Texas

Reachout Home Care Services suffered data breach

December 30th, 2014

Theft of stolen laptop caused data security breach for the Reachout customers who live in the Dallas/Fort Worth area. According to the Reachout Home Care Services, their stolen laptop was unencrypted and contained protected health information (PHI).

According to the statement, 5,000 individuals had their information potentially exposed. The incident of theft occurred at the offices of ReachOut Home Care in Richardson, Texas. The computer contained names and claims data for patients. In some cases, Medicare identification numbers were included.

According to the statement:

At this time, ReachOut Home Care has no reason to believe the information has been used inappropriately. ReachOut Home Care is in the process of notifying all of its customers whose information was on the computer and will provide individuals whose Medicare identification number was included free access to a credit-monitoring service that can help them protect against potential misuse of their information.  We are strongly encouraging these ReachOut Home Care customers to enroll for the free service.

While ReachOut Home Care has policies and procedures in place to maintain the security of its members’ information, we are taking additional steps as a result of this incident. These steps include a comprehensive review of our technical security procedures with ReachOut Home Care and an inventory and review of all ReachOut Home Care equipment that maintains protected health information to ensure that all equipment has been encrypted.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Bon Secours suffers data breach due to former employee

November 17th, 2014

Employee’s access to patient’s PHI leads can lead to unauthorized activity. Hence, companies are generally advised to monitor the system. The recent incident involves, Bon Secours Kentucky Health System where former employee had accessed PHI information from the system. The total number of affected patients stands at 700. According to the reports, the affected data includes names, dates of birth and the last four digits of their Social Security number.

For few patients, there is wider breach which includes names, dates of service, provider and facility names, patient account numbers (which may have included Social Security numbers), dates of birth, and treatment information, such as diagnosis. Bon Secours found that a user ID and password assigned to a former employee had been used to access information in the Athena health system

“Due to the nature of the access, and out of an abundance of caution to protect our patients, we approached law enforcement, specifically the Secret Service, to assist us with our investigation,” the statement read. “The Secret Service asked Bon Secours to delay notifying patients until their investigation was complete so as not to compromise their investigation.”

Bon Secours notified the affected patients by mail about the breach and one year of free credit monitoring and identity protection services is initiated.

“We are deeply sorry that this occurred,” the statement read. “In response to this matter, we are working with our vendor, Athena, to ensure that all user IDs and passwords to their system are properly and permanently disabled when Bon Secours determines that an employee should no longer have access to information in the Athena system.”

Alertsec strengthens security
Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Medical records in Dumpster

November 15th, 2014

Another case of improper disposal came to notice in Texas when medical documents containing “sensitive personal information” were spotted in a dumpster outside of a church in Alamo Heights. Affected information includes patients’ medical records and PHI from the offices of Dr. Huyen Nguyen and Dr. Orlando Kypuros. Affected information includes Patients’ medical conditions, Social Security numbers and driver’s license numbers.

“We were shocked that such information was found unsecure and outside our office,” Nguyen and Kypuros said in a statement to the news station. “Upon discovery of the breach, we immediately investigated the incident to determine how it occurred. Our investigation revealed that some of our employees were not following our office policy, which required protected health information to be shredded. Instead, they were placing the documents in a recycling container.”

After the breach, doctors ‘until further notice’ terminated the recycling program, counseled and retrained all employees, and revised their policies and procedures to ensure that such situation never happens again.

“We are in the process of identifying all affected patients and providing written notification in compliance with state and federal law, which will provide notification of the breach and directions for placing a fraud alert on a credit report,” the statement read.

Affected patients with most sensitive information were contacted personally by the doctor’s office and free credit monitoring services for one year has been setup. Number of affected patients is not known but all the records are under lock and key while the search for an explanation begins.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

596 Houston patients’ information at risk

August 26th, 2013

A laptop containing information of nearly 600 orthopedic students was stolen from a doctor affiliated with the University of Texas Health Science Center at Houston.

The University of Texas Health Science Center at Houston, the most comprehensive academic health center in the UT System and the U.S. Gulf Coast region, is home to schools of biomedical informatics, biomedical sciences, dentistry,medicine, nursing and public health. UTHealth educates more healthcare professionals than any other health-related institution in the State of Texas.

Letters notifying about the theft were mailed to the patients 26 days after the un-encrypted laptop was stolen from a locked closet in the orthopedic clinic. The laptop was attached to an electromyography machine used by a member of the health science center’s medical practice group, known as UT Physicians. The investigation for the stolen laptop is still continuing, in conjuction with UT Police.

A letter signed by Andrew Casas, UT Physicians’ chief operating officer said “UT Physicians does not have any reason to believe that the information has been accessed or used by any unauthorized individual. We believe that the laptop may have been taken for the value of the hardware, not to gain access to its data content.”

As told by Casas, the stolen laptop contains patient names, birth dates, medical record numbers and hand and arm image data. It does not include addresses, social security numbers or insurance or other financial information.

He also requested the 596 affected patients to review their health insurance activity as a precaution and report in case of any suspicious activity.

The security breach is just the latest in the Texas Medical Center. Since 2010, there have been incidents at the UT Medical Branch at Galveston, UT M.D. Anderson Cancer Center, Houston Methodist Hospital and Texas Children’s Hospital. M.D. Anderson’s two breaches in 2012 involved the data of more than 32,000 patients.

The UT Houston health science center and physician group had previously encrypted more than 5,000 laptops, but not the laptop in question, said chief information security officer Amar Yousif. He described the computer as “not your typical laptop” because it uses a hard-to-obtain power source and propriety hardware and software. It was never attached to any wired or wireless network and its power cord is not missing.

A physical search of all clinics and offices is being conducted by UT Physicians to ensure there are no other un-encrypted laptops or storage devices attached to medical equipment, Casas’ says in a letter.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta