University of Pittsburgh Medical Center

UPMC suffers second data breach

July 25th, 2015

Recent data breach in University of Pittsburgh Medical Center (UPMC) Health Plan affected 722 patients. This is the second health data breach at a UPMC facility in just under two months. The incident involved emailing of a data file with certain PHI to the incorrect address.

The affected information includes patient names, member ID numbers, dates of birth, phone numbers, name of the primary care physician’s office, and insurance plan types. Social Security numbers or information about medical histories were not disclosed.

UPMC Health Plan Director of Public Relations Gina Pferdehirt mentioned in an email response that “in context the breach is very minor,” but added that the healthcare organization

was taking the incident seriously.

The data breach occurred when  a former MML employee copied certain items of personal information from the billing system over the past two years and then illegally disclosed that information to a third party.

“MML takes this matter very seriously and terminated this employee after being informed of this criminal investigation,” according to a Medical Management statement. “MML is cooperating with federal law enforcement authorities in their criminal investigation.”

According to the statement:

“We apologize for any anxiety or inconvenience that this incident may cause our members,” Chief Compliance Officer of the UPMC Insurance Services Division William Gedman said in a statement. “Based on our ongoing investigation, we will make all changes necessary to further enhance our already stringent privacy protections. UPMC Health Plan is committed to doing our utmost to minimize the chance that this type of issue will occur again.”

Alertsec strengthens security

Alertsec has created a web based encryption service that radically simplifies deployment and management of PC encryption by using industry leading Check Point Full Disk Encryption (former Pointsec) software.

Organizations, especially corporate giants, have to have an information security policy in place that proves they have taken the necessary steps and measures to safeguard the information they gathered. If these policies are not adhered to, the regulators may prosecute.

Alertsec Xpress is used by organizations that have recognized the need to protect their information. Customers range from single-user sole traders and consultants to multinational companies with a large number of offices around the globe. Over 4 million users worldwide use Alertsec Xpress’s Check Point Full Disk Encryption.

UPMC faces file class suit by the data breach affected employees

May 7th, 2014

University of Pittsburgh Medical Center (UPMC) data breach has invited file class suit by the 27,000 affected employees. A file class suit is filed against UPMC and its payroll vendor, Ultimate Software Group. Out of 27,000 affected employees, 788 employees were known to have been the victims of tax fraud.

An attorney, Michael Kraemer filed the class suit against UPMC. He said that at least two employees learned that their data had shown up on an “underground or black market-type forum.”  “It gives me more questions. Is this related to the UPMC data breach? If it is, UPMC should be as transparent as possible in letting everyone know what they know about who has the information or if it’s been contained,” said Kraemer, who is pursuing class-action litigation against UPMC.

The suit mentions that UPMC and the vendor breached its duty to protect private employee information which resulted in vulnerability of misuse of employee’s information to tax return fraud. UPMC has offered employees the chance to sign up for a year of free credit monitoring services – But the class suit is filed for a court injunction forcing 25 years’ worth of identity theft insurance, credit restoration services, and credit and bank monitoring services.

Mitchell Dauerman, the company’s executive vice president, said he doesn’t believe UPMC or any of its subsidiaries are clients of Ultimate Software, and may have been sued by mistake.

Some UPMC employees interviewed on the streets of the city’s Oakland section feared for identity theft.

“They’re going to wait one year, they’re going to wait two years, they’re going to wait three years, and they could come back. I could be affected by a job I took in college, which is sort of scary,” said Allisandra Supinski.

“I feel comfortable with the one year that I have. If i look into it more, I may change my mind,” said Amy Hoffman.

“As long as you are with UPMC, they should cover us. As long as we work there for them, we should be able to get protected,” said Rodreda Tate.

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta