Healthcare data breaches on the rise and costing billions

December 2nd, 2011 by Agent Smith (0) Data Theft & Loss,DLP,Research and Studies

Based on the many stories about data breaches reported by organizations in the healthcare industry, from hospitals to insurance companies and other third-party companies that deal with healthcare data, we could have guessed this is not even close to being a top sector when it comes to data security. A new report released by the Ponemon Institute now brings even further insight into the state of the healthcare industry, showing a spike in data breaches of over 30% and average annual costs of 6.5 billion US dollars.

The “2011 Benchmark Study on Patient Privacy and Data Security,” commissioned by IDExperts, idendified employee error to be one of the main cause for data breaches in hospitals and healthcare providers. These types of organizations in the healthcare industry suffered an average of four data breaches in the past year. Nearly 30 percent of healthcare companies said the breaches they suffered resulted in medical identity theft – an over 25 percent increase over 2010. Read more

British authorities experienced 1,035 data loss incidents

November 24th, 2011 by Agent Smith (0) Data Theft & Loss,DLP

Only 55 of the data loss breaches have actually been reported

If you can’t stop data breaches, at least cover them up! This seems to be the data security code British authorities go by. Too bad for them there is something called Freedom of Information Act requests… A new report issued by privacy campaign group Big Brother Watch showed that councils across the UK experienced over a thousand data loss cases over a three year period – August 2008 to August 2011.

To get the information, the group sent 433 FOIs to local authorities and councils across the Great Britain and showed s shocking discrepancy between the reported 50 something incidents and the harsh reality. Not only did BBW uncover the data mishandling cases, they also requested information on what happened to the employees of said councils – if they had been disciplined, fired or prosecuted over the data breaches -, and inquired about the council’s response to each incident. Read more

Steam hit by hackers. Are all their 35 million user accounts breached?

November 14th, 2011 by Agent Smith (0) Data Theft & Loss,Identity Theft,security breach

Almost two weeks ago, we revealed the major changes that had happened this year in the major data breaches top of all times. 2011 was leading in what the number of high profile of breaches is concerned. The top might change once more, ensuring an even stronger position for the current year as hackers hit Steam, a gaming giant that is home to 35 million user accounts.

What we know so far is that the Steam customer data base has been indeed accessed by hackers.

“We learned that intruders obtained access to a Steam database in addition to the forums,” said Gabe Newell, co-founder and managing director of Steam parent company Valve. “This database contained information including user names, hashed and salted passwords, game purchases, email addresses, billing addresses and encrypted credit card information.”

UK’s ICO takes serious measures to enforce data protection

November 8th, 2011 by cristina (0) Data Encryption,Data Theft & Loss,DLP,endpoint security,In the News,In The Spotlight,Laws & Standards,security breach

The ICO conducted an investigation on a case of hardware loss in May at the Rochdale Metropolitan Borough Council. The incident consisted in the loss of an unencrypted memory stick by a Council’s finance department employee, stick which contained names, addresses and payment details for 18.000 residents. The missing hardware was not found to the date.

The investigation concluded that the Rochdale Council has breached the Data Protection Act by not providing employees with encrypted memory sticks (although it was a known fact that these devices would be used to transfer private information) and by not training their employees to properly use portable devices for work purposes.

Sally Anne Poole, ICO’s head of enforcement qualifies this mishap as ‘unacceptable’ and says ‘This incident could have been easily avoided if adequate security measures had been in place.’ in a quote by eWeek.

The measures taken by the ICO in this case consist of signing an undertaking of actions to take to implement data protection policies by 31^st March 2012.

Let’s hope that more than one private data handling organization learns from this incident and encrypts their portable devices using proper solutions.

The theft of laptops doesn’t stop, organizations don’t learn their lesson

November 3rd, 2011 by cristina (0) Data Encryption,Data Theft & Loss,DLP,endpoint security,In the News,In The Spotlight

A whole lot was written on loss/theft of hardware (laptops, USB sticks, external hard drives, etc.) and we had thought that organizations would learn their lesson and encrypt sensitive data on such supports. Apparently, things aren’t quite like that and two recent incidents come to prove it.

A resident student at Vancouver Coastal Health lost a laptop and a USB stick (there is a high probability that the hardware was stolen) at the Toronto Airport. The information stored on the drives was password protected but it wasn’t encrypted.

A Vancouver Coastal Health official calls the incident ‘unfortunate’ and says that ‘This is the way physicians and other health care workers need to do their job. They need to use these devices.’ He admits that many professionals use laptops and that the agency has some issues handling mobile technologies.

Another mishap took place in the United Kingdom and the theft of a laptop that stored personal information of 100 young people who participated in inclusion programs. This laptop was in the house of a contractor of the Newcastle Youth Offending Team organization. The ICO (Information Commissioner’s Office) has established a fine for this organization for not encrypting the data. According to Sally-Anne Poole ‘Encryption is a basic procedure and an inexpensive way to ensure that information is kept secure.’ She underlines the fact that organizations working with contractors must make sure that the latter ones align to their security policies.

It’s so simple and cheap to track the use of portable devices and encrypt sensitive data stored on them, that we really ask ourselves why don’t organizations do it?

Let’s hope that at least legal constraints will force private data handlers to implement solutions and politics to maintain their data safe and secure.

2011 Brings Major Changes in the Biggest Data Breaches of All Times Top

November 1st, 2011 by Agent Smith (1) Data Theft & Loss,endpoint security,security breach

While data breaches are as common as any other daily occurrence in the business and individual worlds, the large security incidents don’t happen as often, especially if you think that one of the breaches in the top ten all time largest data exposures dates back to 1984. 2011 is not yet over and it already is the poster child of this top we all want to see unchanged.

2011 is the only year with three major data loss incidents in the top ten: Sony Corporation with 77 million records exposed, SK Communications, Nate, Cyworld with 35 million and again Sony Corporation through their Sony Online Entertainment division with close to 25 million records exposed. Luckily for us, although it featured large incidents, 2011 did not create as many victims as 2009 with its two incidents, Heartland Payment Systems, Tower Federal Credit Union, Beverly National Bank which share the number one position in the infamous top with 130 million records exposed and RockYou Inc. with another 32 million. Read more

CoSoSys Releases Endpoint Protector 4 – New Device Control Hardware and Virtual Appliance

October 27th, 2011 by Agent Smith (0) Data Encryption,DLP,endpoint security,In The Spotlight

Endpoint security developer CoSoSys has released a new version of their data loss prevention, device control and endpoint security solution for Windows and Mac OS, Endpoint Protector. Offering enhanced protection, increased effectiveness and the fastest implementation time in its segment, the out-of-the-box Hardware and Virtual Appliance is now available for small, medium and large companies and organizations.

Coming with a long list of new features targeting better security, reliability, ease of use and better adapting to company structures and organization charts, Endpoint Protector 4 is designed to protect networks ranging from 20 computers (endpoints) to more than 5.000 endpoints.

Some of the top benefits of this latest Endpoint Protector solution are:

Seamless integration in business processes
Saving time and money when the solution is installed
Increased security through enhanced protection
Reducing allotted resources of the security staff
Optimum security through enhanced stability
Enhanced protection through complex, adaptable end efficient security
Reliable security through enhanced monitoring and policy control

To find out more about the Endpoint Protector 4 Hardware and Virtual Appliance and see the detailed list of features, visit the product page and the official press release.

Israeli Ministry Falls Pray to Insider Theft of 9 Million Records

October 24th, 2011 by Agent Smith (0) Data Theft & Loss

No one is safe from inside threats, not even state departments and ministry, as a very recent incident at Israel’s Ministry of Labor and Welfare. A contract worker has stolen personal information of over 9 million Israelis from the country’s Population Registry. The Jerusalem Post quoted by Dark Reading states that the perpetrator copied the ID numbers, full names, addresses, dates of birth, information on family connection as well as other details and used it to create a searchable database which was going to be sold to a private buyer.

As the contract worker lacked the tech skills needed to create the database, he shared the 9 million stolen records to another individual who did the actual design of the software program that exploited the existing database of Israeli citizens and called his creation “Agron 2006″. Read more

Spectrum Health Client Data Stolen With Hard Drive

October 24th, 2011 by Agent Smith (0) Data Theft & Loss,security breach

Health systems company Spectrum has been the victim of a data breach affecting confidential health information of some of their clients. The breach was the result of an electronic device theft, the perpetrators also taking a hard drive that included the medical details. According to Spectrum representatives, the stolen information was not encrypted, but it was double password protected.

The thieves took three electronic devices when breaking in the offices located at 484 Main St. in Worcester in late August, but only one was used to temporarily store personal and protected health information. Read more

This time it seems to be too much

October 12th, 2011 by mateusz (0) In the News,Malware Infections

What you can see in the picture is belonging to US Navy Drone Reaper. It is remotly controlled air vehicle used during combat missions in Afghanistan. A machine that is capable of neutralising targets or performing reckon missions. What would you say if you found out, that every “step” of the machine was tracked by a computer virus - a keylogger? dangerroom says that no more than 2 weeks ago on computers in Creech Air Force Base in Nevada. Since then, pilots are still performing overseas missions, and also there were several attempts to remove the malware. However,

We keep wiping it off, and it keeps coming back

It does not sound promising if one of most important America’s weapons is infected. It is not sure whether the infection was done on purpose or it was accidental. The virus is believed to be spread with removable devices, that are used to load map updates and transport mission videos from one computer to another. Read more