Patient

Bon Secours suffers data breach due to former employee

November 17th, 2014

Employee’s access to patient’s PHI leads can lead to unauthorized activity. Hence, companies are generally advised to monitor the system. The recent incident involves, Bon Secours Kentucky Health System where former employee had accessed PHI information from the system. The total number of affected patients stands at 700. According to the reports, the affected data includes names, dates of birth and the last four digits of their Social Security number.

For few patients, there is wider breach which includes names, dates of service, provider and facility names, patient account numbers (which may have included Social Security numbers), dates of birth, and treatment information, such as diagnosis. Bon Secours found that a user ID and password assigned to a former employee had been used to access information in the Athena health system

“Due to the nature of the access, and out of an abundance of caution to protect our patients, we approached law enforcement, specifically the Secret Service, to assist us with our investigation,” the statement read. “The Secret Service asked Bon Secours to delay notifying patients until their investigation was complete so as not to compromise their investigation.”

Bon Secours notified the affected patients by mail about the breach and one year of free credit monitoring and identity protection services is initiated.

“We are deeply sorry that this occurred,” the statement read. “In response to this matter, we are working with our vendor, Athena, to ensure that all user IDs and passwords to their system are properly and permanently disabled when Bon Secours determines that an employee should no longer have access to information in the Athena system.”

Alertsec strengthens security
Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Tampa General hospital data breach

October 7th, 2014

Employee access is another major area to work upon, as the new data breach in Tampa General proved the limits of data security. Tampa notified 675 patients that their data had been compromised as a result of a former employee’s inappropriate access.

According to the hospital investigation data compromised includes patient names, addresses, dates of birth, admitting diagnoses, names of insurance payers and in some instances, Social Security numbers. But medical records weren’t compromised. The employee had the records with him during Tampa Police Department traffic stop that led to his arrest. Tampa immediately ordered termination of the employee.

According to the Tampa General hospital statement:

Tampa General Hospital (TGH) is committed to maintaining the privacy and confidentiality of our

patients’ information. Regrettably, this notice concerns an incident involving some of that information.

We deeply regret any inconvenience this may cause our patients. To help prevent this from happening in the future, we continually communicate to and educate our staff on the importance of protecting and securing patient information; emphasizing the importance of reporting any unusual staff behavior as we enhance procedures to prevent and detect misuse of patient information. We have also implemented technology that blocks patient information based on an employee’s job description, including limiting access to patients’ Social Security numbers.

We want to assure our patients that we are taking this matter very seriously and are actively cooperating with law enforcement in their investigation.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Temple University laptop stolen

September 15th, 2014

A Temple University physicians’ office alerted 3,780 patients about data breach caused due to laptop theft from its surgery department. The Temple University physicians’ office laptop included patient names, ages, billing codes, and, in some cases, the names of the referring physicians. Local authorities and the Department of Health and Human Services (HHS) were notified by the Temple.

“To help monitor the potential misuse of the stolen information, Temple has offered identity-monitoring services within the United States to all affected patients for 12 months, at no cost to them,” the statement said. “We deeply regret this incident and the inconvenience this may have caused our patients.”

After the breach, Temple office said it will reinforce employee training, boost physical security and improve technical security measures on desktop computers. The laptop was not encrypted as per the Temple. They also said that hospital staff has been re-trained in computer security and steps have been taken to improve physical surveillance. The theft comes in the month involving 4.5 million medical records stolen from Community Health Services, by computer hackers allegedly from China.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Incorrect mailing leads to data breach

September 12th, 2014

Lowa hospital confirmed data breach when human error along with technical issues led to patients’ information being sent to the wrong recipient. Monte Goodyk received his medical bill with the billing information of 11 other Pella Regional Health Center patients.

“Well, you freak out initially, because your first thought is if I have their information, they may have my information,” Goodyk told the news source. “You can almost tell what’s wrong with this patient and what they’re going to the hospital for. I should not know this information about this patient.”

According to the reports, the name and billing information of 11 patients was incorrectly included on a statement to one patient.

“We determined that a number was incorrectly entered into our computer system when an individual checked into one of our clinics,” the spokesperson said in an email. “Our systems failed to identify the human error had happened. Pella Regional Health Center reached out on Friday to all 11 patients involved by phone and connected with 8 of the 11 patients affected. A follow-up letter was sent to each individual with information and our apologies.

Pella Regional’s privacy officer and senior administration is reviewing how they can prevent this type of mistake from happening again, the spokesperson said.

“Today it was discovered that information including your name and Pella Regional Health Center billing information was included on a statement to another patient,” read a letter sent to the 11 patients. “While no diagnosis information was included, we apologize for this breach of information.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Dorn VA medical center may have suffered data breach

September 9th, 2014

The Dorn Veterans Administration Hospital may have suffered data breach after officials recently came to know that several boxes with patients’ information had gone missing. According to the reports, four boxes of pathology reports that were stored in a locked area are not present in the desired place.

“We are contacting our Veterans who may have been impacted,” Medical Center Director Timothy McMurry said in a statement. “For we take the loss of personal information very seriously.”

Details of the boxes are –

  • Records in question are only from the years 1999, 2000, and 2002
  • Patients’ names, Social Security numbers (SSNs) and pathology reports are included in the missing files
  • 2,000 patients may have had their personal information compromised

Dorn officials came to know about the missing boxes when they planned moving them in long term storage facility. Officials believe that till date no information is being misused however they mentioned that one year of free credit monitoring is available to veterans who are notified in writing. This is not the first time that Dorn found itself face-to-face with a security issues, earlier unprotected laptop was stolen. According to the reports, patient names, birth dates, weight, race, respiratory test results and partial Social Security numbers (last four digits) were all included on the pulmonary testing lab laptop. Till date, laptop is not recovered.

CD containing sensitive information goes missing

August 2nd, 2014

Jersey City Medical Center recently notified a Medicaid patient data breach that occurred as United Parcel Service (UPS) failed to deliver an unencrypted CD with patient data on it. The CD contained unknown number of Medicaid patients’ names and some Social Security numbers.

For some patients information like date of birth, medical record number, gender, and information on visits to the Medical Center: admission and discharge dates, inpatient or outpatient status, number of days care was received, dollar amount of Medical Center charges incurred for care, name of health insurance payer(s), amounts paid by patient or insurers, and/or general type of claim and/or revenue code was present on the CD.

CD was supposed to be couriered at Jersey City Medical Center. The location of the CD remains mystery as no one knows where it is currently. According to the reports, Barnabas Health system will be offering one year credit monitoring.

“While UPS has no evidence that personal information has been made available to any unauthorized parties, or misused in any way, patients are being advised to be aware of any suspicious activity and to monitor their credit reports and financial accounts.” The notification letter, signed by Shani Newell, Privacy Officer says.

Facts related to this incident are –

  • There was a breakdown in protocols to locate and find lost packages.
  • Medical Center reviewed its incident prevention technology to avoid future instances of breaches.
  • Medical Center will attempt to encrypt patient data henceforth
  • Medical Center has since changed its policies to no longer send unencrypted CDs with patient information

“We have followed up extensively with UPS regarding this incident, attempting to ensure that UPS has followed all of its internal procedures designed to locate missing packages.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

 

Marketing firm acquires patient names and address

July 28th, 2014

In an unprecedented event, Essentia Health of Fargo, North Dakota, has suffered data breach due to educational event. A marketing firm was able to access 430 patient names and addresses without their consent. Incident occurred when someone from the Essentia gave portable device containing patient data to the firm, Get Marketing. Essentia chief compliance and privacy officer Vicki Clevenger maintained that no patient medical data had been compromised.

“We have also taken the appropriate actions according to our policies and have provided additional education to the staff members involved to prevent future occurrences,” Clevenger said to inforum.com. “There was no additional information shared, including no medical and clinical information,” Clevenger added.

When Essentia was sending patients information to a free educational event that offered new procedures for those dealing with lower back pain, the breach occurred. In all 70 patients attended the event, but Essentia did recognize that a breach had occurred when the event was being promoted. Jodine Wien, a Moorhead patient, complained to Essentia when she found that her name and address had been given to Get Marketing that was involved in sending out the invitations.

“I’m a little angry at Essentia,” Wien said Monday, adding that she was displeased with the health provider’s initial responses to her complaint. “I was treated completely rudely and nobody wanted to say anything.”

Essentia determined that patients’ names and mailing addresses were “erroneously” released to Get Marketing, which was “engaged and paid by a medical device manufacturer, not Essentia Health,” Clevenger wrote Wien.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Two men stole an unencrypted laptop

July 25th, 2014

Self Regional Healthcare of Greenwood, S.C. is affected by data breach when two men stole laptop during memorial weekend. It was not clear how many patients were affected by this incident. As per the data, Self regional Healthcare serves around 250,000 patients.

Self regional has notified South Carolina Department of Health. According to reports the patients affected stands around 500 and the records included patients’ names, Social Security numbers, driver’s license numbers, treating physician names, insurance policy numbers, patient account numbers, service dates, diagnosis/procedure information, payment card information, financial account information, and possibly addresses.

Self Regional posted a notice on its website, with comment from President and CEO Jim Pfeiffer

Self Regional takes the security of our patients’ personal information very seriously . . . We retained third-party computer forensic experts to assist with the investigation of this incident, even though the intruders admitted their actions to law enforcement and claimed never to have accessed the laptop. Because we do not have the laptop in our possession, Self Regional must assume there is a possibility that someone may have accessed certain patients’ protected health information.

The two thieves were caught later and one told to the police during the briefing that laptop was thrown in the lake which authorities failed to trace. The act of thief appears to be general theft and not targeted attack for information contained on the laptop. Laptop was unencrypted and pose a threat for the patient’s whose information was present on the laptop.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

– See more at: http://blog.alertsec.com/#sthash.EXcVYngp.dpuf

St. Joseph Health’s patients’ data stolen

July 10th, 2014

St. Joseph recently took over Regional Medical Group’s imaging center and recent data breach shows example of what can happen after transition. Total of 33,702 patients were affected by this breach. A thumb drive was stolen from employee’s locker which was not locked during the incident. Information related to Encryption status of the thumb drive was not available.

Affected data due to breach includes patient names, gender, medical record numbers, date of birth, date and time of service and X-ray details. Affected patients were treated with X-ray services. The data was restricted to X-rays only. No other imaging exams — such as mammograms or MRIs — were included on the drive.

The stolen thumb drive did not contain information on specific illness or patient diagnoses nor did it include any patient financial information, including insurance data or Social Security numbers.

“We take our obligation to protect our patients’ privacy very seriously,” said Todd Salnas, president of St. Joseph Health in Sonoma County, to the Democrat. “We apologize to those patients affected and have already implemented a number of security measures and other protocols so that this doesn’t happen again.”

Salnas also added that St. Joseph would be putting new procedures in place to boost physical security, such as using new security personnel, improving employee awareness and implementing a new alarm system.

“We are in the process of standardizing the records from Redwood Regional Medical Group to St. Joseph,” said Salnas. “Not only the data but procedures and policies, which we’re still in the process of completing.”

 

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

St. Joseph Health’s patients’ data stolen

June 10th, 2014

Password 'fido' ...item 3b.. Five Characters i...

St. Joseph recently took over Regional Medical Group’s imaging center and recent data breach shows example of what can happen after transition. Total of 33,702 patients were affected by this breach. A thumb drive was stolen from employee’s locker which was not locked during the incident. Information related to Encryption status of the thumb drive was not availale.

Affected data due to breach includes patient names, gender, medical record numbers, date of birth, date and time of service and X-ray details. Affected patients were treated with X-ray services. The data was restricted to X-rays only. No other imaging exams — such as mammograms or MRIs — were included on the drive.

The stolen thumb drive did not contain information on specific illness or patient diagnoses nor did it include any patient financial information, including insurance data or Social Security numbers.

“We take our obligation to protect our patients’ privacy very seriously,” said Todd Salnas, president of St. Joseph Health in Sonoma County, to the Democrat. “We apologize to those patients affected and have already implemented a number of security measures and other protocols so that this doesn’t happen again.”

Salnas also added that St. Joseph would be putting new procedures in place to boost physical security, such as using new security personnel, improving employee awareness and implementing a new alarm system.

“We are in the process of standardizing the records from Redwood Regional Medical Group to St. Joseph,” said Salnas. “Not only the data but procedures and policies, which we’re still in the process of completing.”

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.