All posts by admin

Windows 10 Update Ransomware On the Loose

Windows 10 Update Ransomware On the Loose

Plus: Yahoo ads expose users to ransomware attack for four days.

By Chris Paoli

08/04/2015

It didn’t take long for cybercriminals to take advantage of the Windows 10 release as an avenue to launch a ransomware campaign.

Late last week the Talos group, Cisco’s security research team, uncovered a spam operation that is targeting users looking to upgrade to Windows 10. Fake e-mails disguising as Microsoft are being sent advertising the free upgrade to Windows 10. Once the attached zipped file is downloaded, extracted and executed, a system’s files will be encrypted with CTB-Locker, a ransomware variant that operates in a unique fashion.

“The functionality is standard however, using asymmetric encryption that allows the adversaries to encrypt the user’s files without having the decryption key reside on the infected system,” read the Talos report.

Once the files are encrypted, users are presented with a standard ransom message, demanding payment for the encryption key. And to keep the whole transaction anonymous, payment through Bitcoin and transfer of the encryption keys through TOR occurs. The security group has released a video on exactly how this ransomware looks in an infected system.

While the Talos team hasn’t given any specific numbers on how many victims may be out there, this campaign has the capability to find some success due to the staggered release of Windows 10. Those who are waiting for their number to be called have already been alerted that a message will be sent when their system is ready to update, which may lead to some dropping their guard when the malicious message is received.

“The fact that users have to virtually wait in line to receive this update, makes them even more likely to fall victim to this campaign,” said Talos.

Talos recommends that users looking to avoid falling in this and similar ransomware traps routinely back up their data to an offline storage device and make sure to keep all antimalware software updated.

Ransomware Found Hidden in Yahoo Ads
Antimalware company Malwarebytes yesterday released a report that discovered attackers were hiding ransomware in Yahoo’s paid ad network. Between July 28 and July 31, some ads that appeared on popular Yahoo sites, including news.yahoo.com, sports.yahoo.com and games.yahoo.com, had been bought by attackers. Once clicked, the malware tried to take advantage of an Adobe bug to inject the popular CryptoWall ransomware on systems.

Due to the high traffic numbers for Yahoo sites, Malwarebytes said that the possible number of exposed victims over the four days could be in the millions. Once Yahoo was alerted, the ads were pulled and the addresses used to purchase the ad space had been blacklisted. The company also released the following statement:

“Yahoo is committed to ensuring that both our advertisers and users have a safe and reliable experience. As soon as we learned of this issue, our team took action and will continue to investigate this issue.

Unfortunately, disruptive ad behavior affects the entire tech industry. Yahoo has a long history of engagement on this issue and is committed to working with our peers to create a secure advertising experience. We’ll continue to ensure the quality and safety of our ads through our automated testing and through the SafeFrame working group, which seeks to protect consumers and publishers from the potential security risks inherent in the online ad ecosystem.”

Malwarebytes was quick to point out that users of its antimalware software would have been protected once the malicious ads were clicked on.

Read More
medicare fraud

11 New Orleans Healthcare Workers Charged In Massive Medicare Fraud Scheme

Over 200 healthcare workers across the country have been charged by federal prosecutors with allegedly defrauding Medicare and Medicaid, including 11 individuals from New Orleans.

In total, 243 individuals, including nurses, pharmacy owners and doctors, and 11 New Orleanians were allegedly involved in defrauding the entitlement programs out of approximately $712 million.

The 11 New Orleans individuals involved in the case are allegedly responsible for defrauding Medicare and Medicaid out of $110 million in healthcare and psychotherapy schemes.

Attorney General Loretta Lynch said those charged were involved in billing for equipment that was never provided, billing for care that was never needed and billing for services that were never rendered.

In one of the cases, four individuals that operated a companies in Louisiana and California “that allegedly sent talking glucose monitors, or TGMs, to Medicare beneficiaries regardless of whether they were needed or requested,” according to the AP report.

The two companies apparently billed Medicare $38 million for the devices and Medicare actually paid them over $22 million.

Medicare fraud in New Orleans was just recently exposed in March, when federal prosecutors charged 20 individuals in the city for being allegedly involved in a $30 million Medicare fraud scheme.

Read More
health care records value

Health Care Records value on the Black Market

Criminals in America and elsewhere in the world today have become far more technologically skilled. People today use electronic devices such as phones, tablets, laptop and desktop computers. The security of information you do not want to share with others is being compromised every day.

The health care world is facing an incredible threat. People with Disabilities, Veterans, Children with Disabilities and Seniors are facing the prospect of their medical records being sold on the black market in part because they have the most notable medical records. The medical information many of us have is worth money to unscrupulous persons who belong in prison – all for $50 or less per record. To make matters worse, health data is becoming increasingly digital.

Electronic Crime Enablement

As more medical records are becoming electronic, transfer of a person’s health care records, their financial information, passport information and additional personal identification information, as well as family contacts between medical travel facilitators, doctors, and providers through the Internet, the chances increase that a major hospital, a referring doctor, or a facilitator might be caught up in the crime. On the black market a, ‘full-identity profile,’ of just one person may bring as much as $50. Criminals are becoming ever more skilled at stealing our medical information.

According to Robert Wah, President of the American Medical Association and Chief Medical Officer at the health technology firm, ‘CSC,’ stated: “It is an arms race between the criminal element and the people trying to protect health data.” Take a deep breath if you are able – a stolen Social Security number or a stolen credit card gets a criminal a mere $1 on the black market. Meanwhile, your medical information can get a criminal far, far more money.

The Increase in Criminal Theft of Health Records

The Identity Theft Resource Center has identified hundreds of breaches across industries it tracks. The Center says nearly half of these breaches happened in the health sector. Criminal attacks on health data have doubled since the year 2000 according to the Ponemon Institute, which is a leader in data security. The high value of your medical records makes it highly attractive to hackers.

A credit card is something that may be cancelled within a short period of time after it has been stolen. Information regarding a person’s health care; however, is impossible to somehow, ‘cancel.’ The records contain your:

  • Medical history
  • Family contacts
  • Financial records
  • Personal information

Criminals want your health care records because the records can do massive financial damage, more than the damages done with a stolen credit card number or a Social Security number. Health security experts say providers are more focused on privacy and confidentiality and not enough on theft of your medical records.

The Going Prices for Your Medical Information

What are your medical records really worth in the underground world of cybercrime? KrebsOnSecurity found that people’s medical records were being sold In Bulk for as cheaply as $6.40 per record. The medical records were apparently stolen from a Texas life insurance company that says it is working with the federal government on an investigation into a potential data breach. In other words, your medical information is worth around the price of a pizza buffet at your local pizza restaurant.

The time criminals spend gathering your medical information brings to mind the potential these criminals have to do good instead of bad. These criminals are smart, technologically savvy, and have the desire to pursue a criminal career – why don’t they do something good and positive instead? Even at $8 per stolen medical record, criminals are bringing in more money from these records than they would for stolen credit cards or Social Security numbers.

One of the reasons for the high value placed on your medical records is that you cannot cancel your own medical history. It is easy to cancel a credit card that has been stolen. Due to this fact, it is far more difficult to prevent stolen medical information from being used against you by criminals. Here are some of the going rates for stolen information:

  • Date of birth $3
  • Credit card number $1.50
  • Mother’s maiden name $6
  • Social Security number $3
  • Medical record information $6-50

Stolen medical information such as insurance or electronic health record information is financially desirable to criminals because they use it to submit inflated or false medical claims. The records may be used to purchase prescription medications, or to pay for medical care. The end result is that it costs the person whose records were stolen. A panel of experts pointed out that violations of a person’s health care or insurance privacy are an increasing source of stolen medical information, to include information that is lost or stolen by insiders such as health care or insurance workers. The panelists explained how medical record identity theft is detectable through analysis of activity related to health care records applications and additional financial and clinical computer systems.

Plainly, criminals who steal medical records must be over-joyed with those of us who experience forms of disabilities. We often times have extensive records to be stolen. It seems that security has not kept up with technological ability. While electronic wonders such as phones, tablets, laptop and desktop computers have enhanced our world in many ways – it is also very frightening to consider the fact that criminals are taking advantage of people who may not be able to protect their own medical information.

What’s the Black Market Value of a Health Record?
http://www.emrandhipaa.com/tag/health-records-black-market/

Medical Records are Worth $50 Each on the Black Market
http://blog.veriphyr.com/2011/12/cost-medical-identity-theft.html

Your Medical Records Could Be Sold on Black Market
http://www.nbcbayarea.com/news/local/Medical-Records-Could-Be-Sold-on-Black-Market-212040241.html

Read More

How much patient data is worth on the internet

How much patient data is worth on the internet? More than your credit profile!

The post appeared on June 26, 2014 in EMR & HIPAA

It’s one thing to have a laptop stolen with 8,000 patient records or for a disgruntled doctor to grab his patients’ records and start his own practice. It’s another when the Cosa Nostra steals that information, siphons money from the patient’s bank account and turns it into a patient trafficking crime ring. Welcome to organized crime in the age of big data.

Organized crime syndicates and gangs targeting medical practices and stealing patient information are on the rise. They’re grabbing patient names, addresses, insurance details, social security numbers, birth dates, etc., and using it to steal patients’ identities and their assets.

It’s not uncommon for the girlfriend of a gang member to infiltrate a medical practice or hospital, gain access to electronic health records, download patient information and hand it over to the offender who uses it to file false tax returns. In fact gang members often rent a hotel room and file the returns together, netting $40,000-$50,000 in one night!

Florida is hotbed for this activity and it’s spreading across the country. In California, narcotics investigators took down a methamphetamine ring and confiscated patient information on 4,500 patients. Investigators believe the stolen information was being used to obtain prescription drugs to make the illicit drug.

Read More

Accidental and Unauthorized Emails Create PHI Security Issues

No covered entity wants to notify patients of a potential PHI security incident, yet even with the appropriate safeguards in place, problems could still occur. When this happens, it is important to properly notify potentially affected individuals and then make the necessary changes in existing safeguards to ensure that the same issue does not occur again.

Two different facilities recently dealt with a variety of health data security issues, which is a perfect example of how organizations need a well-rounded approach to security. Anything from human error to cyber attacks could create potential PHI security issues that will need to be handled in a timely manner.

PHI security compromised after unauthorized emails and mistaken data transmissions

New York facility notifies 90,000 patients of PHI data breach

A former employee at HHC Jacobi Medical Center in the Bronx reportedly put the PHI of 90,000 patients at risk after she improperly accessed and transmitted files containing PHI to her personal email account. The individual also sent the information to her email account at her new employer, which is a New York City agency, according to a New York City Health and Hospitals Corporation (HHC) statement from April 28.

Potentially exposed information includes patient names, addresses, dates of birth, telephone numbers, medical record numbers, treatment dates and types of services, and limited sensitive health information. HHC said that health insurance identification numbers, which may have included Social Security numbers, were also potentially exposed for some patients.

“The unauthorized disclosure was discovered by HHC’s information governance and security program that, among other things, monitors and detects all email communications that contain PHI and other confidential information that are sent from HHC’s information systems without proper authorization,” the statement read.

HHC added that there is no evidence showing that the data was misused in any way, or that it was viewed or sent to anyone other than the former employee.

“HHC has taken immediate measures to prevent the recurrence of this incident, including the automatic blocking of communications containing PHI and other confidential information from being sent from HHC’s information systems to any site or entity outside of the HHC security network other than for legitimate business purposes,” the organization said.

Immunization records accidentally sent to state registry

Approximately 1,000 patients at the UT Southwestern Medical Center had their immunization records mistakenly sent to a confidential Texas registry, according to The Dallas Morning News. Physicians, health departments and school districts all use the registry.

“UT Southwestern notified us of the issue, and we deleted the records from the ImmTrac system,” department spokeswoman Christine Mann told the news source. “It appears it was an error and the issue has been resolved.”

UTSW said that the issue was due to a computer glitch that occurred during “a routine upgrade to the system,” and that it learned about the records being shared after a patient inquiry on March 6. However, UTSW added that the records were transmitted to the state registry starting January 9.

The facility underlined the point that while the immunization records were mistakenly sent to the state registry, the system is “subject to strict confidentiality requirements” and that all data transmitted is done with “high-strength encryption.”  

“We corrected the electronic issue in our system the same day it was discovered,” UTSW spokesman Russell Rian said in a statement, according to the news source. “And we worked diligently…to prevent any future occurrence.”


Originally posted by HealthIT Security

Read More
Unencrypted devices CAM HIPAA Solutions 888-959-0220

Unencrypted Devices Still a Breach Headache

The Ongoing Risk Posed by Lost, Stolen Mobile Devices

By , May 12, 2015. Unencrypted Devices Still a Breach Headache

While hacker attacks are grabbing most of the health data breach headlines so far in 2015, a far more ordinary culprit – the loss or theft of unencrypted computing devices – is still putting patient data at risk.

Incidents involving unencrypted laptops, storage media and other computing devices are still popping up on the Department of Health and Human Services’ “wall of shame,” which lists health data breaches affecting 500 or more individuals. Among the largest of the most recent incidents is a breach at the Indiana State Medical Association.

That breach involved the theft of a laptop computer and two hard drives from a car parked for 2-1/2 hours in an Indianapolis lot, according to local news website, The Star Press. Information on more than 38,000 individuals, including ISMA employees, as well as physicians, their families and staff, was contained in the ISMA group health and life insurance databases on those devices.

The incident occurred on Feb. 3 while ISMA’s IT administrator was transporting the hard drives to an offsite storage location as part of ISMA’s disaster recovery plan, according to The Star Press. An ISMA spokeswoman declined Information Security Media Group’s request to comment on the breach, citing that there are “ongoing civil and criminal investigations under way.”

A breach notification letter sent by ISMA indicates that compromised data included name, address, date of birth, health plan number, and in some cases, Social Security number, medical information and email address. ISMA is offering those affected one year’s worth of free credit monitoring.

Common Culprit

As of Feb. 27, 51 percent of major health data breaches occurring since 2009 involved a theft while 9 percent involved a loss, according to data presented by an Office for Civil Rights official during a session at the recent HIMSS 2015 Conference in Chicago. Of all major breaches, laptop devices were involved in 21 percent of the incidents, portable electronic devices in 11 percent and desktop computers in 12 percent, according to the OCR data.

Two of the five largest breaches to date on the Wall of Shame involved stolen unencrypted computing devices:

  • A 2011 breach involving the theft of unencrypted backup computer tapes containing information on about 4.9 million individuals from the car of a Science Applications International Corp. employee who was transporting them between federal facilities on behalf of military health program TRICARE.
  • The 2013 theft of four unencrypted desktop computers from an office of Advocate Health and Hospital Corp. in Chicago, which exposed information on about 4 million patients.

Many smaller breaches affecting less than 500 individuals also involve unencrypted computing devices, according to OCR.

Safe Harbor

The thefts and losses of encrypted computing devices are not reportable breaches under HIPAA. That’s why security experts express frustration that the loss and theft of unencypted devices remains a common breach cause.

“It is unfortunate that [encryption] is considered an ‘addressable’ requirement under HIPAA, as many people don’t realize that this does not mean optional,” says Dan Berger, CEO of security risk assessment firm Redspin, which was recently acquired by Auxilio Inc.

Under HIPAA, after a risk assessment, if an entity has determined that encryption is a reasonable and appropriate safeguard in its risk management of the confidentiality, integrity and availability of e-PHI, it must implement the technology. However, if the entity decides that encryption is not reasonable and appropriate, the organization must document that determination and implement an equivalent alternative measure, according to HHS.

Attorney David Holtzman, vice president of compliance at the security consulting firm CynergisTek, says he’s expecting to see soon an OCR resolution agreement with a healthcare provider that suffered several breach incidents caused by their failure to manage the mobile devices used by their employees on which electronic protected health information was stored or accessed.

Read More
Fear Itself Speech 修改 文章 英文 click through the following web site | Advanced Trading Tools · Learn How to Trade opciones binarias demo click here now
Loan Canada go credit visit their website