Thursday, July 31, 2014

AL Man Guilty ID Theft from Prisoners for Tax Fraud

An Alabama man, Gregory Slaton, has pleaded guilty to an stolen identity and tax refund fraud scheme (SIRF).

Slaton conspired with his wife, Jacqueline, and brother-in-law, a US Postal service worker, to obtain stolen identities from prison inmates, and file fraudulent tax returns.

"...a medical records clerk at one Alabama DOC facility was selling inmates’ information to Jacqueline Slaton."
- Department of Justice documents
It is unclear when the identity thefts from the corrections facility started or how they were discovered. Organizations seeking to proactively detect identity theft and data privacy breaches can utilize low-cost on-demand SaaS analytics services.
Download a white paper on identity theft and privacy breach detection. Learn how to proactively identify unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Alabama Man Pleads Guilty to Involvement in Identity Theft Scheme Using Prisoner Names and Corrupt U.S. Postal Service Employee - www.DOJ.com, 07/29/2014

Wednesday, July 30, 2014

49% General Counsels Say Businesses Unprepared for Data Breach

Almost half (49%) of corporate general counsels (GCs) say their businesses are unprepared to defend against a cybersecurity incident, according to a new survey of Fortune 1000 companies by Consero Group.

These senior executives' unique positions puts them in the midst of critical business matters. They ranked compliance/regulatory issues as a top area of focus.

"Some 49 percent of GCs surveyed by the Consero Group don’t believe their companies are adequately prepared when it comes to a data breach.."
- Paul Mandell, Consero Founder & CEO
Given the volume of information stored in data networks, organizations need to ensure that they are fully protected from any potential cyber breaches that may lead to liability. To protect against the threat of insiders stealing data, companies can utilize low-cost on-demand SaaS analytics services to proactively detect breaches.
Download a white paper on identity theft and privacy breach detection. Learn how to proactively identify unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) General Counsel Data Survey Facts & Analysis - www.Consero.com, 07/29/2014

Tuesday, July 29, 2014

Healthcare Analytics Market to Grow 25%

The market for healthcare analytics market will grow at more than a 25% compound annual growth rate over the next five years, according to a report by Research and Markets.

Analytics have a wide range of applications in healthcare according to the study.

"Analytics assist healthcare organizations in reducing the hospitals stays, meeting regulatory compliance, enhanced quality care, prevention of chronic diseases, and fraud detection."
- Research and Markets report
Drivers for this market growth, especially in North America, include Meaningful Use requirements. To meet these mandates, which include protecting patient data privacy, organizations can utilize low-cost on-demand SaaS analytics services.
Download a white paper on identity theft and patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Analytics are also contributing to improving patient outcomes and business decisions. Rather than the time and investment required to build a big data analytics team healthcare organizations often find SaaS analytics services more efficient and effective.
Learn how Veriphyr Identity and Access Intelligence delivers business insights - with no hardware and no on-site software.
Sources:
(a) Healthcare Analytics Global market - Forecast to 2019 - www.ReseachAndMarkets.com, 07/28/2014

Monday, July 28, 2014

Health Services Insider Stole 2,000 Patient Identities

A New York physical therapy practice has notified 2,000 patients that their identities were stolen by an insider at their organization.

It appears that an employee or someone with authorized access to the database took protected health information (PHI) including including names, addresses, telephone numbers, and potentially other private information. It is unclear whether any health/medical information was also improperly acquired.

"... protected health information, including names, addresses, telephone numbers, and potentially other private information, was taken...."
- Physical therapy practice breach announcement
Reportedly, the data theft occurred on February 21. It is unclear when the breach was actually discovered or why it took until June to notify patients. Healthcare organizations seeking to proactively detect identity theft and privacy breaches can utilize low-cost on-demand SaaS analytics services.
Download a white paper on identity theft and patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) NY: Sloane Stecker Physical Therapy notifies 2,000 patients of breach - www.PHIprivacy.net, 07/22/2014

Friday, July 25, 2014

Hospital Hit with 150K Privacy Breach Fine

Personal A Rhode Island hospital, who nearly two years ago notified 14,000 patients of a HIPAA breach involving their data, agreed to pay $150,000 to settle allegations that it failed to safeguard patient information.

The hospital will pay this civil penalty to the Massachusetts Attorney General who filed a lawsuit after discovering 12,127 of those patients were Massachusetts residents. This is an example of states attorney generals' power to sue for HIPAA violations.

"Personal information and protected health information must be properly safeguarded by hospitals and other healthcare entities."
- Attorney General of Massachusetts
According to Massachusetts AG Martha Coakley, "This data breach put thousands of Massachusetts consumers at risk, and it is the hospital's responsibility to ensure that this type of event does not happen again." Organizations seeking to proactively detect breaches of patient privacy can utilize low-cost on-demand SaaS analytics services.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Women & Infants Hospital to Pay $150,000 to Settle Data Breach Allegations Involving Massachusetts Patients - www.PHIprivacy.net,07/23/2014

Thursday, July 24, 2014

Employee Sentenced 7 Years for Huge ID Theft

Janice M Nieman embezzled more than $1 million from a Wisconsin not-for-profit health services organization where she was a payroll specialist.

She did this by stealing the identities of 848 registered nurses and creating phantom paid time off which she deposited in her bank account. Nieman was sentenced to seven years in prison.

"...from 2004 to April 2013, Nieman used her access to employee payroll information to concoct and orchestrate an elaborate embezzlement scheme."
- Court documents
It is unclear why the identity thefts took nine years to discover. Organizations seeking proactive detection of identity theft can utilize low-cost on-demand SaaS analytics services.
Download a white paper on identity theft detection. Learn how to proactively identify unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Ex-Wheaton worker gets 7 years in huge identity theft case - www.JSonline.com, 07/18/2014

Wednesday, July 23, 2014

$190M settlement by hospital for privacy and misconduct violations

A Baltimore medical center has agreed to a $190 million settlement with about 8,000 patients of gynecologist Nikita Levy who claim he secretly recorded their genitals during pelvic exams using a tiny camera concealed in a pen or key fob.
"[We have] redoubled our efforts to uphold the highest standards of patient privacy."
- Medical center spokeswoman regarding $190M settlement
The settlement amount is one of the largest on record involving sexual misconduct by a physician. The medical center might have settled to avoid more liability, said Tom Baker, a professor of law and health sciences at the University of Pennsylvania Law School. "You don't pay $200 million unless you thought you had a risk of losing quite a bit more than that," he said.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Hopkins Agrees to Pay $190 Million to Settle Levy Claims - www.BaltimoreSun.com, 07/21/2014

Tuesday, July 22, 2014

Private Investigator to be Tried for Data Breaches

Michael J Gaynor, a private investigator in Ireland, is alleged to have illegally accessed and disclosed personal information held by Ireland's police force, An Garda Síochána, and the Electric Supply Board (ESB).

Gaynor faces criminal charges in relation to alleged breaches of data protection legislation; this is the first such criminal prosecution in the state.

"Mr Gaynor faces three charges of illegally accessing personal information held by An Garda Síochána and of disclosing it without authority, under the provisions of section 22 (1) of the Data Protection Acts 1988 and 2003."
- Irish Times
Reportedly, the breaches occurred between May and October 2013 but it's unclear how the breaches were discovered. Organizations seeking proactive data breach detection can utilize low-cost on-demand SaaS analytics services.
Download a white paper on privacy breach detection. Learn how to proactively identify unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Private investigator to be tried over data breaches in October - www.IrishTimes.com, 07/21/2014

Monday, July 21, 2014

Woman Convicted of ID Theft, Tax Fraud

A jury found an Alabama woman, Nina McKinnie Macena, guilty of of seven felony charges in connection to a conspiracy to defraud the government through identity theft and the filing of false tax returns (SIRF).

Macena obtained identities from a a local bail bondsman who had access to the personal information of individuals detained at the city jail. The identities were used by a third person to file fraudulent income taxes for over $300,000 in returns.

"...trial evidence revealed Macena obtained the identities from Roderick Neal, a former Dothan bail bondsman, who had access to the personal information of individuals who had been detained at the Dothan City Jail.." - US Department of Justice
Unfortunately, as is all to often the case, the identity thefts were not detected at their source but discovered much later after the fraud had grown and many were victimized. Organizations seeking to proactively detect identity theft can utilize low-cost on-demand SaaS analytics services.
Download a white paper on identity theft detection. Learn how to proactively identify unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Alabama Woman Convicted of Stolen Identity Refund Fraud - www.Justic.egov, 07/14/2014

Friday, July 18, 2014

Health IT Funding Doubles to $1.8B

Venture capital (VC) investments in health IT companies has doubled in Q1 and Q2 2014 to $1.8 billion, according to a report by Mercom Capital Group.

$1.1 billion was raised by companies in management technology, analytics, and population health management.

"Q2 2014 was the first billion-dollar quarter for the health IT sector, which has raised more money so far in 2014 than it did all of last year -- $2.6 billion in 2014 compared with $2.2 billion in 2013." - Raj Prabhu, CEO, Mercom
VC interest is understandable given health IT analytics' ability to deliver business and clinical insights, such as Identity and Access Intelligence, delivered as a low-cost on-demand SaaS service.
Learn how Veriphyr Identity and Access Intelligence delivers business insights - with no hardware and no on-site software.
Sources:
(a) Health IT Funding Doubled in Q2 2014, Reaching $1.8B, Report Finds - www.iHealthBeat.org, 07/17/2014

Thursday, July 17, 2014

Privacy Breach at VA?

An supervisor of the Veterans Administration (VA) benefits division in Baltimore Maryland was found to have about 8,000 claims documents stacked in his office, 1,500 of which contained personally identifiable information (PII).

The discovery resulted in the removal of the employee from his position. Management is determining which documents contain Social Security and other sensitive information and will audit all staff office space.

"The Baltimore Regional Benefit Office is reorganizing after what appears to be a privacy breach."
- CBS News, Baltimore
Acting director of Veterans Affairs Sloan Gibson admits trust has been broken, “Ultimately that’s what we’re after: trust,” he said.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Baltimore VA Benefits Office Reorganizing After Alleged Privacy Breach - www.Baltimore.CBS.com, 07/14/2014

Wednesday, July 16, 2014

HR Data Now Theft Target

Not just credit cards and email addresses, but employees' personal data, are increasingly being targeted by data thieves, according to Daniel Schwartz of Shipman & Goodwin.

To protect against data thefts Schwartz suggests developing a data policy, educating employees on protecting confidential information, performing regular audits, and restricting employees from accessing confidential data when they leave the company.

"To cope with the increased security concerns from an HR perspective, Schwartz suggests ...performing regular audits."
- Law Technology News
Regular audits of who is accessing what confidential data, as well detection of data thefts, can easily and rapidly achieved with low-cost on-demand SaaS analytics services.
Download a white paper on privacy breach detection. Learn how to proactively identify unauthorized breaches of employee data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Hackers Are After Employee Data Now - www.LawTechnologyNews.com, 07/14/2014

Tuesday, July 15, 2014

Hospital Employee Indicted for Criminal HIPAA Violation

An East Texas hospital employee has been indicted for criminal violations of the Health Health Insurance Portability and Accountability Act (HIPAA), according to U.S. Attorney John M. Bales the East Texas District.

He was charged with “Wrongful Disclosure of Individually Identifiable Health Information” from December 1, 2012 through January 14, 2013. While an employee he obtained protected health information (PHI) with the intent to use the information for personal gain, according to the indictment.

"From December 1, 2012, through January 14, 2013, [he] obtained protected health information with the intent to use the information for personal gain." - Indictment document, US Attorney's office East Texas District
It is unclear how the breach, which went on for over a year, was discovered. Often law enforcement, or some third party, rather than the healthcare organization, are the first to know of a breach. Organizations seeking to proactively detect identity theft and privacy breaches can utilize low-cost on-demand SaaS analytics services.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) FORMER HOSPITAL EMPLOYEE INDICTED FOR CRIMINAL HIPAA VIOLATIONS - www.Justice.gov, 07/03/2014

Monday, July 14, 2014

Tips to Decrease Privacy Breaches

Ten tips for reducing the likelihood of a privacy breach have been published by the Office of the Privacy Commissioner of Canada (OPC) based on the their experience dealing with breaches at Canadian organizations.

In addition to knowing where personal information (PII) is stored the OPC recommends "limiting, and monitoring, access" to PII.

"...monitored access logs can help you identify unusual behaviours, and potentially prevent an incident either before it occurs or in the early stage."
- Office of the Privacy Commissioner of Canada
They noted that "monitored access logs can help you identify unusual behaviours, and potentially prevent an incident either before it occurs or in the early stage." Such monitoring and unusual behavior identification is offered as low-cost on-demand SaaS analytics services.
Download a white paper on privacy breach detection. Learn how to proactively identify unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Ten Tips for Reducing the Likelihood of a Privacy Breach - www.priv.gc.ca, 07/02/2014

Friday, July 11, 2014

Report: 1 in 3 Data Breaches Result in Fraud

Customers have more cause to worry about breaches of their data according to a new report from the National Consumers League (NCL) report. They found that in 2013 nearly 1 in 3 data breaches resulted in fraud, that’s up from 1 in 9 in 2010.

The consequences of consumer fraud have a serious ripple effect: fraud victims report losing trust in the businesses where their data was compromised. For example, 59 percent of respondents whose data was breached at a retailer expressed “significantly decreased” trust in retailers who failed to protect their information.

"...in 2013 nearly 1 in 3 data breaches resulted in fraud, that’s up from 1 in 9 in 2010."
- The National Consumers League.

“This study is only the latest evidence for why the business community should be one of the most vocal advocates for protecting consumer data,” said NCL Vice President John Breyault. Organizations seeking to protect consumer data can utilize low-cost on-demand SaaS analytics services to proactively detect ID theft and privacy breaches.

Download a white paper on identity theft and privacy breach detection. Learn how to proactively identify unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) The Consumer Data Insecurity Report: Identity Fraud Paradigm in Four Major Metropolitan Areas - www.NCLnet.org, 07/10/2014

Thursday, July 10, 2014

Corrections Officer Guilty of Prisoner ID Theft, Tax Fraud

A corrections officer in Florida, Jerry St. Fleur, has pleaded guilty to stealing inmates identities and using them to file fraudulent tax returns.

St. Fleur used his access to the state Department of Corrections database to obtain names, dates of birth and Social Security numbers of current and former inmates without their knowledge, according to the indictment.

"St. Fleur allegedly filed 182 fraudulent income tax returns using the stolen [inmate] information in order to get more than $500,000 worth of refunds."
- US Attorney's Office, Tampa
It is unclear why the ID thefts, which began no later than January 2011, continued until about May 2014. Organizations seeking to proactively detect ID theft and privacy data breaches can utilize low-cost on-demand SaaS analytics services.
Download a white paper on identity theft and privacy breach detection. Learn how to proactively identify unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Former corrections officer pleads guilty to wire fraud, identity theft - www.TBO.com, 07/09/2014

Wednesday, July 9, 2014

HHS: 4.6M Californian Privacy Breaches Since 2009

About 4.6 million Californians have had their personal health information (PHI) breached or stolen since 2009, part of the nearly 32 million US residents affected, according to the Department of Health and Human Services (HHS)data.

Experts say the data raise concerns about security measures being taken as the federal government pushes providers to adopt electronic health records (EHRs).

"Those numbers, taken from new U.S. Health & Human Services Department data, underscore a vulnerability of electronic health records (EHRs)." - Orange County Register
While EHRs are contributing to improved healthcare delivery and outcomes, they can also facilitate identity theft and data privacy breaches. Healthcare organizations seeking to proactively detect such data thefts and breaches can utilize low-cost on-demand SaaS analytics services.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Millions of electronic medical records breached - www.OCregister.com, 07/07/2014

Tuesday, July 8, 2014

Hacker: Health Security is "Wild West"

What Kevin Johnson, a professional "ethical" hacker, sees regarding healthcare data security terrifies him.

The overwhelming majority of healthcare related organizations have security "that sucks," according to Johnson. Alarmingly, a call from the FBI is often how a healthcare organization learns of a data security issue.

"3,000 organizations of all types, but very many of them medical related, the way they found out there was a problem with their network is they got a phone call from the FBI. If the FBI is initiating your incidence response, you have a problem."
- Kevin Johnson, professional hacker
As Johnson said "If the FBI is initiating your incidence response, you have a problem." To avoid learning of identity theft and data privacy breaches from law enforcement, organizations can proactively detect such issues with low-cost on-demand SaaS analytics services.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Hacker Calls Health Security "Wild West" - www.HealthcareITnews.com, 06/11/2014

Monday, July 7, 2014

Hospital Employee Arrested for Insider Data Theft

Tuscaloosa Alabama police have arrested a medical center employee and accused him of stealing data.

Joshua Seth Howell's employment was terminated on June 16 and monitors detected a data download that day. It is unclear if patient data has been breached as the investigation is ongoing and further charges are expected.

"Howell's employment was terminated on June 16, and the monitors at [the medical center] detected a download from their computers the same day."
- Tuscaloosa police department
Unfortunately, employees who are about to quit or are terminated often steal company data. Organizations seeking to proactively detect such data thefts can utilize low-cost on-demand SaaS analytics services.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Tuscaloosa Police arrest former hospital employee for stealing data from DCH Regional Medical Center - www.AL.com, 06/27/2014

Thursday, July 3, 2014

Identity Theft, Tax Fraud at State Public Health Department

More than 500 clients of the Alabama Department of Public Health (ADPH) had their identities stolen and used for tax refund fraud. The ADPH learned of the ID thefts from the US Attorney's Office and the Department of Justice.

Information stolen from the ADPH electronic health records (EHR) database may have included clients' names, dates of birth and social security numbers.

"We believe now that it is possible they may have been former employees, but we are still participating in the investigation."
- Alabama Department of Public Health Privacy Officer Samarria Dunson
As is all too often the case in identity theft, law enforcement, rather than the data source organization, was the first to know about the breach. Organizations seeking to proactively detect identity theft and data breaches can utilize low-cost on-demand SaaS analytics services.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Hundreds affected by ADPH data breach - www.WAFF.com, 06/26/2014

Wednesday, July 2, 2014

New OCR Leader for Civil Rights, Privacy

The Department of Health and Human Services (HHS) has named Jocelyn Samuels to head the Office of Civil Rights (OCR).

As director of the HHS Office for Civil Rights, Samuels duties will also include enforcing the HIPAA privacy, security and breach notification rules.

Samuels, who succeeds Leon Rodriguez, most recently served as acting assistant attorney general for the Civil Rights Division within the U.S. Department of Justice.

"Jocelyn's wealth of experience and commitment to the mission of OCR will be great assets to her as she takes on this new role." - HHS Secretary Burwell
Changes in leadership of the HHS Office for Civil Rights and its HIPAA division come as the office gears up to launch a permanent random HIPAA audit program, expected later this year.
Download a white paper on patient privacy breach detection. Learn how to proactively identify unauthorized breaches of patient data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Jocelyn Samuels Named New OCR Director - www.GovInfoSecurity.com, 07/01/2014

Popular Posts

Copyright © 2010-2017 by Veriphyr Incorporated, All Rights Reserved.

Contact us at Veriphyr.com.