Log in

Posts Tagged ‘United States Department of Health and Human Services’

The Oregon Department of Transportation admits to data breach

September 12th, 2011

Data breach at ODOT exposes participants social security numbers

2011 has probably seen the most and the worst set of data breaches. In April 2011, Sony reported a data breach within their Playstation Network. Expedia’s Trip Advisor, email marketing provider Epsilon and professional engineering society Institute of Electrical and Electronics Engineers followed suit.

In the latest incident of data breach, data of 62 current and former employees remained exposed to the public online for nine long years. The breach was reported on Friday.

Details of the breach

Oregon Department of Transportation immediately removed the data from the site and apologized to its users who had participated in the environmental program. Fortunately, no one has had any problems with the exposed data.

Aug. 26 email gave details of this breach to all its users.

According to Theresa Masse, the state’s chief information security officer with the Department of Administrative Services ”Some were electronic — misdirected email, lost laptop, or a file exposed on a website,”. She further added “Others involved misdirected letters or a lost folder. The largest affected 500 people; the smallest, one individual.”

ODOT found out about the breach two weeks ago when it got a call from a citizen who brought to notice that a file in the agency’s file transfer protocol site contained encoded Social Security numbers. A file-transfer protocol site is used to transfer large files to internal and external users. The file contained names and encoded Social Security numbers of 62 people working with ODOT’s environmental programs. This information could have been online since 2002.

This is what ODOT spokesman Dave Thompson had to say when users found out about the breach ” “None of them were necessarily happy with us, or with the news this happened,” Thompson said. “But none of them has indicated they have noticed any sort of issue. It does not mean it hasn’t happened — and that’s why we spoke to them first before we announced it.”

Comparison with two private sector firm breaches

Health histories of 120,000 Oregon customers covered by Health Net were breached in March. Computer disks and backup tapes with details of 365,000 Oregon patients of Providence Health & Services went missing in Dec 2005

Another incident in early 2010

This incident was far more serious than the recent breach. A pen drive with payroll information of 550 Department of Corrections employees was found in Madras. The drive contained Social Security numbers of 300 employees at the Deer Ridge Correctional Institution near Madras and the Shutter Creek Correctional Institution in North Bend, and information of employees at the Warner Creek Correctional Facility in Lakeview.

How can Alertsec help protect data?

Organisations are now made aware about their data security and are implementing data encryption techniques. Alertsec uses encryption software to protect data from breaches and theft.

Alertsec Xpress is backed up by Check Point Full Disk Encryption and is used by over 4 million users worldwide, with single deployments exceeding 150,000 laptops and PCs. This is the most deployed software of its kind and is seen as today’s market leader.

No comments »

Posted in Computer security, Identity and Information loss, computer security software, data breach, identity theft

Tags: California computer encryption software data breach data encryption disk encryption Emergency department Enter your zip code here Health Net identity theft Oregon Oregon Department of Transportation Palo Alto California Personal computer PlayStation Network Providence Health & Services Social Security number Stanford Hospital and Clinics United States Department of Health and Human Services Website

“Small” Data Breach incidents hit the 9,100 mark in First Year

March 17th, 2011

As they say everybody knows all the big things that happen in your area. It is something that applies to breach incidents as well. If you talk about the large scale breach issues they are also very common. The HHS website i.e. the portal of Health and Human Services is maintaining a report of all the incidents that track the data breaches.

At the same time, HHS also receives queries and reports which involve breach incidents that are less than 500 people. While it is not a mandatory condition for the department to report this data publicly, the same was visible in the federal 2012 budget.

According to the reports by Office for Civil Rights reports there have been 9,109 breach reports received till September 30, 2010. These are reports which affected less than 500 individuals. If you actually do the calculation, it represents 365 days of reports amounting to 25 reports per day.

So how are the incidents reported?

Reporting for data breaches is also provisional for the HITECH Act. It modified HIPAA and requires that covered bodies report all breach incidents related to unsecured health information to HHS. Also any breaches that involve 500 or more people must be reported from within 60 days of their discovery.

In addition, there is directive from HITECH to HHS for publishing of these reports on its Website.

The critical thing is that the number of reports i.e. 9,109 actually exceeds the breach incidents that were estimated by OCR in its interim final rule in 2009. According to that rule, OCR had projected about 106 breach reports annually.

Secure your Data with Alertsec

Worried with the above incident and think you could also be a potential victim? In-order to avoid such incidents, following essential guidelines is very necessary for data security in any organization. In an incident which highlights the need of Data encryption software and recovery software, the threat could have simply been reduced to an insurance matter by a mere investment of $13/month. The information would have been secure with no loss what so ever. That is certainly a small price to pay compared to what can happen if you lose confidential or sensitive data.

Alertsec Xpress offers a very good and easy-to-use laptop security service that includes more than the traditional software licensing model. Feel free to subscribe for your personal 30-day free trial.

Twitter Finalizes FTC Security Settlement (informationweek.com)
York Uni exposes students’ private info (go.theregister.com)
Twitter settles with FTC over security breaches (arstechnica.com)

No comments »

Posted in Alertsec Express, Data Protection, data breach

Tags: data security Health Insurance Portability and Accountability Act Medical record OCR Office for Civil Rights Optical character recognition Protected health information security United States Department of Health and Human Services Website

Laptop theft at New Mexico

May 11th, 2010

: Image via Wikipedia

Laptop encryption is vital not only from a perspective of providing protection against laptop theft but also from a view of ensuring the data present inside laptop is secure and upto date.

A couple of months back, an employee for a company that processes dental benefits claims filed for a stolen car report. Apparently, the vehicle’s trunk contained an ‘un-secure/unencrypted’ laptop which had loads of patient information. On learning about the incident, the New Mexico Human Services Department started sending notification messages to nearly 10,000 users of the government’s low-income health insurance program about potential for ID theft.

The information of patients included:

Name
Health plan identification number
A provider identification number but not the name of the provider

Additionally, the agency has also notified 9,500 New Mexicans who use its Medicaid Salud plan about a possible security breach.

Apart from notification letters, the group has set up a toll-free call line through DentaQuest, 1-877-453-8424, to address queries from people affected by the incident. The helpline operates from 9:00 a.m. to 5:00 p.m. MDT, Monday through Friday.

According to the agency, “The computer was password protected but otherwise did not have safeguards to prevent unauthorized access to the information. At this time, the stolen car and laptop have not been recovered and it is not known whether the information on the laptop has been accessed.”

The theft and security breach has been reported to the U.S. Department of Health and Human Services.

Stay Secure with Alertsec

Alertsec is the frontrunner in offering hard disk encryption as a fully managed service. We provide protection for all information stored on laptops and PCs in an easy, convenient, and cost-effective way. Alertsec Xpress is powered by Check Point Full Disk Encryption – the global leader in data encryption software with millions of users worldwide! For more information, visit our website right now.