Friday, August 30, 2013

Last Convictions in Identity Theft/Tax Fraud Case

The last 3 defendants in a Georgia identity theft and tax fraud scheme have been convicted. Companies and organizations, often the source of stolen identity data used for tax fraud, need to be even more vigilant and proactive regarding ID theft detection.

A total of 13 have been convicted for charges including conspiracy to defraud the IRS and identity theft from medical records. Names, dates of birth and Social Security numbers were stolen and used to obtain fraudulent tax refunds. The ringleaders had "insiders," friends and relatives, working at doctors' offices who stole patient identity information.

"The case has 13 defendants total and federal charges range from conspiracy to defraud the IRS to identity theft from medical records."
-WSAV News
Many tax fraud schemes are feed with patient identities stolen by insiders at healthcare organizations. These breaches of patients' private information often first uncovered from law enforcement, rather than internal breach detection programs.

Healthcare organizations can utilize low-cost on-demand SaaS analytics to proactively detect privacy data breaches which would contribute to fewer stolen identities falling into the hands of criminals

Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Last defendants convicted in Statesboro identity theft & tax fraud scheme - www.wsav.com, 08/27/2013

Thursday, August 29, 2013

Why it Took 9 Months to Notify Breach Victims?

Up to 860 patients who used ambulances in early 2012 are just now receiving breach notices. Why the long delay?

In April we posted about ambulance patients' data stolen being by a rogue employee and sold to an identity theft ring. At that time the employer, who handled billing for ambulances, promised "a through forensic investigation."

"They never figured out all of the data that was accessed by the former employee, it seems, and only found out last month when the IRS contacted them."
- PHIprivacy.net
But last month the IRS contacted the billing company about additional patient data that might have been breached by their former employee. Thus only now are more patients are being notified.

Detecting all patients' data accessed by an insider, and determining which data was breached can require difficult, time consuming IT gymnastics. However, for truly through forensic investigations, which rapidly and easily detect all patients accessed by an insider, companies are utilizing low-cost on-demand SaaS analytics services.

Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Ninth months later, almost 860 Indiana residents are first being notified of the ADPI breach - www.phiprivacy.net, 08/27/2013

Wednesday, August 28, 2013

$5B Loss - IRS Needs Improved Refund Fraud Detection

US Internal Revenue Service (IRS) efforts are lagging for a key software program upgrade to prevent the growing problem of tax fraud schemes. Therefore companies and organizations, often the source of stolen identity data used for tax fraud, need to be even more vigilant and proactive regarding ID theft detection.

An estimated $5 billion a year is lost to identity theft refund fraud which typically involves using stolen names and Social Security numbers to file bogus returns. The IRS says updating their "Return Review Program" (RRP) software needs to be completed by January 2015 to replace the current, and increasingly outdated, refund fraud systems.

"There is limited assurance that RRP systems development activities will achieve expected benefits or meet time-sensitive business and information technology requirements for addressing the IRS's evolving tax refund fraud risks."
- Treasury Inspector General for Tax Administration Report
However, the Treasury Inspector General for Tax administration reports there is "limited assurance" the RRP will "achieve expected benefits" to address the IRS's tax refund fraud risks. Thus individuals as well as organizations should be more vigilant about protecting against identity theft that can increase tax refund fraud.

Many of these tax fraud schemes are feed with patient identities stolen by insiders at healthcare organizations. These breaches of their patients' private information often first comes to their attention from law enforcement, rather than internal breach detection programs. Healthcare organizations can utilize low-cost on-demand SaaS analytics to proactively detect privacy data breaches which would contribute to fewer stolen identities falling into the hands of criminals.

Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) IRS lags in program to spot tax refund fraud: watchdog - Reuters, 08/26/2013

Tuesday, August 27, 2013

CMS Educating Seniors on Healthcare Fraud

The Centers for Medicare and Medicaid Services (CMS) employs consumer education and engagement to fight identity theft and other healthcare related fraud against seniors.

The CMS's Senior Medicare Patrol (SMP) program recruits and trains retired professionals and other seniors about healthcare fraud prevention, identification, and reporting. These SMP volunteers educate their communities' Medicaid/Medicare beneficiaries, caregivers, and family members about fraud, as well as about billing errors and how to detect and report such instances.

"In 2010, more than $4 billion in fraudulent claims were returned to government agencies thanks to SMP activities." - Fraud Avengers, August 2013 Newsletter
Although SMP began in 1997, efforts have increased under the Affordable Care Act (ACA). The are now 5,600 volunteers nationwide and CMS is raising awareness with media outreach and consumer engagement programs.SMP volunteers also help to identify patterns of fraud and report those by working in close partnership with CMS and the federal Health and Human Services (HHS) Office of the Inspector General (OIG).

Healthcare organizations are also contributing to decreasing fraud by utilizing low-cost on-demand SaaS analytics to detect theft of medical identity data.

Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Senior Healthcare Fraud - Protecting Fellow Seniors - FraudAvengers.org, August, 2013

Monday, August 26, 2013

Healthcare CIO: 80% Want Big Data Analytics, 84% See Challenges

A survey by the College of Health Information Management Execitives (CHIME) found that 80% of CIOs think big data is important to their healthcare organization's strategic goals, however 84% say utilizing big data presents challenges for them.
"18 percent have staff trained to collect and analyze data, 16 percent outsource this task."
- Survey by College of Health Information Management Executives
These challenges include having enough experienced staff to collect and analyze data from various systems. Some healthcare organizations are addressing their need for rapid answers with low-cost on-demand SasS big data analytics services.
Learn how Veriphyr Identity and Access Intelligence uses big data to deliver business insights - with no hardware and no on-site software.
Sources:
(a) Survey: 80% of CIOs Want to Use Big Data, Though 84% Said Big Data Use Presents Challenges - Becker's Hospital Report, 08/08/2013

Friday, August 23, 2013

Another Healthcare Data Breach in South Florida

Just a month ago hospital employees in South Florida were indicted for ID theft and tax fraud and now another stolen ID investigation is underway at the same organization.

A hospital employee, now terminated, was caught with protected health information (PHI) that the employee was not authorized to possess nor should have had access to. The PHI was found when the employee was pulled over by local law enforcement; the PHI included names, Social Security numbers, birth dates and medical record numbers-the number of patients affected is currently unknown.

"The now terminated employee had PHI that they shouldn't have had access to...names, Social Security numbers, birth dates, and medical record numbers."
- HealthITSecurity.com
It's unclear if this latest data theft is connected with the tax fraud ring prosecuted last month as the investigation is ongoing.

To proactively detect inappropriate access to PHI, even by authorized users, healthcare organizations can utilize low-cost on-demand SaaS analytics.

Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Tampa General Hospital investigating another data breach - HealthITSecurity.com, 08/16/2013

Thursday, August 22, 2013

Healthcare Breach Source: Insider Snooping, Identity Theft

When asked about the source of healthcare breaches 29% of respondents to the 2013 Outlook survey said an "insider attack," such as medical record snooping or identity theft.

They ranked the risk of a patient privacy breach by an insider as greater than that of lost or stolen unencrypted devices or paper records.

"29% said healthcare breaches source was "insider attack, such as record snooping or identity theft," greater than "lost or stolen unencrypted electronic devices or paper records", and "hacker attacks."
- Healthcare Information Security Today: 2013 Outlook - Information Security Media Group
To address the risk of insiders inappropriately accessing patients' medical records healthcare organizations can now proactively detect breaches of patient privacy with low-cost on-demand SaaS analytics.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) 2013 Outlook - Healthcare Information Security Today: 2013 Outlook - Information Security Media Group, 06/17/2013

Wednesday, August 21, 2013

Nurse Fired for Snooping, 1,300 Patients' Privacy Breached

A Canadian hospital has terminated a nurse found to have inappropriately accessed the medical records of 1,300 patients for over nine years.

As far back as 2004, the nurse had accessed patient names, dates of birth, phone numbers, health card numbers, physician, next of kin, and reason for hospital visit.

"The nurse had been improperly accessing the protected health information (PHI) of 1,300 patients for more than nine years."
- Healthcare IT News
The hospital was alerted to the snooping by a former patient who was "hearing from people in the community things that would be on their medical file."

Rather than waiting for a third party, such as a former patient, to prompt an investigation of inappropriate access to PHI, healthcare organizations are employing low-cost on-demand SaaS analytics to proactively detect privacy breaches. Proactive detection would have prevented nine years of PHI breaches as well as early identification of an employee who might have been eligible for additional training and reprimand rather than termination.

Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Nurse sacked for snooping patient files - HealthcareITnews.com, 08/14/2013

Tuesday, August 20, 2013

Company Directors: Own Employees Greatest Data Threat

Boardroom Cyber Watch 2013, an international survey of senior executives conducted by IT Governance, found 53% of company directors view their own employees as the greatest threat to corporate data and computer systems.

Respondents ranked the threat from employees (53%) ahead of risks from criminals, state-sponsored cyber-attackers, and competitors.

"The threat from employees (53%) was ranked ahead of risks from criminals, state-sponsored cyber-attackers and competitors."
- Boardroom Cyber Watch 2013
The survey found that 25% have "lost sleep" about their company's cybersecurity. The survey also revealed senior executives are aware of the competitive advantages of effective information security: 74 percent say customers want to deal with suppliers with proven IT security credentials, and 50 percent say customers have inquired about its information security measures in the past 12 months.

Executives who don't want to lose sleep over the threat of their employees inappropriately accessing or stealing corporate data can utilize low-cost on-demand SaaS analytics to proactively detect data breaches.

Download a white paper on data privacy breach detection. Learn how to proactively identify unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Boardroom Cyber Watch 2013: survey results - www.continuitycentral.com,08/18/2013

Monday, August 19, 2013

ID Theft Ring: Ten Charged

Ten people have been charged in Alexandria Virginia for their alleged involvement in an identity theft ring.

Employees were recruited to steal personal information, such as social security numbers, addresses, and dates of birth, from their employers, which included a local dental practice, insurer, and rental car company.

"Over 600 potential victims have been identified, including employees of the U.S. Department of State, the U.S. Department of Defense, and the U.S. Agency for International Development. .." - U.S. Attorney’s Office, Eastern District of Virginia
Allegedly, members of the ring used the stolen information to produce fraudulent identification documents bearing their victims’ personal information, and then used the fraudulent documents and victims’ social security numbers to open credit lines at various retailers.

Protect your organization against a rogue employee stealing data for identity theft download with low-cost on-demand SaaS proactive data breach detection.

Download a white paper on data privacy breach detection. Learn how to proactively identify unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Ten Charged In D.C. Area Identity Theft Ring - www.databreaches.net, 08/16/2013

Friday, August 16, 2013

Survey: Healthcare Cybersecurity Staff Shortage

A new survey shows that healthcare and other industries are facing a shortage of cybersecurity staff. The survey was conducted by Semper Secure, a public/private partnership launched in April by Governor Bob McDonnell to promote Virginia as a national cybersecurity hub.

Given most don't become interested in cybersecurity until they have begun their careers, Diane Miller, Director of Information Security an Northrop Grumman, says "industry, academia and government need to do more to create a clear and comprehensive career path in cybersecurity, starting as early as middle school."

"Current shortages of cybersecurity professionals are estimated between 20,000 and 40,000, and unfortunately, that trend is continuing."
- Diane Miller -- director of information security and cyber initiatives, Northrop Grumman
To address cybersecurity shortages some organizations in healthcare and other industries are utilizing SaaS services, such as those that provide data breach detection, user access compliance/attestation reporting.
Download a white paper on data breach detection. Learn how to proactively identify unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Survey reveals short supply of cybersecurity professionals - ModernHealthcare.com, 08/09/2013

Friday, August 9, 2013

Small Privacy Breach = Big Fine for Bank

A small privacy breach involving just 32 customers resulted in a fine of £75,000 ($115,938 USD) for a British bank. That comes to over £2,300 ($3,600 USD) per customer affected.

The Information Commissioner's Office (ICO), which issued the fine, described the breach of privacy as "unforgivable" and "mistakes of this kind compromised sensitive data at a time when identity fraud is on the rise."

"Today's penalty reflects the seriousness of this case." - Stephen Eckersley, Head of Enforcement, Information Commissioner's Office (ICO)
The Bank of Scotland apologized for the breach, saying that security was a "key priority" and that it was reviewing its processes in light of the ICO’s verdict.
Download a white paper on data privacy breach detection. Learn how to proactively identify unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Bank of Scotland fined for persistent privacy breach - www.which4.co.uk, 08/06/2013

Thursday, August 8, 2013

Law Enforcement Database Privacy Breach?

The results of a Metro Police Office of Professional Accountability investigation into whether a Franklin Tennessee Police employee illegally accessed a law-enforcement database will released soon.

Allegedly, a police employee used a law-enforcement database to obtain information on one of Police Chief David Rahinsky's family members.

"The report “may relate to personal, protected information of employees and/or their family members.”." - Lt. Charles Warner, Police Spokesman
Unfortunately this is not the first time inappropriate access to a law enforcement database has occurred. Law enforcement organizations can now utilize low-cost on-demand SaaS analytics to proactively detect data breaches, even by authorized users.
Download a white paper on data privacy breach detection. Learn how to proactively identify unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Franklin Police work through Metro report on possible law enforcement data breach - The Tennessean, 08/02/2013

Wednesday, August 7, 2013

Staff Shortage Threatens Health IT Momentum

HIMSS Analytics data shows healthcare IT staffs have grown from 24 full-time equivalents in 2008 to 35 FTEs in 2012.

This growth has been driven by more systems being deployed as well as IT being involved with federal mandates such as meaningful use. And while staff may be increasing the workload is increasing more rapidly, leading to a fierce completion for talent.

"You have hospital boards applying pressure to CIOs to transform care, and yet the CIO doesn't have the talent to do it." - JoAnn Klinedinst, VP Professional Development, HIMSS
According to HIMSS Analytics Senior Director of Research Jennifer Horowitz, many hospitals are becoming "places where IT folks are getting experience and then getting lured away to other places that can pay them more money."

To avoid talent shortages and bidding wars, one strategy healthcare organizations are utilizing is low-cost on-demand SaaS services, such as analytics for proactive privacy breach detection, user access compliance and accounting of disclosures.

Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Talent shortages threaten IT momentumwww.HealthcareITnews.com, 08/05/2013 -

Tuesday, August 6, 2013

Mostashari, ONC Chief, to Step Down

Farzad Mostashari, who has been with the Office of the National Coordinator for Health Information Technology(ONC)for four years, and has been National Coordinator since 2011, will step down this fall.

Kathleen Sebelius, Secretary of Health and Human Services, made the announcement and said "Farzad has seen through the successful design and implementation of ONC's HITECH programs, which provide health IT training and guidance to communities and providers; linked the meaningful use of electronic health records to population health goals; and laid a strong foundation for increasing the interoperability of health records — all while ensuring the ultimate focus remains on patients and their families."

"During his tenure, ONC has been at the forefront of designing and implementing a number of initiatives to promote the adoption of health IT among health care providers."
- Secretary of Health and Human Services, Kathleen Sebelius
Underlying every health IT initiative Dr. Mostashari has championed is that "maintaining the privacy and security of patient records is paramount." Healthcare organizations can now utilize low-cost on-demand SaaS analytics for proactive privacy breach detection, user access compliance and accounting of disclosures reporting.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Mostashari to Step Down - Healthcare IT News, 08/06/2013

Monday, August 5, 2013

1 in 5 Employees Can and Would Take Company Data

A Harris Interactive survey found that nearly 1 in 5 (19%) office workers (age 18-34) would take customer data, price lists or product plans with them if they knew they were about to be terminated.

In addition, 16% (1 in 6) said they used old user IDs and passwords to access a former employer's computing systems.

"Nearly 1 in 5 (19%) of those who work in an office setting would take company information like customer data, price lists or product plans...16% percent (1 in 6) have been able to use old user IDs and passwords to access a former employer's computing systems.."
- Harris Interactive survey
These finding highlight the significant data theft risk to an organization and make it critical to know who and when employees, contractors, and partners/vendors access a company's data.

To address these issues organizations are utilizing Identity Access Intelligence (IAI) - low-cost on-demad SaaS analytics service for in-depth reports on user access compliance, attestation, and proactive data breach detection, even by authorized users.

Download a white paper on user access compliance and proactive data breach detection. Learn how to proactively identify unauthorized breaches of corporate data, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Is ‘Man of Steal’ Now Playing At Your Company? - Courion,07/18/2013

Friday, August 2, 2013

Tavenner, at CMS: EHRs Transforming Healthcare

Centers for Medicare & Medicaid Services (CMS) administrator Marilyn Tavenner says "Electronic health records (EHRs) are transforming relationships between patients and their health care providers. EHRs improve care coordination,...and help patients take more control of their health and result in better overall health outcomes."

Eighty percent of eligible hospitals and more than 50 percent of eligible professionals have adopted EHRs and received meaningful use incentive payments from Medicare or Medicaid.

"More patients than ever before are seeing the benefits of their providers using electronic health records to help better coordinate and manage their care."
- Farzad Mostashari, MD, National Coordinator for Health Information Technology
As we noted yesterday the deployment of EHRs makes patient data more exposed to inappropriate and criminal access. The CMS data shows that 4.6 million patients received an electronic copy of their health information from their EHR since 2011. Increasingly, patients are requesting an accounting of disclosures - a report of everyone who has accessed their medical record.

Low-cost on-demand SaaS analytics are being utilized by healthcare organizations to proactively detect privacy data breaches as well as provide patients with an accounting of disclosures.

Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) EHRs 'transforming' care, says Tavenner - www.iHealthCareITnews.com, 07/17/2013

Help Kids, Visit Dairy Queen 'Miracle Treat Day' Aug 8, 2013

Children’s Miracle Network Hospitals
Children’s Miracle Network Hospitals is a charity that raises funds for more than 170 children's hospitals. Donations to Children’s Miracle Network Hospitals are used to provide charitable care, purchase life-saving equipment, and fund research and education programs that save and improve the lives of 17 million children each year.

Why Veriphyr Supports Children’s Miracle Network Hospitals
Like our customers, Veriphyr is committed to doing the right thing for our customers and communities. Veriphyr gives back to the communities by contributing a part of each sale to the Children’s Miracle Network Hospitals in the customer's community as well as donating our proactive privacy breach detection SaaS analytics service to CMNH hospitals.

Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Miracle Treat Day, August 8, 2013 - www.MiracleTreatDay.com, 08/02/2013

Thursday, August 1, 2013

Helping Kids: August is RE/MAX Month of Miracles!

Children’s Miracle Network Hospitals
Children’s Miracle Network Hospitals is a charity that raises funds for more than 170 children's hospitals. Donations to Children’s Miracle Network Hospitals are used to provide charitable care, purchase life-saving equipment, and fund research and education programs that save and improve the lives of 17 million children each year.

Why Veriphyr Supports Children’s Miracle Network Hospitals
Like our customers, Veriphyr is committed to doing the right thing for our customers and communities. Veriphyr gives back to the communities by contributing a part of each sale to the Children’s Miracle Network Hospitals in the customer's community as well as donating our proactive privacy breach detection SaaS analytics service to CMNH hospitals.

Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Helping Kids: August is RE/MAX Month of Miracles! - www.REMAX.com,08/01/2013

$15.5B in EHR Incentives

The 2009 federal economic stimulus package allowed health care providers who demonstrate meaningful use of electronic health record systems (EHRs) to qualify for Medicaid and Medicare incentive payments.

Under this program more than $6.3 billion has been paid to physicians and other eligible professionals who demonstrated meaningful use as of June 2013. In addition the Centers for Medicare and Medicaid Services (CMS) reports eligible hospitals have received $9.2 billion in incentives.

"In total, 58% of eligible professionals and 80% of eligible hospitals have received incentive payments totaling $15.5 billion since the meaningful use program launched in 2011." - Modern Healthcare
Currently, only 11% of eligible hospitals and about 24% of eligible professionals have not yet registered for the meaningful use program.

With the deployment of EHRs to achieve meaningful use healthcare organizations are more exposed to inappropriate and criminal access to patient data. To proactively detect such access, low-cost on-demand SaaS analytics are available.

Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Majority of Eligible Providers Have Received EHR Incentive Payments - www.iHealthBeat.org,07/31/2013

Popular Posts

Copyright © 2010-2017 by Veriphyr Incorporated, All Rights Reserved.

Contact us at Veriphyr.com.