Stolen laptop puts 12,500 patients’ data at risk

March 8th, 2010 by Agent Smith (0) DLP, Data Theft & Loss, In the News, security breach

Shands HealthCare has recently announced about 12,500 of their patients that their private medical data has been stolen in January, along with the laptop that contained the personal details. As it almost always happens in the case of hardware storing sensitive records, the laptop wasn’t encrypted in any way.

The stolen info contains names, addresses, medical record numbers and medical procedure codes of the patients, as well as the Social Security numbers of about 650 people. Luckily, up to know, there is no evidence of any misuse of the data, and we should keep hoping that the thief or thieves just needed the notebook to sell it or for personal use…

At least some measures have been taken: training for the employees and system-wide encryption policy to prevent such data breaches in the future. And of course, there’s protection for those affected, eligible for 12 months of free credit monitoring.

Let’s hope the new system works, as according to Gainesville.com, security breaches involving large amounts of patient data being exposed are some what of a recurring habit at Shands.

FTC issues warning about data loss over P2P

March 5th, 2010 by Agent Smith (0) DLP, In The Spotlight, Laws & Standards, security breach

Yet another warning about data loss, company policy and how easily all your files can be liked over the internet comes into the security world, this time from the Federal Trade Commission. Long overdue some would say, including Robert Siciliano in a recent post on Information Security Resources.

Yes, it is quite bewildering to see how after warning after warning and a long line of data breach incidents, companies still allow the misuse of software and hardware resources. It is also confusing to see the FTC now getting ready to directly warn about 100 companies about the risks of peer-to-peer. It’s a bit late, years and years after the problems appeared. Read more

US thumb drives finally allowed on Pentagon premises

February 28th, 2010 by Agent Smith (0) Data Theft & Loss, In The Spotlight, In the News, Malware Infections

We’ve previously explained how banning something altogether instead of ensuring a safe way to use that piece of technology is not really the smartest idea out there. And our theory seems to be confirmed by the Pentagon: they have recently replaced their strict ban against USB flash drives with a strict usage policy referring to both types of devices used and how they are employed.

The reasons to ban them were serious, as past incidents of misuse led to virus infections, as the Daily Tech reminds us, and the prohibition also covered almost anything you can connect through an USB port to their network, from such as cameras or portable hard drives or smart phones. Yet standing against some of the most common ways to transfer data couldn’t last for too long. The Pentagon is now ready to allow them back into their daily routine, but only if it’s their specific devices which come with their very own hardware and software malware removal kits.

The drives they are planning to allow are headed to Afganistan where they will be used in combat command centers and analysis centers. Let’s hope these ones won’t end up being sold in Afgani markets! Or end up in some library… Maybe they won’t, as these are the rules: Read more

Who’s afraid of the big bad cyberattack?

February 23rd, 2010 by Agent Smith (0) Data Theft & Loss, In The Spotlight, security breach

There have been dozens of news on cyberattacks lately. From human rights websites from China being under attack, to the attacks on US sites and institutions, to a more recent article debating how a cyberattack will affect the UK public’s trust in their Goverment. (Check our Twitter profile for an extended list of such news).

A minor effect attack would make UK citizens not trust their representatives. It seems crazy and it tastes of instant panic, but is it? I’d say more cyberattacks would have the same effect on US citizens as well. Why? It’s simple! It’s not because people are scary and tend to run amok at the smallest of threats, it’s because of the created expectations that were never met. Read more

Be careful with Flash Drives as a Gift. They might cause a malware infection!

February 23rd, 2010 by Robert (0) DLP, Data Theft & Loss, Default, In the News, endpoint security

Usually it is nice to receive gifts. But sometimes free is not what you want if it comes with a catch. As reported by the Sunday Times, the MI5 is warning executives of gifts received.



banner-sky.jpg

It warns that British executives are being targeted in China and in other countries. “During conferences or visits to Chinese companies you may be given gifts such as USB devices or cameras. There have been cases where these ‘gifts’ have contained Trojan devices and other types of malware.”

If such a prapared Flash Drives is connected to a PC without proper endpoint protection in place such es Endpoint Protector 2009, the Trojan will infect the PC and open a backdoor to the PC that will make remote data theft possible within seconds. Until the infection through a customized Trojan will occur through a standard anti-virus solution can take from minutes to weeks. The only protection is to pre-emptively lockdown the use of USB devices the network should not trust.

Read the entire story that sounds more like a Ian Fleming novel than a real life story.
Enjoy.

« Previous Entries
© Endpoint Security Info 2010. Wordpress Theme by Arcsin

blogarama - the blog directory Technology Blogs - BlogCatalog Blog Directory Blog Directory Find Blogs in the Blog Directory
valid CSS valid XHTML