Potential Breach Affects 128,000 Saint Mary Patients and Clients
Saint Mary’s Regional Medical Center has recently released information about a potential data breach involving one of its databases. The database in question was used Saint Mary’s health education classes and wellness programs contained private records of about 128,000 patients and clients.
The personal information contained details such as names and addresses, limited health information and some Social Security numbers. According to a statement made by Gary Aldax, marketing manager for Saint Mary’s and quoted by RGJ.com, the database did not contain medical records or credit card information.
“What happened was that an unauthorized person may have accessed the database,” Aldax said. “We’re currently working with Equifax, which is one of the three major credit agencies, to help handle this for us.
“In some cases, there were people who had their Social Security numbers (in the database) as well, so we’re sending different letters to people depending on their situation.”
Saint Mary’s has emailed all those potentially affected this month, warning them about the threats they might be exposed to.
Computer Tapes with over 20,000 Social Security Numbers Lost
Several computer backup tapes containing thousands of social security numbers of Tinley Park residents have been lost during a common moving procedure aimed to insure they wouldn’t be destroyed in a village hall disaster.
According to the Chicago Tribune, officials doubt there’s any real chance of identity theft, as the tapes contained 15 year old information. Village Manager Scott Niehaus said letters describing the incident will be sent out to about 19,000 residents and another 1,400 current, former or retired village employees.
Private Data on 300 Vets Stolen along with Backup Server
Burglars breaking into the Minneapolis Veterans Home stole a backup computer server containing private records of over 300 residents. The server stored telephone numbers, addresses, next-of-kin details, social security numbers and other private medical details or the 336 residents, according to the statement of an official with the Minnesota Department of Veterans Affairs quoted by StarTribune.com.
It appears the burglars broke into the facility early on a Sunday. According to Gil Acevedo, deputy commissioner for Veterans Health Care, the thieves also took a tool kit, a laptop computer, a guitar and a computer game, and are unlikely to have targeted the private records.
“We don’t suspect the burglars came in looking for that specifically,” he said. “They broke in, kicked in several doors, and took a series of things. There’s no pattern.”
The case is currently investigated by the Minneapolis police together with the Veterans Affairs department. The residents, their families and credit bureaus have all been informed of the data theft in order to prevent subsequent identity theft and fraud attempts.
Secuirty Threat Caused by Lost USB Sticks
Yet another data breach caused by lost hardware has been reported by a governmental institution. The U.K.’s Ministry of Defence (MoD) has released information on 121 USB sticks, including five containing classified information that have been lost or stolen since 2004.
As reported by DarkReading, these troubling figures became public four years later in response to an official question from Sarah Teather, a Liberal Democrat Member of Parliament. They are the latest yet not the only embarrassing breach involving the UK government. The MoD’s missing USBs come after the loss of two disks containing welfare private data on 25 million U.K. citizens and loss of an extensive number of laptops and mobile phones.
“Far from the problem getting better, it seems actually to be getting worse at the moment,” said Teather. “I think that the government has a duty to come clean and say whether or not anyone has been put at risk as a result of this – we need reassuring, for example, that none of our troops have been put at risk.”
The British government’s latest storage snafu comes less than a year after Her Majesty Revenue and Customs (HMRC), which is the U.K’s equivalent of the IRS was at the center of the country’s largest ever data loss.
This recent events begs a mind blowing question: how many such breaches actually happened but were never released to the public? And how long would it have taken until UK authorities informed the public on these national security breaches if there hadn’t been a formal inquiry?
Endpoint Security Strategies for SMBs
SMBs have specific requirements when it come to IT security in general and endpoint security in particular: they need comprehensive policies, high-end technology, all downsized at a larger scale and a fair price. They don’t need cheap and unreliable solutions, they just need the best there is, adjusted to their size.
If you’d like to know more about what the IT security market has to offer, what challenges arise from the current business environment, which are the real threats SMBs face, how to properly asses the costs of a security breach, how easy it is to lose data or have it stolen, read the latest white paper published by CoSoSys, Easy Guide to Comprehensive IT Security Strategies for SMBs - High-End Endpoint Security, Data Loss Prevention and Portable Device Management at a Reduced Scale.
Brand New Security Breach Reported by the US Army
Ever since 2006, several cases of exposed sensitive data surrounding the US Army have kept the newspapers busy. A new such case has recently hit the papers, when a laptop computer was reported stolen from an Ary employee’s truck. The laptop contained personal information on about 900 soldiers from Fort Lewis. The information was released by Lacey police officials and quoted by The New Tribune.
As the theft might expose the Army employees to identity theft risks, the involved soldiers have been notified of the breach, said a post spokeswoman. According to Army officials, the employee, a civilian military personnel specialist, from whom the laptop has been stolen appears to have violeted Army standards and policies for protecting personal information and government property.
The Army is assisting Lacey police with the theft investigation and conducting its own review, said Catherine Caruso, a Fort Lewis spokeswoman.
“We’re not releasing anything more about what information was inappropriately compromised or about the soldiers whose information was involved,” Caruso said. “Clearly it was personal information regarding 800 to 900 soldiers from Fort Lewis. Beyond that, we’d rather not specify.”
Data Watchdog Warns of Poor Data Protection in UK Institutions
Data protection watchdog, the Information Commissioner’s Office has recently confirmed that it has served enforcement notices on two UKgovernmental institutions, HM Revenue and Customs and the Ministry of Defence. The decision, made public in the Information Commissioner Richard Thomas’ annual report comes as a response to high profile data breaches occurring within the twe organizations.
According to IT Week, both departments will be compelled to provide progress reports detailing how they are improving data governance practices.
This piece of news comes shortly after the same office called for European data protection laws to be reformed to make them more business-friendly. The recommendation was made by the same Richard Thomas at the annual Privacy Laws and Business conference in Cambridge. Thomas said existing legislation was out-dated and increasingly ill-suited to the internet age.
Daily Mail Loses Laptop With Staff’s Private Info
The latest security breach involving a stolen laptop has recently been reported by Northcliffe Media, owner of the Daily Mail. The lost computer contained sensitive information on the company’s employees, such as names, addresses, bank accounts and sort codes of Mail and General Trust staff.
According to company representatives quoted by the Register, the said laptop was password protected but most likely not encrypted. Northcliffe Media warned its staff of the risk they were exposed to advised them to contact their bank in order to prevent future problems.
The letter, signed by group finance director M J Hindley, said:
The likelihood is that this theft was carried out in an opportunistic manner by a thief who will not realise that there is any personal data on the laptop and who may just erase what is on the hard disk in order to disguise the fact that the laptop is stolen.
Insider Attacks Double in the First Half of 2008
Security attacks caused by insiders have doubled in the last year, according to the latest report released by the Identity Theft Resource Center (ITRC). The Center found that almost 16 percent of breaches reported so far in 2008 were insider-born and went up from 6 percent in 2007. 11.7 percent of the attacks came from individuals outside the company, down from 14.1 percent in 2007.
According to Dark Reading, the ITRC’s data is consistent with other reports on insider incidents showing an increase of such attacks. Additionally, many experts believe that disclosure of all incidents is also on the rise, mostly due to the legal requirements put in place by many states over the last year.
Data stolen from laptops, thumb drives, and PDAs accounted for 20.2 percent of this year’s breaches so far, followed by accidental exposure by the organization (15.2 percent), and loss or theft by a subcontractor (13.5 percent).
Top Vendors Join Forces for IT Security
Five major top vendors in the IT&C field, namely Cisco, IBM, Microsoft, Juniper Networks and Intel, have joined to launch the Industry Consortium for Advancement of Security on the Internet (ICASI). ICASi is a dedicated IT security forum with the main goal of allowing co-operation between companies from all over the world in addressing security threats.
As Computing.co.uk pointed, ICASI will also provide a government-neutral approach to resolving global, multi-vendor security incidents.
“It is critical that the technology industry strengthen its ability to combat the ever-changing nature of the global cyber threat landscape,” said Malcolm Harkins, general manager of Intel’s information risk and security IT group.
