Wednesday, November 26, 2014

Government Agents Snoop on Sports Star

Twenty-four staff of the Judicial Investigation Department in Costa Rica are being investigated for improperly using the department's database to access personal information about Real Madrid and their goalkeeper Keylor Navas.

While it seems the inappropriate access of Navas' information was motivated by curiosity such use of the database is not authorized according to the department head Francisco Segura.

"there was no justification for their actions as agents only have authority to access the "information platform" during an investigation."

- Costa Rica's Judicial Investigation Department head Francisco Segura

It is unclear how long the snooping went on for or how it was discovered. Organizations seeking proactively detect privacy breaches can utilize low-cost on-demand SaaS analytics.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Judicial agents in Costa Rica probed for snooping on personal data of Real Madrid's Navas - www.TimesColonist.com, 10/29/2014

Tuesday, November 25, 2014

Physician Sanctioned for Sharing Patient Data with Wife

This is an update on the January 2014 blog noting a physician had improperly shared information about 2,500 patients with his wife over a three year period.

The Department of Health and Human Services (HHS), and their agency the Office of Civil Rights (OCR), investigated the breaches and issued a report.

"The covered entity (CE)...reported that a CE-employed physician disclosed electronic protected health information (ePHI) to his wife without authorization." - HHS Summary
The HHS summary notes that the hospital sanctioned the physician and implemented new security policies and procedures. Proactive privacy breach detection can be accomplished with low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Update on Coulee Medical Center Breach - www.PHIprivacy.net, 11/19/2014

Monday, November 24, 2014

Bank Insider Stole Customer Info for Competitor

A national bank has filed a suit against a competing institution claiming they hired one of their employees to steal customer information.

For a month before the employee left his position with the plaintiff he sent confidential information to his new employer. The new employer had set up an email account to receive customer names, tax returns, credit approvals, and other documents

"he transferred numerous tax returns, credit approvals and other documents from [the bank's] customers to his next employer in the weeks before he resigned"
- The New Jersey Law Journal
While the breaches of confidential information were discovered by a forensic review after the employee left they could have been detected proactively with low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) TD Bank Claims Rival Stole Customer Files - www.NewJerseyLawJournal.com, 11/20/2014

Friday, November 21, 2014

Hospital Insider Stole Patient IDs for Tax Fraud

While employed at two Detroit hospitals, a woman stole hundreds of patient identities and used the information to file fraudulent tax returns.

According to the US Attorney's office at least 305 people were identity theft victims and the scam netted $500,000 in refunds for the woman and her accomplice.

"...technology has made it easier than ever for [criminals] to commit identify fraud...." - US Attorney Barbara McQuade
It is unclear when the identity thefts started or when the were discovered. Healthcare organizations seeking proactive detection of identity thefts can utilize low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Feds: Identity thieves hit 2 metro Detroit hospitals - www.Freep.com, 11/18/2014

Thursday, November 20, 2014

Banker Gets Prison and $1.1M Fine for ID Thefts

A former Tampa Florida banker, who pleaded guilty in August 2014 to identity theft, was sentenced to seven and a half years in prison and a fine of $1.17 million.

While working at the bank she opened 292 bank accounts using 146 stolen identities. The sole purpose of the accounts was to launder fraudulently obtained federal income tax refund checks obtained by several co-conspirators, according to court documents.

"she opened 292 bank accounts using 146 stolen identities."
- US Attorney's Office, Middle District Florida
It is unclear over what period of time the identity thefts occurred or how they were discovered. Organizations seeking to proactively detect identity thefts and privacy data breaches can utilize low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Former Regions banker gets prison time, $1M+ judgment in ID theft - www.BizJournals.com, 11/13/2014

Wednesday, November 19, 2014

Pharmacist Snooped on Family, Friends' Health Records

A UK pharmacist has been prosecuted by the Information Commissioner’s Office (ICO) after "unlawfully accessing the medical records of family members, work colleagues and local health professionals."

While working at two different healthcare clinics, he misused his computer access to snoop on people not included on the patients he was assigned to work on. Unlawfully obtaining or accessing personal data is a criminal offence under the UK's Data Protection Act.

"[The pharmacist] unlawfully accessing the medical records of family members, work colleagues and local health professionals."
- Information Commissioner’s Office (ICO)
The privacy breaches were discovered during an audit. Healthcare organizations seeking proactive detection of data privacy breaches can utilize low-cost on-demand SaaS analytics services.
Download a whi
Sources:
(a) UK: Pharmacist who unlawfully spied on family and friends’ medical records prosecuted - www.PHIprivacy.net, 11/13/2014

Tuesday, November 18, 2014

Insider Breached Patients' Health Information

A former employee of a Canadian health ministry has reportedly inappropriately accessed the medical records of thirteen patients.

The people whose records were accessed are being contacted and a formal investigation is underway. In addition policies are being reviewed.

"A former employee had inappropriately accessed the personal health information of at least 13 people." - CTV News
The agency only discovered the breach after someone outside the ministry filed a complaint; it is unclear when the breach occurred. Rather than learn of inappropriate access from third parties, organizations can proactively detect such data breaches by utilizing low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Province says former employee inappropriately accessed personal health info - www.CTVnews.ca, 11/14/2014

Monday, November 17, 2014

Patient Privacy Breached Six Times a Day

A survey of the National Health Service (NHS) by a privacy group found there had been 7,255 breaches, on average six times a day, of data protection rules in three years.

In at least 143 cases patients' private records were inappropriately accessed by NHS staff for "personal reasons." The watchdog group said the situation appeared to have “worsened” since a similar survey in 2011.

"There were also at least 143 cases when patients’ private records were accessed in appropriately by NHS staff for 'personal reasons'."
- Big Brother Watch
Emma Carr, director of Big Brother Watch, noted that information in medical records is of huge personal significance and for details to be maliciously accessed is completely unacceptable. She said urgent action is needed to ensure that medical records are kept safe. Healthcare organizations seeking proactive detection of data privacy breaches can utilize low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) NHS breaches data laws 'six times a day' - www.Telegraph.co.uk, 11/14/2014

Friday, November 14, 2014

Resort Staff Arrested for Stealing Guests' Credit Card Info

Several Florida resort staff have been arrested for stealing guests' credit card information and going on shopping sprees.

The ring leader of the group allegedly used his and other employees' passwords to access the resort's computer system. He then purchased and resold goods with the stolen information.

"The alleged ring leader used his and other employees' passwords to access the computer system."
- Keynoter and Reporter Newspapers
The thefts of guests' credit card information was discovered when victims contacted police about fraudulent charges on their cards. Rather than learn about such thefts from third parties, organizations can proactively detect them by utilizing low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Key Largo resort staff accused of stealing from guests - www.KeysNet.com, 11/08/2014

Thursday, November 13, 2014

Terminated Worker Accessed Hospital Billing System

An terminated employee of a Kentucky hospital improperly accessed patient information on a billing database maintained by a third-party company. Names, addresses, dates of birth, and in some cases Social Security numbers and diagnosis, of 697 patients were breached.

While the breaches were discovered during an audit in April 2014 they had been going on for a year, between April 2013 and March 2014. The former employee's logon credentials to this outside vendor had not been disabled.

"When an employee is terminated, their login credentials to vendors’ databases with PHI must also be terminated. How often do you verify that it is actually being terminated properly?." - PHI Privacy
Healthcare organizations seeking to rapidly confirm all access has been disabled, rather than depending on an occasional audit, can utilize low-cost on-demand SaaS access analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Terminated employee continued to access Bon Secours’ patients’ billing information - www.PHIprivacy.net, 11/10/2014

Wednesday, November 12, 2014

Supermarket Employee Charged Over Payroll Data Theft

A supermarket employee arrested in March 2014 for stealing 100,000 of fellow employees' personal data has now been charged with fraud.

He has been charged with an offence under the Computer Misuse Act and another under the Data Protection Act, according to the UK's Crown Prosecution Service.

"[He was] charged with fraud after an investigation into the theft of payroll data from the supermarket firm relating to thousands of members of staff." - The Telegraph and Argus
Organizations in any industry can proactively detect identity theft and data privacy breaches by utilizing low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Employee at Bradford-based Morrisons faces fraud charge over staff data theft - www.TelegraphAndArgus.co.uk, 11/11/2014

Tuesday, November 11, 2014

Financal Services Insider Sold Customer IDs

A Kansas man, while employed as an operations manager of a consumer finance company, stole customers' personally identifiable information (PII) and credit card numbers. He has been sentenced to three years in prison.

He used various employee credentials to login to his employer's databases and transfer account numbers and information including customers’ names, dates of birth and Social Security numbers in exchange for Bitcoins.

"he sold the account numbers in batches of 40 for $1,000."
- US Secret Service investigators."
Organizations seeking to proactively detect identity theft, even by users using others logon credentials, can utilize low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Olathe Man Sentenced in G.E. Consumer Finance Computer Fraud Charge - www.InfoZine.com, 11/06/2014

Monday, November 10, 2014

2015 EHR Audits

The Office of the Inspector General (OIG) will continue to pay close attention to the healthcare industry's use of electronic health records (EHRs) – in particular HIPAA security, EHR incentive payments and fraud, according to their 2015 work plan.

"OIG will need to adopt oversight approaches that are suited to an increasingly sophisticated healthcare system and that are tailored to protect programs and patients from existing and new vulnerabilities," stated Daniel R. Levinson, U.S. inspector general.

"The EHR audits are coming." - Healthcare IT News
To date, $25 billion have been paid to healthcare providers as incentives to use EHRs. In 2015 the OIG will "perform audits of various covered entities receiving EHR incentive payments from the Centers for Medicare and Medicaid (CMS) and their business associates to determine whether they adequately protect electronic health information created or maintained by certified EHR technology." Healthcare organizations and business associates can proactively protect health data from identity theft and privacy breach by utilizing low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) More EHR audits to come in 2015 - www.HealthcareITnews.com,11/6/2014

Friday, November 7, 2014

Hospital Insiders Fired for Ebola Privacy Breaches

A Nebraska hospital fired two staff members for violating the privacy of a man that was being treated for Ebola.

The workers unauthorized accessed the patient's medical records. The hospital noted that the employees' actions violated federal patient privacy regulations, leading to their firing and "other corrective action."

"Prying eyes in health care an all too common problem." - LiveWellInNebraska.com
The privacy breaches were discovered during an audit of the hospital's electronic medical records (EHR). Rather than monitor access to only VIP patient records hospitals can audit staff access to all patient records by utilizing low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Omaha hospital workers fired over Ebola privacy - www.OnLineAthens.com, 09/26/2014

Thursday, November 6, 2014

The Surprising Number of Insiders Who Can Steal Your Identity

People like to think they can trust people who represent organizations and companies they deal with but unfortunately there are some people who abuse their privileged access to your sensitive data.

An article in Business Insider enumerates the extensive variety of insiders who have stolen identities from their customers or clients such as accountants, healthcare workers, police, bank tellers, employers, and government workers.

"there are very few people you can trust with your personal information, and even some of the people you’re closest to could potentially betray your confidence."
- Business Insider
Organizations in every industry can proactively protect their clients and customers from insider identity theft by utilizing low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) You Wouldn't Believe How Many People Could Easily Steal Your Identity - www.BusinessInsider, 09/30/2014

Wednesday, November 5, 2014

$25B in Meaningful Use Payments

Incentive payments to hospitals and professionals participating in the meaningful use program have topped $25 billion as of the end of the third quarter of 2014, according the the Centers for Medicare and Medicaid (CMS).

Under the 2009 economic stimulus package, health care providers who demonstrate meaningful use of certified electronic health records (EHRs) can qualify for Medicaid and Medicare incentive payments.

"The ONC expects the attestation numbers to increase as most providers wait until the "last minute" to attest."
- Dawn Heisey-Grove, Office of the National Coordinator for Health IT
The use of EHRs is expected to improve the quality of healthcare. However, their use may also facilitate the theft of patients' identities and medical information. Healthcare organizations seeking to proactively detect identity theft and data privacy breaches can utilize low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Meaningful Use Payments Reach $25B as of Sept. 30, CMS Says - www.HealthBeat.org, 11/04/2014

Tuesday, November 4, 2014

Insider Arrested for Stealing MD, Nurse Identities

An employee of a medical recruitment agency was arrested for stealing the personally identifiable information (PII) of some 17,000 physicians and nurses.

The stolen data included names, addresses, dates of birth, academic records, and workplace details. As he is believed to have been involved in a project to found a new recruitment agency, after quitting his former position, this sounds like a another case of insider theft to help start a competing firm.

"this sounds like another case of insider theft to help start a competing firm."
- DataBreaches.net
It is unclear how the breach was discovered. Organizations seeking to proactively detect theft of identities or intellectual property can utilize low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Ex-systems engineer arrested over doctors’ data leak - www.JapanTimes.com, 10/14/2014

Monday, November 3, 2014

Hospital Insider Stole Patient IDs for Fraud

A patient registration specialist at a Texas hospital stole thousands of patients' identities so the he could use them to build a home health care business he founded in 2006.

He had his company's employees use the stolen information to cold call seniors for services they didn't need or could not qualify for. His home health business then submitted fraudulent bills to Medicare and Medicaid

"Authorities say he misused the private information of more than 3,000 patients."
- Dallas News
It is unclear over how many years the identity thefts occurred. The hospital learned of the ID thefts when a worker at the home health business contacted police to report the owner had patient lists from the hospital. Healthcare organizations can proactively detect identity thefts and privacy data breaches, rather than learn about them from third parties, by utilizing low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Ex-Parkland employee to plead guilty to Medicare fraud - www.DallasNews.com,10/31/2014

Popular Posts

Copyright © 2010-2017 by Veriphyr Incorporated, All Rights Reserved.

Contact us at Veriphyr.com.