors that tended to patients may have been included in the laptop.

“Since learning about this incident, we have been working very closely with data privacy experts,” the statement read. “As of today, we have conducted a thorough investigation and have uncovered no evidence that any personal information has been misused.”

The affected numbers of patients is not disclosed by the DJO but all the affected are informed about the breach. No credit card information was included but a small number of Social Security numbers were present on the laptop.

“Please be assured that we also are taking reasonable steps to mitigate the circumstances resulting from this incident and to ensure an incident like this does not happen again,” DJO said.

According to the statement:

  • Since learning about this incident, DJO have been working very closely with data privacy experts.
  • DJO has conducted a thorough investigation and have uncovered no evidence that any personal information has been misused.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Northwestern Memorial laptop stolen

December 19th, 2014

 

Data breach occurred when Northwestern Memorial password protected, unencrypted laptop containing patient information was stolen from inside of employee’s vehicle. The affected information includes patients’ names, addresses, dates of birth, health insurance information, billing codes, date of services, physician’s name, medical record numbers, diagnosis, and treatment information. In a few cases, Social Security numbers might have also been compromised.

According to the statement on the website:

“We deeply regret any inconvenience this may cause you,” the statement read. “NMHC has a robust privacy and security program, including encryption of laptop computers. To help prevent something like this from happening again, NMHC is confirming and ensuring encryption of all laptop computers and reinforcing education with our staff on the importance of handling patients’ information securely.”

Northwestern Memorial has notified around 3,000 patients that their PHI was potentially compromised. According the reports, there is no malicious use of data. However, notification letters were sent to potentially affected patients and individuals are urged to reach out to a dedicated call center if they have any questions or concerns.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Brigham and Woman’s Hospital suffered data breach

November 24th, 2014

Brigham and Woman’s Hospital (BWH) laptop was stolen which may have exposed Protected Health Information (PHI) of certain individuals. An armed robbery off hospital ground led to stealing of BWH physician’s laptop and cell phone. According to the reports, physician was forced by the robbers to reveal pass codes and encryption keys.

“Possession of the pass codes/encryption keys along with the devices themselves could provide an individual the ability to view information stored on the laptop or cell phone,” BWH said. “The theft was immediately reported to the Boston Police Department.”

The hospital is unaware of the devices and the status of information access by the robbers is unknown. The devices include information about patients receiving treatment at BWH’s Neurology and Neurosurgery programs. The affected patients count stands at 999 for breached information which includes Patient names, medical record number, age, medications, and information about diagnosis and treatment. Social Security numbers or other financial information was not present on the devices.

“Upon learning of this theft, BWH initiated a thorough investigation, including the creation of a multidisciplinary workgroup to respond to this incident,” the statement said. “BWH is currently reviewing related policies and procedures in an effort to determine if there are steps that BWH can take that may decrease the likelihood of reoccurrence of this type of incident in the future.”

The hospital started sending letters to potentially affected patients asking them to report any illegal activity.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.