Medical billing company suffers data breach

May 20th, 2015

University of Pittsburgh Medical Center (UPMC) suffered a data breach when third party working with the facility reported that approximately 2,200 UPMC patients may have had their records exposed by an employee.

After the incident, a Medical Management LLC employee, no longer works for the company. It was found that the employee copied certain items of personal information from the billing system over the past two years and then illegally disclosed that information to a third party.

Affected information includes names, dates of birth and Social Security numbers. Statement mentioned that there is no evidence that information about medical histories or treatments was disclosed.

According to the statement:

“We apologize for any anxiety or inconvenience that this incident may cause for our patients,” John Houston, UPMC’s vice president of privacy and information security, said in a statement. “We hold our vendors to the same high privacy standards that we have for ourselves. Based upon the ongoing investigation, we will make whatever changes might be necessary to further enhance our already stringent privacy protections, especially those that apply to our business partners.”

“UPMC has been informed by law enforcement authorities based on their ongoing investigation that more employee information was stolen than they originally knew,” Gloria Kreps, a UPMC spokeswoman, wrote in an email to the Pittsburgh Post-Gazette. “This new information has indicated that employee names, Social Security numbers, addresses, salaries, bank account numbers and bank routing numbers may have been accessed.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Computer server goes missing

November 20th, 2014

A subsidiary of Pennsylvania-based health insurer Highmark Inc., Visionworks is facing potential data breach when its computer server went missing from Annapolis store.  Though safeguards and measures exist, incident like this happens when there is negligence in handling computers and data storage devices.

According to the reports, server consisted of partially encrypted Protected Health Information (PHI) which doesn’t includes Social Security numbers. The total of the affected patients stands at 75,000 customers. According to the Visionworks, Customer credit card numbers were encrypted.

Lisa Martinelli, the chief privacy officer for Highmark Health told that company is currently in the process of notifying affected patients. She also told that customers are offered free credit monitoring for one year.

According to the Statement:

An investigation is currently underway to locate a missing database server, which was replaced on June 2, 2014 during scheduled upgrades.

While the location of the server has yet to be determined, it is believed to have been sent to one of the store’s local landfills along with other miscellaneous refuse. At this time, there is no reason to believe that any of the information residing on the server has been accessed or used inappropriately.

In resolving this issue, Visionworks will comply with the state and federal notification requirements as provided by the HITECH Act of 2009.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.