United States Department of Justice

Healthfirst suffers data breach due to cyber attack

July 29th, 2015

Healthfirst’s online portal was attacked by cyber criminals. The health insurance company is notifying approximately 5,300 individuals that their PHI may have been compromised.  No Social Security information was disclosed in the data breach.

Healthfirst was first informed that it was a victim of fraud by the US Department of Justice (DOJ) and from there prosecuted the perpetrator and continued a joint investigation with the DOJ. After the investigation, the two organizations discovered that the culprit who also gained access to Healthfirst records, and that a PHI data breach had occurred.

Affected information includes patient names, dates of birth, addresses, health insurance plan information, description of missing services, physician numbers, Healthfirst member ID numbers, patient ID numbers, Medicare and Medicaid ID numbers, claim numbers, and diagnosis codes.

Healthfirst also notified the proper government channels such as the US Department of Health and Human Services (HHS).  Healthfirst is also taking preventative measures to keep this from happening in the future which includes revising its security policies and its online portal securities.

According to the statement:

“Healthfirst sincerely regrets that this incident occurred,” the company said in its statement. “Healthfirst takes the privacy and security of its members’ health information very seriously. Healthfirst values the trust its members have placed in it as their health plan and it is Healthfirst’s priority to reassure its members that it is taking steps to ensure its members’ information is protected.”

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Medical Records exposure leads to data breach

April 29th, 2015

LAC+USC Medical Center (LAC+USC) – Augustus F. Hawkins (Hawkins) Mental Health Center mentioned  that patients’ records were found in the home of a facility employee, when a search warrant was being served at the residence. Authorities reportedly found confidential patient information for 900 Hawkins patients in the nurse’s home. The search was unrelated to County business.

“The incident has been reported to the Health Authority Law Enforcement Task Force (HALT), and we are also actively working with other law enforcement agencies,” the LAC+USC and Hawkins statement read. “We will notify the California Department of Public Health, the California Attorney General, and federal authorities in accordance with statutory requirements LAC+USC Medical Center is conducting a review of its privacy and security practices and will revise them as needed based on the findings.”

The affected information includes information such as names, medical record numbers, addresses, phone numbers, dates of birth, diagnoses, dates of admit, insurance carriers, insurance identification numbers, and Social Security numbers. Other personal data, including driver’s license information, may also have been compromised.

According to the reports, the nurse who allegedly took the documents has resigned and is no longer working at the hospital.

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Florida Hospital Employees compromise Patient PHI

March 21st, 2015

Two employees are terminated allegedly for printing documents which contained patients’ information. According to the Florida hospital, it was outside their normal job routines.  The affected count is 9000 patients. The employees printed patient facesheets, which are summary cover sheet to a patient’s medical record.

The affected information includes patients’ names, addresses, Social Security numbers, phone numbers, emergency contact information, health insurance information and certain health information such as physician names and diagnoses.

The incident affected below hospitals:

  • Florida Hospital Orlando
  • Florida Hospital Altamonte
  • Florida Hospital Apopka
  • Florida Hospital East Orlando
  • Florida Hospital Kissimmee
  • Celebration Health
  • Winter Park Memorial Hospital
  • Walt Disney Pavilion at Florida Hospital for Children

“This incident should not be a reflection of the collective workforce at Florida Hospital, who work tirelessly to provide the highest quality of care and protect patients’ rights,” Florida Hospital spokeswoman Samantha Kearns O’Lenick told the news source.

Florida hospital mentioned that till now there is no evidence of information being misused. Hospital has set up a dedicated call center to answer individual’s questions or concerns.

“We deeply apologize for the inconvenience this may cause our patients,” the statement read. “Rest assured, we investigated the matter internally and have taken measures to ensure this type of incident does not occur again by continuing to enhance security safeguards and reinforcing education with our staff on the importance of handling patient information.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

The Alabama Department of Public Health faces data breach

July 4th, 2014

The Alabama Department of Public Health (ADPH) has send out breach notices for more than 500 patients. According to the reports, the affected includes patients treated at one of Alabama’s 65 county health departments. Patient’s personal information and identities were compromised due to this incident.

Data compromised includes clients’ names, dates of birth, and Social Security numbers from ADPH, as well as several other entities. Privacy Officer Samarria Dunson, “[w]e believe now that it is possible they may have been former employees, but we are still participating in the investigation. It would be particular records that were printed out by individuals.”

ADPH released a statement saying it was informed on June 5, 2014 that the U.S. Attorney’s Office for the Middle District of Alabama and the U.S. Department of Justice’s Tax Division that they were prosecuting a case of theft involving personal information.

“We believe now that it is possible they may have been former employees, but we are still participating in the investigation,” Alabama Department of Public Health Privacy Officer Samarria Dunson.

“It would be particular records that were printed out by individuals,” Dunson said.

Dunson says victims range in age, but most were young adults.

“They were born mostly in the year of 1996 which would make then 18 now. Unfortunately that seems to be a group of people that these type of criminals really go after maybe because they are not filing tax returns right now or really keeping up with their credit score,” Dunson said.

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Big banks and retailers lock horns over Data breach

February 3rd, 2014

 

Target customers personal information of about 110 million was exposed during the data breach. It was notified by the Justice Department after suspicious activity involving payment cards used at Target stores. Also Neiman Marcus computer was attacked by hackers. It was notified late to the customers as company required confirmation for the breach.

Target Executive Vice President John Mulligan started his testimony before the Senate Judiciary Committee with an apology before blame game started between big banks and retailers. He stated during first part of hearing, “We know this breach has shaken their confidence in Target, and we are determined to work very hard to earn it back.” According to Mulligan, company hired its own independent team of experts to conduct a forensic investigation after the breach.

Personal information like credit and debit card numbers, expiration dates, PIN numbers and codes on the cards’ magnetic strips was compromised after 40 million credit and debit card accounts of Target were breached late last year. Also non card information like names, phone numbers and email and mailing addresses of 70 million Target customers were also stolen.

Neiman Marcus computer was also affected by the breach. Michael Kingston, senior vice president of the Neiman Marcus Group said, “The malware was evidently able to capture payment card data in real time, right after a card was swiped, and had sophisticated features that made it particularly difficult to detect, including some that were specifically customized to evade our multilayered security architecture that provided strong protection of our customers’ data and our systems.”

FTC Commissioner Edith Ramierz and William Noonan, a top agent with the Secret Service’s cyber operations branch are expected to report the Senate Judiciary Committee following testimony from retailers.

With the seriousness involved in the breach data it is advised companies to put all security measures in place. Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

Enhanced by Zemanta

Data Breach investigation widens to Justice Department

April 10th, 2013

An investigation for reviewing the federal government’s personal data loss took place on over 5,000 Canadians. This has lead to include the Justice Department as well.

There has been a loss of a portable data key which contained the data connected to Canada Pension Plan disability benefits. At first, it was thought to involve the program administered by only Human Resources and Development Canada.

Also, it was told to the victims of the data breach, who had filed their complaints to the privacy commissioner’s office that the incident may have included another department as well.

“I wish to advise you that it has come to our attention that an employee from the Department of Justice Canada may also have been involved in the incident which resulted in the loss of the USB device,” says the recovered letter.

It goes on to inform the recipients of a complaint that was filed against the Justice Department on Jan. 28.

“Our office is therefore investigating both HRSDC and Justice Canada regarding the incident,” says the letter, dated Feb. 14.

It was also found that the justice department too investigating the matter, said a spokeswoman in the department.

“Administrative investigations are underway to determine all the facts surrounding this matter,” Carole Saindon said in an email.

“The Department of Justice is part of the investigations. Justice Canada takes the protection of privacy seriously,” she said.

“It would be inappropriate to comment further while the investigations are ongoing.”

The same day as the letter was recovered; the senior officials at the Human Resources Department were present before a House of Commons committee vouching for the matters about the data breach.

The committee was told that the key of the USB went missing since last year, and two days later it was loaded with unencrypted data and information on 5,045 people, which included social security numbers such as social insurance number, medical conditions, level of education and jobs. To avoid such hazards it is important to enable encryption software in all the networked systems used in organizations.

This USB key was supposed to be handed to one of the employees working on a secure floor at Human Resources who used it the very next day, but later couldn’t find it back.

An employee working in different division at Human Resources also has misplaced an external hard drive earlier – and that the device was supposed to contain the student loan information on 583,000 Canadians which was very confidential. Therefore, the investigation about this incident is ongoing.

At this point, it was told by a spokesperson at the privacy commissioner’s office that the investigations remain aimed at Human Resources.

“We’ve opened a complaint against the Department of Justice in relation to the incident involving loss of the information stored on the USB key – not in relation to the other (student loan info) data breach,” Anne-Marie Hayden said in an email.

Initially, the idea was that the Justice officials were looking at people’s personal medical files which raised a host of many new questions and that what does the government officials do with such personal information, said by a lawyer involved in a class-action lawsuit against the government.

“Nothing good comes of having the Department of Justice look at your CPP disability pension application information,” said Ted Charney.

He also said, there might be a possibility of another department involvement, which could change the nature of the whole lawsuit.

“If it turns out that this personal information has been leaked to a department who shouldn’t have received it, it’s an additional breach of privacy,” he said.

“The motives and purpose for that employee getting access to that information is of very significant concern to us.”

Since the occurrence of these two incidents simultaneously, Human Resources has banned the usage of portable hard disk drives as well as unapproved USB sticks.

Also, they have attempted to install new data loss protection software, i.e., encryption software which is designed to keep better tabs on where and how data is being moved around the department.

The Justice department’s deputy minister Ian Shugart told the committee, “The incidents are unacceptable”, earlier this month.

“Sensitive personal information was stored on unencrypted portable storage devices and not properly secured. This should not have occurred.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta