Tuesday, December 30, 2014

Insiders Involved in Sony Hack?

A number of news articles are reporting that the hack of Sony Pictures may have involved insiders.

CBS News says that cybersecurity experts are questioning if North Korea was actually behind the Sony Pictures cyberattack. The FBI has been briefed by a security firm who believes Sony insiders, possibly in the payroll and accounting departments, were key to implementing one of the most devastating attacks in history.

"[The insider] had both the access and the means to leak the sensitive Sony material."
- GotNews.com
Such devastation by malicious insiders who inappropriately access or leak data can be avoided by proactive detection with low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) BREAKING: We Have IDed Two Female L.A.-Based Persons of Interest in Sony Leak - www.GotNews.com, 12/30/2014

Tuesday, December 23, 2014

Medical Office Insider Guilty of Patient ID Thefts

A billing specialist at a Kentucky medical practice stole patient identities and used the information to secure loans from online lenders for her own use.

She had been indicted by a federal grand jury on identity theft and using patient information under false pretenses in violation of the Health Insurance Portability and Accountability Act (HIPAA). Last week she pleaded guilty to some of the charges.

"[She] disclosed individually identifiable health information to another person...with intent to use the individually identifiable health information for commercial advantage and personal gain." -

It is unclear why the identity thefts went on for over two years. Healthcare organizations seeking to proactively detect identity theft and privacy data breaches can utilize low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Woman pleads guilty to identity theft, wire fraud - www.Messenger-Inquirer.com, 12/18/2014

Monday, December 22, 2014

Hospital Settles Data Breach Allegations

A Boston hospital has agreed to pay a $40,000 settlement and take action to prevent future breaches that affect patients' private data. The consent judgment alleges the hospital failed to protect the personal information and protected health information of more than 2,000 patients.

The Massachusetts attorney general, Martha Coakley, has been one of the most active state attorneys general when it comes to pursuing breaches.

"Healthcare providers must ensure that the privacy and security of sensitive patient information is protected."
- Attorney General Martha Coakley
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Boston Children’s Hospital Settles Data Breach Allegations - www.PHIprivacy.net, 12/19/2014

Friday, December 19, 2014

Regulators Increase Data Security Oversight

Financial industry cybersecurity practices are facing increased regulatory and enforcement agency scrutiny reflecting growing public concern over the security and infrastructure of financial institutions.

Regulatory agencies such as the NY Department of Financial Services as well as the Commodity Futures Trading Commission have recently stated that closer examination of the cybersecurity practices of organizations they oversee will be a priority.

"...the Department will take a close look at banks’ data breach detection abilities."
- Memorandum, NY State Department of Financial Services
In addition to reviewing cybersecurity governance practices the NY State Department of Financial Services will examine banks' data breach detection abilities. Organization seeking to proactively detect identity theft and privacy data breaches can utilize low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Financial Industry Regulators Increase Data Security Oversight - www.InsidePrivacy.com, 12/11/2014

Thursday, December 18, 2014

Woman Sentenced for Patient ID Thefts, Fraud

A Virgina woman has been sentenced to five years in prison for stealing patients' identities and using the information to access existing credit cards or create new ones.

The personal information of about 200 patients was stolen from October 2012 through September 2013, according to court documents.

"[She] conspired, from October 2012 through September 2013, to steal the identities of at least 200 medical patients." - US District Court documents
It is unclear why the ID thefts went on for almost a year or who discovered them. Organizations seeking proactive detection of identity theft and privacy data breaches can utilize low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Suffolk woman sentenced in identity theft of patients - www.PilotOnline.com, 12/09/2014

Tuesday, December 16, 2014

Police Notify Hospital of Patient Data Theft

A Florida hospital was unaware of the theft of patients' data until law enforcement notified them.

The stolen stole personal information (PII) included patients' name, address, some social security numbers, date of birth, and limited insurance or medical information.

"the [data] thefts occurred in 2012 and 2013 but were not reported to the US Attorney's office until August 2014."

- PHIprivacy.net

Unfortunately identity theft and data breaches are often first discovered by law enforcement rather than the organization holding the PII. Organizations seeking proactive detection of privacy breaches can utilize low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Kirkbride Center patient data found in possession of criminal in Florida - www.PHIprivacy.net, 12/15/2014

Monday, December 15, 2014

Hospital Insider Stole Patient IDs for Tax Fraud

A lab technician at an Alabama hospital has been sentenced to two years in federal prison for his role in an identity theft tax refund fraud scheme.

The US Attorney's office said the technician, along with other people, stole patients' medical records which contained personal identification information (PII). He used the PII to file over 100 fradulent tax returns.

"[He]stole patient medical records, which included personal identification information." - US Attorney's Office
It is unclear how the identity thefts were discovered. Healthcare organizations seeking proactive detection of ID theft and data privacy breaches can utilize low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Flowers Hospital ID thief gets two years in prison - www.DothanEagle.com, 12/12/2014

Thursday, December 11, 2014

Nurse Arrested for Patient ID Thefts

A registered nurse (RN) at a Florida hospital emergency room has been arrested for stealing patient identities and using the information to purchase items and having them sent to her home. She has also been fired by the hospital.

Law enforcement discovered that this hospital insider was a suspect during their investigation of separate fraudulent credit card cases.

"...victims' information had been stolen while receiving treatment at [the medical center] emergency room."
- Manatee County Sheriff's Office
Rather than learn about ID theft from law enforcement or other third parties, healthcare organizations can proactively detect identity theft and privacy data breaches with low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) ER nurse fired, accused of using patients' credit card info - www.HeraldTribune.com, 12/10/2014

Wednesday, December 10, 2014

$150,000 HHS Fine for Patient Privacy Breaches

A mental health organization in Alaska must pay a $150,000 Department of Health and Human Services (HHS) fine for HIPAA breaches that affected 2,743 patients. In addition to the monetary fine HHS is requiring implementation of a corrective action plan and reporting to OCR on its compliance program.

This latest fine is indicative of continued enforcement by the Office of Civil Rights (OCR). To date they have levied $26 million in monetary settlements against 24 HIPAA-covered entities found to have violated privacy, security and breach notification rules.

"HIPAA security policies and procedures...were not followed by the organization's employees for a seven-year period, from 2005 to 2012." - Healthcare IT News
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) HHS slaps provider with $150K bill for HIPAA breach - www.HealthcareITnews.com, 12/09/2014

Tuesday, December 9, 2014

Hospital Privacy Breach Case Seeking Class Action Status

Although there have been a number breaches of patients' privacy at Canadian hospitals over the last few years one Ontario hospital is facing a possible class action suit.

Reportedly, 578 patients had their files inappropriately accessed by 14 staff members at an Oshawa health facility. The files included those of mental health patients over a 10-year period.

"the Court of Appeal [will] determine whether to allow a $5.6-million class-action suit over 280 breached medical records to go ahead. ."
- Michael Crystal, plaintiffs' attorney
It is unclear how these breaches were discovered. Healthcare organizations seeking to proactively detect privacy data breaches or identity theft can utilize low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Peterborough hospital privacy breach heading back to court - www.mykawartha.com, 12/04/2014

Monday, December 8, 2014

MD Arrested for 97K Privacy Breaches

A New York radiologist has been arrested for breaching the privacy of 97,000 patients by inappropriately accessing their confidential data.

The physician said he accessed and copied the patient information from multiple offices where he worked because he was planning to start a competing medical practice, according to District Attorney Kathleen Rice's office. DA Rice is calling for a change in state law to permit tougher charges in such cases. And a privacy attorney says federal charges for HIPAA violations might be appropriate in the case.

"Physicians are regularly entrusted with the health and well-being of their patients, so the abuse of trust in this case is particularly outrageous." - District Attorney, Nassau County, NY
It is unclear why the data thefts went on for four months. Healthcare organizations can proactively detect identity thefts and data breaches with low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Radiologist Arrested in Breach Case - www.HealthcareInfoSecurity.com, 12/08/2014

Friday, December 5, 2014

Hospital Insider Stole 82K Patient IDs

A Florida hospital reported its privacy third breach in two years, according to the Department of Health and Human Services (HHS).

In this latest breach an employee stole the identities of about 82,601 patients over a three year period. That information included names, dates of birth and Social Security numbers which can be used to file fraudulent tax returns, as one patient has already reported.

"the start date the latest data breach is exactly one day after a former data breach ended that impacted 2,560 individuals."
- Local 10 News
It is unclear why the identity thefts went on for two years. Healthcare organizations can proactively detect identity thefts and privacy breaches with low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Aventura Hospital and Medical Center reports data breach -www.Local10.com, 09/16/2014

Thursday, December 4, 2014

Banker Pleads Guilty to ID Thefts, Tax Fraud

A New York bank branch manager has plead guilty to identity theft and theft of public funds. He used customers' personal information (PII)to file fraudulent tax returns and then cashed the refund checks.

For three years, from 2010 through 2013, he stole $442,642.58 from the US Treasury, which as part of his plea he'll repay. He is scheduled to be sentenced in March of 2015.

"From approximately 2010 through 2013, Mejia participated in a scheme to fraudulently obtain and cash tax refund checks issued by the United States Treasury."
-US Attorney's Office, Southern District, New York
It is unclear why the identity thefts went on for three years and how they were discovered. Organizations seeking proactive detection of identity theft and privacy breaches can utilize low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) NY: Former Branch Manager Of Bank Pleads Guilty In Manhattan Federal Court To Cashing Over $400,000 In Fraudulently Obtained Tax Refund Checks - www.DataBreaches.net, 12/02/2014

Wednesday, December 3, 2014

Patients Just Learning of Hospital Insider ID Thefts in 2011

A Florida hospital has notified patients that three years ago a then employee accessed their personal information outside his normal job duties. The hospital learned of the breach when law enforcement alerted them.

This insider theft of identity information in 2011 included patients' names, dates of birth,and Social Security numbers. Hundreds of warning letters are being sent to patients.

"The breaches of patients' private information occurred three years ago."
Rather than learn about identity theft and privacy breaches from law enforcement, healthcare organizations can proactively detect them with low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) Baptist Primary Care Notifies Patients of Privacy Incident - www.ActionNewsJax.com, 11/26/2014

Tuesday, December 2, 2014

Curious Hospital Workers Breached Patients' Privacy

Two employees breached the privacy of 112 patients; they no longer work at the hospital.

The hospital stated the two employees “used their access privileges to the electronic health record (EHR) for unauthorized reasons — that is to satisfy their curiosity about patients with whom they had no care relationship.”

"It is completely unacceptable that staff members would breach a patient’s right to privacy."
- Mary Lyn Fyle, health authority's chief medical information officer
Reportedly the breaches were discovered after a third party approached the hospital's privacy office with allegations of inappropriate access to personal information. Rather than learn about privacy breaches from third parties, healthcare organization can detect them proactively with low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) ‘Curiosity’ of Island Health employees led to privacy breach, probe reveals - www.VancouverSun.com, 11/26/2014

Monday, December 1, 2014

Hospital Insider Breached Patient Privacy for 3 Years

An employee of an Ohio hospital improperly accessed medical and personal data of 692 patients over a three year period.

The employee breached the hospital's electronic medical records (EMR) and saw names, home addresses, phone numbers, email addresses, medical and health-insurance account numbers and also some patients' Social Security numbers and personal financial account information, including credit card and debit card numbers.

"This sounds like a very serious case of medical identity theft."
- Pam Dixon, World Privacy Forum
The breach was not discovered until the hospital looked into an allegation of unauthorized access to its EMR. University Hospitals discovered Oct. 2 that the access occurred from January 2011 through June 2014. Healthcare organizations seeking to proactively detect privacy breaches, rather than have third parties bring them to their attention, can utilize low-cost on-demand SaaS analytics services.
Learn how to proactively detect identity theft and unauthorized breaches of data privacy, even by authorized users - with no hardware and no on-site software.
Sources:
(a) University Hospitals: Employee gained unauthorized access to 692 patient files in breach - www.Cleveland.com, 11/28/2014

Popular Posts

Copyright © 2010-2011 by Veriphyr Incorporated, All Rights Reserved.

Contact us at Veriphyr.com.