Have any questions? Just call us at 1.866.900.4236

March 18, 2016

No Comments

Stolen Laptop with Patient Health Information: Data Breach?

Disclaimer: Always consult with your attorney/legal counsel for legal advice.

Does a stolen laptop containing patient health information [PHI] equate to a data breach? In simplest form….yes, if unsecured. No, if encrypted (see HIPAA Final Rule outlined below).

Bloomington based Premier Healthcare, LLC. discovered a stolen laptop from one of its billing offices on January 4, 2016. On January 6th, a police report was completed by the Monroe County Sheriff’s Office. Premier Healthcare stated that the laptop was password-protected, but was not encrypted. There were emails located on the laptop’s hard drive that contained some screenshots, spreadsheets, and pdf documents that were used to address billing issues with patients, insurance companies, and other healthcare providers. Premier further stated that combinations of patient demographic information (i.e. name, date of birth, medical record number, insurance information, and/or some clinical information) for 205,748 individuals were contained in these documents. For 1,769 patients, social security numbers, and/or financial information could potentially be accessed on the laptop.

Quick Timeline

  • December 31, 2015: Date laptop believed to have been stolen from the Billing Department office
  • January 4, 2016: Premier Healthcare discovered stolen laptop
  • January 6, 2016: Police report filed with Monroe Co Sheriff’s Office
  • March 3, 2016: Premier Healthcare statement posted to website
  • March 4, 2016: Premier Healthcare notifies HHS regarding a potential data breach (HIPAA Breach Notification Rule)
  • March 7, 2016: Stolen Laptop returned via U.S. mail to Premier Healthcare and engages with forensic firm for analysis
Read more

March 8, 2016

No Comments

KeRanger: New Mac OS X Ransomware

Yes, even Apple Macs are prone to getting malware, but this new malware identified over the weekend by Palo Alto Networks requires a set of unique circumstances. First, the ransomware infected the Transmission BitTorrent client-side installer for Mac OS X on the Transmission BitTorrent website. Palo Alto has named this ransomware “KeRanger”. At first look, it would appear that the website may have been compromised and the attackers uploaded the malicious version to replace the legitimate, open source version. For our readers that may not be familiar with bitorrent, it is a peer-to-peer file sharing protocol for sharing files and large amounts of data. BitTorrent clients have legitimate and illegitimate purposes. Wikipedia has an animated GIF to demonstrate this concept. This ransomware was signed with a valid Apple developer certificate, which is troubling and is believed to have been stolen. Apple has since revoked this certificate, so if you attempt to open the Transmission app it will warn you. You should Trash the .app

Read more

March 7, 2016

No Comments

Phishing Scheme Targeting Payroll and HR Professionals

On Tuesday, March 1st The IRS issued a warning (IR-2016-34) related to an email phishing scheme targeting payroll and human resource professionals. This phishing scheme purports to be from a company executive and requests personal information on employees.

The following are some details outlined in the IRS release:

  • Kindly send me the individual 2015 W-2 (PDF) and earnings summary of all W-2 of our company staff for a quick review.
  • Can you send me the updated list of employees with full details (Name, Social Security Number, Date of Birth, Home Address, Salary).
  • I want you to send me the list of W-2 copy of employees wage and tax statement for 2015, I need them in PDF file type, you can send it as an attachment. Kindly prepare the lists and email them to me asap.
Read more