Hospitals, healthcare services providers, health insurance companies, all those operating in the healthcare segment seem to be particularly vulnerable to data breaches. Their patients and employees’ private details seem to be a frequent target for theft and easy to lose. It seems like this entire industry segment has no idea how to keep their data safe or how to properly dispose of it.
To recent incidents highlight this serious security issue affecting healthcare players. The first incident occurred at Texas Health Partners and Texas Health Flower Mound Hospital. A laptop was stolen from an employee of Texas Health Partners and it happened to contain private details about hospital patients. While the information was not encrypted, the laptop was at least password protected. The stolen notebook contained various details on patients, including name, addresses, medical history and lab test information. The number of affected patients has not yet been disclosed. Read more
Here’s a good piece of news for companies around the world: when it comes to access to your important and confidential data, you don’t need to treat all employees as equals. In fact, it is highly recommended to make sure not anyone can access all your files, and if they can see them, you should prevent everyone from copying or transferring the information you need to keep private.
Ongoing projects, customer data bases, inventions, strategies, private records of employees, credit card and bank account information, all these must remain confidential. So if you store them, how can you make sure an employee that is unaware of the harm they are doing or who knowingly wants to harm you, fails at their attempt to expose the files in question? Read more
An unauthorized email sent by the recruitment company Hays to 800 RBS (Royal Bank of Scotland) employees has uncovered the amounts paid to contractors working temporarily for the bank.
Even though the people who received the email are employees of the bank and therefore obliged to keep the confidentiality of the information they have found out, RBS says they are ‘extremely disappointed’ and they are collaborating with Hays to recover the exposed data. The recruitment company has already started an investigation on this breach.
After this incident, discussions on the big salaries offered to contractors by a bank that is majority-owned by the state were started.
More information on this insider data leak here.
Mid-August seems to have been the perfect time for a fresh increase in hacking incidents that lead to sensitive data being lost or exposed. Maybe the security incidents have been powered by all the news on Anonymous and LuizSec of late, or maybe companies still don’t know what they’re facing. The truth is the simplest hacks seem to get straight to the sensitive information they store on their projects, their partners and mostly their clients.
The first such incident targeted Epson Korea, where a website hack managed to compromise the details of about 350,000 customers. The data accessed by hackers included names, user IDs, passwords and resident registration numbers. Read more
The beginning of August has been extremely rich in data breaches caused by stolen or misplaced flash drives, hard drives and laptops, most of them unencrypted, as it almost always happens. Some of them are quite recent, in other cases it has taken over 5 months for those in question to let the affected parties know about the incidents.
The first breach in chronological order affected Lewisham Homes Limited and Wandle Housing Association Ltd and it involved a contractor’s flash drive that got lost in a pub. Apparently, mixing drinking and having fun with sensitive information does not lead to a tasty cocktail, it leads to details of over 26,000 tenants being lost. The silver lining of the incident is that only 800 people should worry about bank details. Read more
According to datalossdb.org, a site belonging to the Open Security Foundation, that publishes the latest news regarding data loss and data breaches, the month of 2011 with the largest number of such incidents was June, when 90 cases were recorded.
The causes of these incidents were very diverse: from the ever-present theft of computers, laptops or hard drives and other portable devices, to fraud, hacking attacks, personal information disclosed on websites, viruses, documents thrown in the dustbin, etc.
The most significant breach from June was the one produced at Sony Pictures, when the LulzSec hackers have accessed one million records of Sony clients in Belgium and the Netherlands.
Hackers targeting the Hong Kong stock exchange have managed to do enough damage to force them to close afternoon trading for seven listed companies. The attack targeted the news section of the stock exchange and managed to severely disrupt day-to-day activities.
The news website, which publishes companies’ regulatory filings, started going down at noon, however according to Hong Kong stock exchange representative, the trading part of the website had not been breached. The stop in trading that affected HSBC, Cathay Pacific Airways and the Hong Kong Exchanges & Clearing, which runs the stock exchange, was a necessary measure as all had released price-sensitive information earlier in the day. As the fresh news could not be accessed, it was safer to end the afternoon trading for the seven companies. Read more
We’ve all heard of the mind-blowing cases where it takes companies months and even years to disclose data and security breaches to their customers. They keep the information to themselves, run the investigations and only later release the details to their customers, the direct victims of the breaches. But apparently, blowing the whistle too soon is not a much better idea either, according to security experts.
The debate over which time frame helps customers and which rushed actions actually do more harm was started by the SAFE Data Act data breach law which is now making its way through US committees in an attempt to better regulate what happens when a company is affected by a data breach. The new law requires “companies and other entities that hold personal information to establish and maintain appropriate security policies to prevent unauthorized acquisition of that data.” If passed, it will also make it compulsory for breached companies to inform customers within 48 hours of discovering an incident. Read more