Pittsburgh Post-Gazette

Medical billing company suffers data breach

May 20th, 2015

University of Pittsburgh Medical Center (UPMC) suffered a data breach when third party working with the facility reported that approximately 2,200 UPMC patients may have had their records exposed by an employee.

After the incident, a Medical Management LLC employee, no longer works for the company. It was found that the employee copied certain items of personal information from the billing system over the past two years and then illegally disclosed that information to a third party.

Affected information includes names, dates of birth and Social Security numbers. Statement mentioned that there is no evidence that information about medical histories or treatments was disclosed.

According to the statement:

“We apologize for any anxiety or inconvenience that this incident may cause for our patients,” John Houston, UPMC’s vice president of privacy and information security, said in a statement. “We hold our vendors to the same high privacy standards that we have for ourselves. Based upon the ongoing investigation, we will make whatever changes might be necessary to further enhance our already stringent privacy protections, especially those that apply to our business partners.”

“UPMC has been informed by law enforcement authorities based on their ongoing investigation that more employee information was stolen than they originally knew,” Gloria Kreps, a UPMC spokeswoman, wrote in an email to the Pittsburgh Post-Gazette. “This new information has indicated that employee names, Social Security numbers, addresses, salaries, bank account numbers and bank routing numbers may have been accessed.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Unique case where concerned entity didn’t violate HIPAA regulations

March 30th, 2014


Major task of HIPAA is to keep track on data breaches and government penalties for compliance failure. It covers entities that handle patient data in some form. Incident involved Monroeville, Pa. when its 911 dispatch centre from five fire stations gave easy access for patient medical records to unauthorized users. Information which was accessible included names, driver’s license numbers, birth dates and medical histories.

Monroeville is a community of about 28,000 with a vibrant business corridor, a convention center and two busy hospitals. The Pittsburgh Post-Gazette was covering this incident for last two years and found that Monroeville, Pa didn’t breached HIPAA regulations. Investigation was carried out by Department of Health and Human Services (HHS).

HHS learned that municipality failed to maintain the database properly and soon after the discovery of the breach unauthorized access was terminated. According to Office for Civil Rights, ‘Monroeville, its dispatch center, police department or fire department are all not covered under the provisions of the privacy law, which mainly related to health care providers and insurers.’

Two Monroeville council members said they were pleased by the government’s findings. Tom Wilson said, “I was happy that they didn’t find any violations, and the folks that were falsely accused, that took the brunt of the accusations, were completely exonerated.”

Linda Gaydos said,” “I am absolutely overjoyed for the employees of our police department, our dispatch center, our EMS and our fire departments and their families, to have this put behind them,” She added, “We had a group of people in Monroeville that worked against Monroeville, and they smoke-screened and they tried to keep stirring the pot and they tried to scare people and make it worse. They’ve made it a very, very bad, uncomfortable situation for a lot of people, and I’m hoping this will put an end to it.”

Municipal Manager Timothy Little said, “I think it lifts a cloud off of Monroeville, and specifically the public safety aspect of the municipality, that there wasn’t any wrongdoing with respect to [health privacy law] violations,”

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption


Enhanced by Zemanta