Tag Archives: medical data breaches

Breach Brief – Newkirk Solutions, Bon Secours

canstockphoto24985079The largest data breach of 2016 so far has hit a data server operated by Albany, N.Y. based Newkirk Products. Newkirk Products is a third-party vendor providing health insurance ID cards for the health care industry. According to Newkirk the breach was discovered on July 6th but actually occured on May 21st. Newkirk shut down the affected server and is working with forensic investigators to analyze the extent of the breach.

Data belonging to over 3.3 million people across the U.S including 277,000 Blue Cross and Blue Shield customers in North Carolina have been compromised.

According to Newkirk the server did not contain the most sensitive customer information like Social Security numbers, banking or credit card information, medical information or insurance claims. However information found on Blue Cross’s Medicare ID cards includes customer name, mailing address, type of plan, and member and group ID number maybe compromised. In a press release dated August 5th, Newkirk admitted hackers has gained unauthorized access to a server containing names, mailing addresses, plan types, member and group ID numbers, dependent names, primary care providers, dates of birth, premium invoice information, and Medicaid ID numbers. 

Customers affected by the breach will receive letters from Newkirk explaining the attack and offering two years of free identity pretection and restoration service. Blue Cross is instructing customers to check their accounts for suspicious activity. These customers are insured by a dozen organizations, including Blue Cross organizations in Kansas City as well as western and northeastern New York.

Currently there is no evidence that any of the personal information obtained in the attack has been misused. However Newkirk is urging affected customers to monitor their account statements and medical bills for suspicious activity.

For additional information customers are advised to call 855-303-9773 or go to http://newkirkproductsfacts.com.

 

Bon Secours

logo-bon-secoursBon Secours Health Systems of Richmond, VA is notifying approximately 655,000 of its patients that their information may have been compromised during an incident with a contractor in April. 

R-C Healthcare Management, a company doing work for Bon Secours accidently left files containing patient information accessible via the Internet while attempting to adjust their network settings from April 18th to April 21st. Bon Secours staff members discovered the error on June 14th  and they immediately notified R-C Healthcare to secure the files.

Information possibly compromised in the exposure include files that may have included patient name, health insurer’s name, health insurance identification number, social security number and limited clinical information.

A spokesperson for Bon Secours says 435,000 patients were affected in Virginia and an uknown number in South Carolina and Kentucky.

R-C Healthcare CEO said in a statement, “Upon learning of the incident R-C promptly hired a highly regarded outside forensic investigator. The investigator confirmed the incident has been fully remediated. All R-C customers who might be affected have been notified of the situation and its resolution. “

Bon Secours custmers affected by the data exposure have been sent a letter notifying them of the breach. Any patients with concerns or questions may call toll free at 1-888-522-8917, 9 a.m. – 9 p.m. EST, Monday-Friday.

See also: The real reason hackers want your medical records.

 

 

 

 

Breach Brief – Wendy’s, Centene

Wendy's_logo_2012.svg

January 29, 2016

Wendy’s

Yet another point-of-sale system appears to have been hacked. Wendy’s fast food restaurant reports that its POS system has come under suspicion for a possible breach of customer card data.

Wendy’s spokesman Bob Bertini said, “We have received this month from our payment industry contacts reports of unusual activity involving payment cards at some of our restaurant locations. Reports indicate that fraudulent charges may have occurred elsewhere after the cards were legitimately used at some of our restaurants. We’ve hired a cybersecurity firm and launched a comprehensive and active investigation that’s underway to try to determine the facts.” Bertini did not name the security firm that is working with Wendy’s

According to Krebs on Security the first reports of the suspicious activity on customer’s cards came from financial institutions in the mid-west. However reports have begun to surface from banks on the east and west coasts. Currently there is no information on how many restaurants are affected.

Krebs On Security first reported the incident and believes that the restaurant’s POS system may have been infected by malware that collected credit card numbers. Wendy’s is not alone when it come to this type of attack.  Other restaurants and retailers hit by this style of attack include Jimmy John’s, Landry’s, P.F. Chang’s, Dairy Queen, Chick-fil-A, retail giant Target and Home Depot.

Wendy’s operates approximately 6,500 franchise and company-operated restaurants in the United States and 28 countries and U.S. territories worldwide.

Centene_Corporation_Logo.svg

Centene

The health insurer Centene is desperately searching for six hard drives that contain the personal information of over 1 million of its customers. The company has admitted to an “ongoing comprehensive internal search” for missing hard drives. 

St. Louis based Centene said the missing hard drives contain personal data about people who received laboratory services between 2009 and 2015. The drives contain patient information including names, addresses, dates of birth, social security numbers, member ID numbers and health information. According to Centene CEO Michael F. Neidorff, the company doesn’t believe the information has been used “inappropriately.”

Customer affected by the data loss will receive free credit and healthcare monitoring. 

The healthcare industry continues to be plagued by massive data breaches. For more on this topic please see;

Large-Scales Hacks Cause 98% of Leaked Healthcare Records.

Over 113 Million Healthcare Records Breached in 2015, Up Ten Fold from 2014

One in Three Americans are Victims of Healthcare Data Breaches

Identity Thieves Pray on Patient’s Medical Records

Understanding Medical Data Breaches

canstockphoto24985079Medical data breaches are constantly in the news.  According to iHealthBeat.org 1 in 10 U.S. residents have been impacted by a medical data breach. It is highly likely that millions of African-Americans have been the victim of a medical data breach and probably don’t know it. The sad news is that this has become common.

We need to understand a few things about data breaches. First, what is a data breach? What kind of data breaches are there? How many people are affected and how do you fight back if you think your data has been compromised.

Put simply a data breach is an incident where sensitive, protected or confidential information has been exposed, stolen or utilized by unauthorized individuals often to commit some type of crime.

What kind of data breaches are there? Data breaches may expose personal health information (PHI) this is a medical data breach.  Personally identifiable information (PII) is information that, on its own or combined with other information can be used to identify, contact, or locate a person, or identify an individual in context. Finally there is a data breach that exposes trade secrets or intellectual property. This usually affects businesses and sometimes falls known as industrial espionage.

Medical data breaches often involve massive numbers of people and personal information records. Here are the largest medical data breaches so far this year. Look carefully, your insurance company may be on the list.

Keep in mind that medical insurance companies are not alone when it comes to data breaches. Hospitals and health service providers are a prime target for medical data hackers. The HIPAA Act covers most medical facilities. HIPAA is the federal Health Insurance Portability and Accountability Act of 1996. The law is intended to make it easier for people to keep health insurance, protect the confidentiality and security of healthcare information and help the healthcare industry control administrative costs.

According to Datapipe.com these are the largest HIPAA data breaches of  2014.

According to a report released by KPMG 81 percent of health insurance providers and hospitals have had a data breach. The survey revealed,

  • 15 percent of healthcare organizations have no one whose sole responsibility is information security.
  • 23 percent do not have a security operations center to identify and evaluate threats.
  • 55 percent say they have a hard time staffing their organization.

Why is medical data so valuable? Medical records are ten times more valuable to hackers than your credit cards.

Your medical information is a gold mine. You probably have medical information spread over several doctor’s offices, medical services and hospitals including your dentist, pharmacy and physical therapist. These records contain information such as your Social Security number, address and phone number, email, next of kin information, phone numbers, information about your children or spouse, payment information, insurance information, and much more.

Hackers use stolen medical and insurance data to create fake IDs, buy medical equipment or drugs that they can re-sell and file fraudulent claims with insurance providers. Hackers also have more time to use stolen data to commit fraud because medical identity theft is not immediately apparent.  And mostly because these records are easy targets. According to the KMPG report hospitals and medical insururance companies are poor protectors of your information. According to the security firm Symantec health care providers saw a 72 percent increase in cyberattacks from 2013 to 2014, Health care companies are required by law to publicly disclose big health data breaches. There were more than 270 such disclosures in the last two years.

So how can African-Americans avoid the theft of their medical information?

  • If your wallet is lost or stolen, make sure your insurer(s) are notified along with your financial institutions.
  • Carefully examine all medical bills and insurance statements you receive. Look for fees from health care providers you do not recognize or statements describing benefits paid out for services you did not obtain.
  • Consider an identity protection service which will help you detect most kinds of identity theft, including medical, much earlier than you might on your own and assist you through the fraud resolution process if your information is stolen.
  • Always be alert to strange phone calls or emails from people asking medical questions or insurance questions, especially if you do not know the company.
  • Alert your caregivers of any suspicious calls or activity regarding your care.
  • Keep a close watch on your credit and banking resources. Alert you financial institutions of any suspicious or fraudulent activity.
  • Take full advantage of credit monitoring services if offered.

The loss of medical data can have a devasating personal impact. An unlucky victim may have their medical insurance coverage cancelled or suspended due to fraudulent claims. Insurance premiums may skyrocket. Others may have their identity stolen completely. Changes, intentional or accidental, to medical records could result in mis-diagnosis or mis-treatment of illnesses. Pay attention to data breach notifications. The African American Cyber Report is an excellent source for the latest breach notifications.

Know you know