NEW YORK COMPUTER AND DATA THEFT http://www.nytimes.com/2011/12/19/technology/as-patient-records-are-digitized-data-breaches-are-on-the-rise.html?_r=1

Digital Data on Patients Raises Risk of Breaches

By NICOLE PERLROTH

Published: December 18, 2011

• RECOMMEND
• TWITTER
• LINKEDIN
• SIGN IN TO E-MAIL
• PRINT
• REPRINTS
• SHARE

One afternoon last spring, Micky Tripathi received a panicked call from an employee. Someone had broken into his car and stolen his briefcase and company laptop along with it.

Enlarge This Image

Mimi Bernardin

Micky Tripathi runs the Massachusetts eHealth Collaborative.

So began a nightmare that cost Mr. Tripathi’s small nonprofit health consultancy nearly $300,000 in legal, private investigation, credit monitoring and media consultancy fees. Not to mention 600 hours dealing with the fallout and the intangible cost of repairing the reputational damage that followed.

Mr. Tripathi’s nonprofit, the Massachusetts eHealth Collaborative in Waltham, Mass., works with doctors and hospitals to help digitize their patient records. His employee’s stolen laptop contained unencrypted records for some 13,687 patients — each record containing some combination of a patient’s name, Social Security number, birth date, contact information and insurance information — an identity theft gold mine.

His experience was hardly uncommon. As part of the 2009 stimulus bill, the federal government provides incentive payments to doctors and hospitals to adopt electronic health records. Some 57 percent of office-based physicians now use electronic health records, a 12 percent jump from last year, according to the Centers for Disease Control.

An unintended consequence is that as patient records have been digitized, health data breaches have surged. The number of reported breaches is up 32 percent this year from last year, according to the Ponemon Institute, a security research group. Those breaches cost the industry an estimated $6.5 billion last year. In almost half the cases, a lost or stolen phone or personal computer was responsible.

Mr. Tripathi describes the days after the theft as a “vortex.” Fresh in his mind was a similar, albeit smaller, breach at Massachusetts General Hospital just months earlier in which a hospital employee left detailed clinical records for 192 patients on a subway. The breach had cost the hospital $1 million in settlement fees.

“We’re a nonprofit with 35 people on staff,” says Mr. Tripathi. “A million-dollar fine would have decimated us.”

Mr. Tripathi says his nonprofit had just enacted a policy requiring that all patient files be encrypted, but had yet to decide on an encryption provider. All that stood between a determined computer thief and his patient data was a few passwords.

Mr. Tripathi went to work assembling a crisis team of lawyers and customers and a chief security officer. They hired a private investigator to scour local pawnshops and Craigslist for the stolen laptop. The biggest headache, he says, was deciphering how much about the breach his nonprofit needed to disclose.

Health organizations are required by federal law to report data breaches that affect more than 500 people to the Department of Health and Human Services. The department’s Office of Civil Rights publishes the equivalent of a data breach “Wall of Shame” on its Web site — which today includes 380 breaches affecting more than 18 million people.

Mr. Tripathi said he quickly discovered just how many ways there were to count to 500. The law requires disclosure only in cases that “pose a significant risk of financial, reputational or other harm to the individual affected.” His team spent hours poring over a backup of the stolen laptop files. Of the nearly 14,000 patient records on the stolen laptop, most records did not warrant disclosure. In 2,777 cases, for instance, a record listed only a patient’s name.

Complicating matters were liability rules. In the eyes of the law, Mr. Tripathi’s nonprofit is a contractor that acts on behalf of health providers. The legal burden of protecting patient data actually falls on his clients: the physicians and hospitals who entrusted his nonprofit with their files.

“The laws create a perverse outcome,” he says. “It was our fault, but from a federal perspective, it wasn’t our breach.”

Mr. Tripathi narrowed down the group of patients whose data put them at serious risk for identity theft to 998 people across seven physician practices. Only one practice broke the 500-patient threshold requiring disclosure on the Department of Health and Human Services Web site.

His office got to work notifying the affected patients of the data breach. They offered free credit monitoring — though less than 10 percent took them up on the option — spending a total of $6,000.

In the aftermath, Mr. Tripathi says his company destroyed all patient data on mobile devices and temporarily prohibited employees from removing patient data from clients’ offices. The company now mandates that all data be encrypted, and employees are required to tell health providers what data they will need to access and how they plan to use it.

He never found the stolen laptop, and the incident, all told, cost his nonprofit $288,000.

In many ways, Massachusetts eHealth Collaborative got off easy. In October, a desktop computer containing unencrypted records on more than four million patients was stolen from Sutter Health, a nonprofit health system based in Sacramento. A rock was thrown through a window to gain access to the computer. The theft is now the subject of two class-action suits, each of which seeks $1,000 for each patient record breached.

“Breaches are going to be one of the big challenges as more physicians and hospitals adopt electronic health records,” Mr. Tripathi says. “We’re entering a brave new world.”

A version of this article appeared in print on December 19, 2011, on page B2 of the New York edition with the headline: As Patient Data Is Digitized, Risk of Breaches Is Rising.

US COMPUTER SECURITY http://www.fyeld.net/how-to-stay-safe-with-your-home-business.html

Posted by admin on June 21st, 2010

How To Stay Safe With Your Home Business

Posted In: Home Business

Home business security isn’t just about protecting your PC from online intruders. You also need to protect your equipment, your home business information and your furnishings from unwelcome intruders. Here are some tips.

A few years back a security firm conducted an independent survey of computer theft. One insurance carrier alone reported 387,000 incidents of notebooks being stolen and another 16,000 PCs. This was only in the United States. This computer firm insures against such theft (a home business must for your crucial equipment) as well as damaged that is caused by accidents such as power surges, lightning, vandalism, water, and natural disasters. Of these situations, the report determined that the three most common for both home business, personal use and office environment property, were accidental damage (number one), theft (the second most prevalent) and power surges.

This firm’s protection includes complete replacement or repair of the home business computer system, with no deduction if the system must be replaced. Computers in transit (such as laptops you’re carrying on business trips) are covered to $10,000. The firm also provides for reimbursement on temporary rentals as well as protecting you from any computer fraud perpetrated on your online home business by staff or others. A wise home business owner would purchase such protection.

You can also protect your home business computer from theft in several ways. Not only can you help protect it from being taken in the first place but, in the event it is stolen you can protect its contents from intrusion and aid law enforcement in its retrieval and the capture of the thieves.

There are several firms offering a sort of Lojack for computers. Some of the products and services help deter theft with the use of alarms, while most are more into retrieval and protection of the data inside. With the majority of these home business equipment protection firms, all data on your PC or laptop is immediately locked down and inaccessible to anyone, rendering the computer useless to the thief except for parts. Most of these programs will let you pick and choose what you’d like someone locked out of so you don’t necessarily have to wipe out your primary programs such as Office and others. They all send a signal that, once the thief starts up the stolen computer, indicates the address and / or phone location of your stolen equipment.

For those who want to keep their home business equipment safe at home there are clamps and cables such as bike lock cables that secure your equipment to whatever heavy home business furnishing, pipes or other permanent fixtures that will make it nearly impossible for a thief to remove the computer from your home business environment. What’s important to keep in mind about this, too, is that your lock, clamp or cable doesn’t need to be fool proof. Most burglars enter the homes and home business offices that are the most accessible. If they can’t enter your home, enter your home office and remove your online business equipment in under ten minutes they’ll give up and attempt their theft at a home whose entry and equipment is more easily accessible.

US VA COMPUTER THEFT CASE SETTLEMENT http://www.vawatchdog.org/10/nf10/nfapr10/nf042810-1.htm

VETS' CHARITIES GET $13 MILLION FROM VA'S STOLEN LAPTOP SETTLEMENT

Fisher House Foundation and the Intrepid Fallen Heroes Fund to share remainder of $20 million settlement with veterans.

NOTE from Larry Scott, VA Watchdog dot Org ... In May of 2006 we learned that a VA laptop had been stolen. The computer contained the personal information on nearly 26.5 million veterans.

The laptop was recovered and the FBI determined that no information had been stolen.

However, many veterans, fearing the worst, bought into credit reporting programs and ID theft services. Others, also fearing the worst, ended up in counseling.

Complete information is on this page ...

http://www.vawatchdog.org/va%20data%20theft%20news.htm

Then, in early 2009 we learned:

VA SETTLES CLASS-ACTION LAWSUIT OVER 2006 LAPTOP THEFT FOR $20 MILLION -- Veterans will be reimbursed for out-of-pocket expenses caused by theft. Any remaining funds will be donated to vets' charities.

http://www.vawatchdog.org/09/nf09/nfjan09/nf012809-3.htm

And:

COURT NOTIFIES VETS OF CLASS ACTION SETTLEMENT IN VA COMPUTER THEFT -- Those who suffered out-of-pocket expense because of computer theft can now make a claim for repayment.

http://www.vawatchdog.org/09/nf09/nfmar09/nf032309-7.htm

Website for the lawsuit is here: http://www.veteransclass.com/

Now we know who gets how much. Great job to the attorneys who forced this issue and made the VA pay the veterans and the charities!

-------------------------

Vets use settlement millions from massive identity-theft suit against VA to help other vets

BY Stephanie Gaskell

DAILY NEWS STAFF WRITER

http://www.nydailynews.com/news/2010/04/27/2010-04-27_ve

ts_use_settlement_millions_to_help_vets.html

Pay it forward.

That's what a group of veterans is doing with a $20 million class-action settlement from the Department of Veterans Affairs over a massive identity-theft suit.

They're donating about $13 million to the Intrepid Fallen Heroes Fund and the Fisher House Foundation, two New York-based charities that help families of fallen and wounded troops.

"When I first heard about it, it just really knocked me down. It's indicative of the kind of men and women they are," said Fisher House CEO Ken Fisher.

About 20 million veterans sued the VA after an employee's laptop with their personal information was stolen in 2006. The vets argued that the VA didn't do enough to protect them after discovering the sensitive data was missing.

"The veterans are very glad to have done this. These two are the most substantial organizations around," said plaintiff John Rowan, a 64-year-old Air Force veteran from Middle Village, Queens. "But the bottom line is, we had to make sure the VA doesn't do this again."

The Intrepid Fallen Heroes Fund raises money for families of soldiers killed in combat. It also helped build the renowned Brooke Army Medical Center in San Antonio and the soon-to-be opened National Intrepid Center for Excellence, a traumatic brain injury hospital in Bethesda, Md.

There are 45 Fisher Houses across the country, located next to VA hospitals to give families of wounded soldiers a place to stay while they're being treated.

"It's just an incredible gift," said Chairman Arnold Fisher, whose uncle, Zachary, founded the organization in 1991. "Veterans have been forgotten about by many people of this country. They're the ones who deserve the credit."

-------------------------

-------------------------

posted by Larry Scott

Founder and Editor

VA Watchdog dot Org

Electronics Insurance: Are Your Electronics and Computers Covered by Your Insurance?

US (BLOGGER) INSURANCE AND COMPUTER SECURITY http://insurance-claim-secrets.blogspot.com/2008/11/electronics-insurance-are-your.html

SEE linked Blog Site for full Article......................

Saturday, November 8, 2008

Electronics Insurance: Are Your Electronics and Computers Covered by Your Insurance?

There is a lot of misinformation today about consumer electronics and how it is treated by insurance companies. Most people I talk to think that if they have homeowners or renters insurance, their consumer electronics are covered.

But they usually find out that their assumptions aren’t true…at claims time.

Sure, some of the property is covered. But there are a bunch of limits and exclusions that will surprise you if you have a loss and file a claim.

Don’t wait until claim time to learn about this important coverage. Read this article carefully and make good decisions about your coverage.

Twenty years ago, consumer computer usage and ownership was not all that common. If you owned a cell phone, you carried it in a bag the size of a small purse. There were few home fax machines. Answering machines were pretty common, but voicemail was still on the horizon. Scanners were non-existent. Printers and copiers were huge and expensive, and you didn’t see them in most homes. If you were the rare person who had satellite TV, the dish was about eight feet across and sat out in the back yard. And Personal Digital Assistants (PDAs) and MP3 players had not been invented yet.

But today....

In our home we have:
• two desktop computers with monitors
• four laptop computers
• four printers
• one stand-alone fax machine
• one combination fax, scanner, copier
• three TVs
• two VCRs
• one digital video camera with tripod for our home recording studio
• one audio mixing board, one microphone, one amplifier, two external soundcards, and a 500GB hard drive, all for our home recording studio
• two DVD players
• two cell phones, one smartphone, each with voicemail
• one satellite TV system with a 24” dish on the roof
• two Ipods