Onsite Health Diagnostics suffers data breach

August 4th, 2014

Onsite Health Diagnostics (OHD), a Tennessee government subcontractor, suffered data breach when its scheduler was accessed inappropriately. OHD has notified the affected local government employees about the breach. According to the reports, online scheduler was accessed by unknown entity.

Around 60,582 employees’ data, such as name, date of birth, address, email address, phone number and gender was accessed. Information related to financial information, Social Security numbers or medical data was not included in the breach.

According to the OHD statements:

OHD and investigating authorities are unaware of any identity theft related to this incident, but out of an abundance of caution, OHD has mailed letters to the affected health plan members to ensure that they are aware of the incident and can take steps to protect their information. OHD will provide one free year of identity theft protection to affected group health plan members.

While this information did not contain any diagnosis or medical information, the state has determined that, because it is related to our members’ health benefits, the disclosure of name, address, email address, phone number and gender does fall under the HIPAA definition of a breach of protected health information. The state has notified the Secretary of HHS of a Breach of Unsecured PHI.

After the breach, OHD has collaborated with experts to determine the flaws in the system. It was also observed that OHD had implemented new procedures and systems for more secure operations.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.