Patient Records Lost at Vincent’s Hospital
St Vincent’s University Hospital in Dublin has announced one if its computer back-ups containing patient records is missing. Notices have been posted around the hospital with inquires of the whereabouts of the drive in question.
According to a hospital spokesman, the Data Protection Office has been notified on October 21 of the data protection breach relating to the loss of this device. The lost data will have no impact on patient care.
‘‘It contained archived copies of the files of a small subset of patients with laryngeal disorders who attended the ear, nose and throat department between 2002 and 2008,” said the spokesman. ‘‘The original patient records are still preserved. The hospital will be contacting all of the laryngeal patients whose details were on the storage device.”
The incident was fully investigated according to the code of practice, and a report would be forwarded to the Data Protection Office.
Measures to prevent the repeat of such incidents involving external data storage devices have been taken.
Accomack county laptop stolen on employee’s trip to Vegas
What’s stolen in Vegas stays in Vegas?
35,000 county residents found out that their private information might be in jeopardy as an Accomack County Virginia employee had a county-owned laptop stolen while being on holiday in Las Vegas. Besides personal information such as names and social security numbers, the files on the stolen computer might contain tax payer information and actual addresses.
The incident took place on October 7 and was reported to the media after seven days. The warning came with apologies as the laptop in question was apparently taken without permission by the employee. A closed meeting held by the Board of Supervisors regarding this issue was held on Wednesday. Read more
Endpoint Protector 2009 for Mac Introduces File Tracing for Portable Devices
If you’re a Mac fan and also into device control, endpoint security or data loss prevention, you know there aren’t many solutions covering this specific area for Mac / Apple operating systems. One of the only solutions with a client dedicated to Mac is Endpoint Protector 2009, developed by CoSoSys. The Endpoint Protector 2009 Mac device control application has just been released in a new version, now including File Tracing for portable devices and offline temporary passwords.
The newly introduced features are designed to increase protection for business confidential data and to offer road warriors a way to stay active and productive when a permanent Internet connection is unavailable. Moreover, the carried data is kept safe from the common threats posted by improper usage of portable storage devices that often leads to severe security breaches. When enabled, the File Tracing feature logs all data and file related activity and stores it for later auditing. Each time an employee edits, deletes or renames a certain file originating from or subsequently copied to a portable device, his actions are recorded, along with his user credentials and the device specifications. Read more
7,000 CCNY Students Affected by Data Breach Exposing Sensitive Information
Panic grows among 7,000 students that are attending City College of New York as this week they have been notified by the school’s officials that a laptop theft may cause public exposure of their private details, including names and social security numbers.
The computer was stolen a couple of weeks ago, according to a post published by the Educational Security Incidents (ESI) blog. The data of the computer was not encrypted, but only password protected. CCNY officials found no evidence that any of the data has been used for identity theft or other illegal endeavors. Read more
Manchester Police Denies Ownership of lost USB stick with Classified Information
An USB stick belonging to the Manchester Police and containing over 2,000 pages of highly-sensitive and confidential information has made is way to the Daily Star news room, after apparently being dumped in the street close to the Stalybridge police station near Manchester. According to the Daily Star, the files stored on the memory stick contained anti-terrorism information, including strategies for acid and petrol bomb attacks, blast control training and the use of batons and shields.
“Describing its contents as “an essential reference for all officers”, it goes on to outline methods to combat football violence, riots, public disorder and how to deal with violent people when entering a room.
Produced by the National Police Improvement Agency, the files, bearing the title Manual On Guidance Of Keeping The Peace, cover all aspects of counter terrorism and “tactical deployment”.
The Greater Manchester Police replied the Daily Star accusation by refusing to confirm the ownership of the memory stick. Read more
Sensitive BP info revealed in hacking contest
If you think BP have their hands full with the oil spill and the whole environmental mess they’ve caused in the Gulf of Mexico, think again. It seems they lack all kinds of security – not only can’t they drill for oil in a safe environment, their data security is also poor.
The Defcon hacker contest organized in Las Vegas is a hacking competition that has its contestants trick employees of large companies into spilling out potentially sensitive information. The purpose is – and targeted companies should thank the organizers for that matter – to show how gullible people can be and how this becomes a major security vulnerability. Read more
Lost thumb drive leads to potential data breach
A thumb drive containing personal data of current and past graduate medical education residents and fellows at Cooper University Hospital has recently gone missing. Lost around July 8th, the incident has been reported to the proper authorites a few days later who are now looking into the potential security breach only two weeks later.
According to hospital sources, the lost data includes Social Security numbers, addresses, and phone numbers. As it always happens in such cases, the data was not in anyway encrypted or protected.
The University later released the following statement:
Medical diagnoses of 130,000 people lost
New York-based Lincoln Medical and Mental Health Center is the center of attention in security news after exposing sensitive patient information. The lost data was the result of a failed FedEx delivery – CDs with unencrypted data was sent to the Center but never made it to its destination.
The lost data included medical and psychological diagnoses and procedures for over 130 000 patients, as stated in an official notification. An investigation trying to locate the missing CDs was launched back in April, but it failed to recover the data: names, addresses, social security numbers medical record numbers, dates of birth and more, enough for any half-decent identity thief to have a blast.
According to the Register, Licoln is at least note alone in this mess:
Lincoln’s notification to the US Department of Health website came the same day officials at the University of Maine said sensitive details for 4,585 individuals who sought services at the school’s counseling center have been stolen by hackers who compromised two servers. The exposed data included names, clinical information and social security numbers for people who used the service over an eight-year span ending last week.
Other medical facilities to fess up to losing patient data in the past 24 hours, according to the Department of Health website, include Silicon Valley Eyecare Optometry and Contact Lenses, with 40,000 people affected, Kentucky’s Our Lady of Peace Hospital, with 24,600 affected, and the Cincinnati Children’s Hospital Medical Center, which affected 60,000.
SMBs start taking security seriously
Tired of being the main target of cybercriminals and other mean characters of the virtual world, SMBs are reconsidering their stand of security and starting to seriously apply it to their corporate infrastructures. These are the finding of a new survey conducted by Applied Research and published by Symantec. The new report shows that SMBs views have drastically changed over the past year, leading to more spendings on IT security and giving security policies a higher priority.
“Last year when we conducted this survey, a lot of SMBs were very confident in their security posture, but they weren’t always clear on the threat,” says Monica Girolami, senior product marketing manager at Symantec, who worked with Applied Research on the study. “This year they realize that they have gaps in their security stance, and they’re getting more serious — in fact, they rated data loss and cyberattacks as their top risks, even above natural disasters.”
Stolen laptop puts 12,500 patients’ data at risk
Shands HealthCare has recently announced about 12,500 of their patients that their private medical data has been stolen in January, along with the laptop that contained the personal details. As it almost always happens in the case of hardware storing sensitive records, the laptop wasn’t encrypted in any way.
The stolen info contains names, addresses, medical record numbers and medical procedure codes of the patients, as well as the Social Security numbers of about 650 people. Luckily, up to know, there is no evidence of any misuse of the data, and we should keep hoping that the thief or thieves just needed the notebook to sell it or for personal use…
At least some measures have been taken: training for the employees and system-wide encryption policy to prevent such data breaches in the future. And of course, there’s protection for those affected, eligible for 12 months of free credit monitoring.
Let’s hope the new system works, as according to Gainesville.com, security breaches involving large amounts of patient data being exposed are some what of a recurring habit at Shands.
