uc logo white
Text Size

Home

Do You Really Want Your Medical Records Stored in the Cloud?

Cloud computing has become all the rage. For the indoctrinated, cloud computing allows corporations to store information on a third party's computers. Companies will tell you that cloud computing provides them with a number of advantages. Cloud computing has become all the rage. For the indoctrinated, cloud computing allows corporations to store information on a third party's computers. Companies will tell you that cloud computing provides them with a number of advantages. These include lower costs for computer equipment, the ability to back up their data to off-site computers (this is extremely important for disaster recovery) and with large corporations, reduced real estate costs associated with computing facilities. All of this is great for the companies that use it. And it can offer some advantages for consumers too, such as reduced cost for goods and services. But those consumer advantages have the potential for rapid evaporation when companies use cloud computing to store your personally identifiable information. That's why it is troubling to know that some very large corporations are actively lobbying congress to relax HIPAA privacy standards for cloud computing.

HIPAA privacy standards are very strict. And companies that violate those standards can find themselves facing massive fines and other civil penalties. So far, the standards have largely prevented healthcare companies from outsourcing their computer storage requirements to third party cloud computing companies.

But a number of large corporations are trying to get congress to change HIPAA rules; making them more lenient. They argue that the risk of inadvertent disclosure of your personal information is outweighed by the benefits of cloud computing. Amazon is one of those companies.

The lobbying effort appears to be gaining some ground. Rep. Fred Upton (R-Mich) was quoted in CQ Roll Call as saying, "We have heard on numerous occasions that there is a wealth of health data available, but there are barriers to using it. We are exploring opportunities to break down those barriers, allowing for greater innovation and advancement, all the while protecting the privacy of our patients."

Unfortunately, Rep. Upton's quest is probably not possible. By its very nature, using cloud computing to store medical information would create vast databases of consumer information that would be directly tied to the internet. Those databases will absolutely be targeted by hackers. Given the fact that there have been multiple reports of large data breaches of healthcare related data over the past thirty days, this point is indisputable.

ACCESS is against relaxing HIPAA standards for any reason. It should be left to individual consumers as to whether or not they want their personal data stored in the cloud, and not up to their healthcare providers. There is only one problem with that. Numerous polls show that consumers favor their own medical privacy a lot more than the companies serving them do.

If you are concerned about this yourself, you should write your congressman and senators. The only way to stop this effort is for consumers to become involved.

__________________

Jim Malmberg, ACCESS, American Consumer Credit Education Support Services, is a non-profit, tax exempt 501(c)(3) consumer advocacy group whose primary purpose is to disseminate credit education information and assistance to the general public, visit www.GuardMyCreditFile.org

Looking for Work? Watch Out for Fake Job Postings

Watch out for Craigslist job scams using the names of real organizations to lure in potential job seekers. These posts look just like real jobs, but take precautions before sending your resume.

Watch out for Craigslist job scams using the names of real organizations to lure in potential job seekers. These posts look just like real jobs, but take precautions before sending your resume.

How the Scam Works:

You see a job post on Craigslist.org. It says Clearpoint, a non-profit organization that provides credit counseling, is hiring an "Office Admin Assistant." The ad looks completely legitimate. The business is real, the job description is standard and the entire post is typo-free.

You decide to apply for the job. The "manager" replies to your email, saying that he/she needs further information from you. Unfortunately, this information includes your credit card number!

Job scams especially have many different variations. Watch out for scams using different business names and position titles. Also, scammers may ask job seekers to pay upfront for training, which never materializes. Or they may "hire" you and send a fake check. The con artists will instruct you to deduct a fraction for payment and wire the rest back.

Tips to Avoid Falling for Fake Job Scams:

Spot a job scam before you waste your time and money.

  1. Some positions are more likely to be scams. Use extra caution when looking at ads for jobs with generic titles, such as admin assistant or customer service representative. These often don't require special training or licensing, so they appeal to a wide range of applicants.
  2. Check out the business' website to make sure the opening is posted there.  If you are still skeptical, call the business to check on the position. Don't rely on websites or phone numbers provided in the advertisement; find the "employer" on your own to make sure it's the real deal.
  3. Watch out for these phrases. Scam ads often contain the phrases "Teleworking OK," "Immediate Start" and "No Experience Needed." Watch out for ads that urge you to apply immediately.
  4. Search for the position in Google. If the result comes up in many other cities with the exact same job post, it is likely a scam.
  5. Be very cautious of any job that asks you to share personal information or hand over money. Scammers will often use the guise of running a credit check, setting up direct deposit or paying for training.

For More Information

To find out more about this and other scams, check out BBB Scam Stopper and alert on BBB.org.

________________

The BBB is dedicated to fostering honest and responsive relationships between businesses and consumers in the U.S. and Canada, instilling consumer confidence and contributing to a trustworthy marketplace for all.

I’ve been hacked, now what?

You’re not special; a hacker CAN get into your computer or smartphone. Would you know how to clean up this mess? Start by locating the portal through which the hacker got in such as a browser, emal program.

You’re not special; a hacker CAN get into your computer or smartphone. Would you know how to clean up this mess?

Start by locating the portal through which the hacker got in such as a browser, emal program. Next, disconnect/uninstall this gateway from the Internet so it doesn’t invade other systems.

Check for suspicious activity by looking at your Activity Viewer or Task Manager. Check the CPU usage—if it spikes, you can have a better chance of spotting malicious activity. In fact, get familiar with how your device runs so that you know what’s normal and what’s not.

Once you’ve snipped access from the hackers, assess their damage.

  • Bring up to date your antivirus and anti-malware systems. If any protection system is disabled, enable it. Do a full system scan—using both systems.
  • Remove anything that doesn’t look right. Various malware scanners will locate bad things, but those bad things will continue downloading if there’s a browser plugin or extension. So take a keen look at all the small items that you’ve downloaded.
  • Change all of your passwords. Make them long and unique.
  • After that, log out of every single account. This will force the hackers to figure out your new passwords.
  • Clear out all cookies, the history and cache in your browser.
  • You may still not be out of the woods at this point. Keep an eye out for suspicious e-mails, new addresses in your account and other phantom activities.
  • If things are still going awry, wipe the hard drive and then reinstall your operating system. But first back up all of your data!

Prevention

  • Have a firewall, and one that’s properly configured.
  • Do not click links inside of e-mails, even if the sender’s address is one you know.
  • Do not open attachments from senders you don’t know or from someone you DO know but would never have a reason to send you an attachment.
  • Delete e-mails with urgent-sounding subject lines or claims you won a prize or inherited money.
  • Have both antivirus and anti-malware applications. They are not one and the same but may be packaged together.
  • Know what your security holes are.
  • Can’t be said enough: Make sure all of your passwords are very strong.
  • Keep your operating system and everything else up to date.
  • If you’re on public Wi-Fi, be extremely cautious. Use Hotspot Shield to encrypt your activities. A Wi-Fi with a password doesn’t mean it’s safe.
  • Never let your device out of your sight. Never. If you think you’ll ever need to leave it unattended, first equip the operating system with a lock and strong password.
  • Back your data up routinely.
  • Your device should have a remote wipe option so that you can eradicate data should someone steal the device.
  • Be very cautious about what you share online. Your computer may have all the bells and whistles of security, but all it takes is one lapse in judgment to let a hacker in, such as falling for some Facebook scam claiming you can watch a video of the latest commercial airliner crash caught on tape.
_____________________

Robert Siciliano is an Identity Theft Expert to Hotspot Shield. He is the author of 99 Things You Wish You Knew Before Your Identity Was Stolen See him discussing internet and wireless security on Good Morning AmericaDisclosures.

Russian Organized Crime: Krem D’la Krem of Hackers

The Russians have definitely come…in the world of cybercrime. A Russian ring of hackers has amassed 1.2 billion stolen passwords and usernames involving 400,000 websites. The criminals have also garnered 542 million e-mail addresses.

The Russians have definitely come…in the world of cybercrime. A Russian ring of hackers has amassed 1.2 billion stolen passwords and usernames involving 400,000 websites. The criminals have also garnered 542 million e-mail addresses.

And these Russians didn’t discriminate: Any website they could bust into, they did, ranging from big U.S. companies to little websites—anything. Most of these sites remain vulnerable.

Apparently, the thieves are not working for Russia’s government (which rarely goes after hackers anyways), nor have they sold the stolen information…yet. They’ve been paid by third-party entities who want to send out spam.

This gang of thieves operates like a business, with some doing the programming and others doing the stealing. The crooks use botnets to scope a site’s weaknesses, then plow in there.

This massive breach has called attention to the reliance that businesses have on usernames and passwords; this will need to be changed.

Tips for Preventing Getting Hacked

  • Say NO to clicking on links inside e-mails, even if the apparent (note “apparent”) recipient is your bank or a friend.
  • URL security. Trust only sites whose URL starts with a padlock icon and “https.” An “http” won’t cut it.
  • Two-step verification. If your financial institution offers this, then activate it. Call the bank if its website doesn’t have this information.
  • Online banking. If possible, conduct this on a separate computer just for this purpose.
  • Change the router’s default password; otherwise it will be easy for hackers to do their job.
  • Wired ethernet link. This is better than a powerline or Wi-Fi for protection. To carry out an ethernet attack, the thief would probably have to break into a home and set up a device, whereas Wi-Fi data can be snatched out of the air, and powerline data can leak into next-door.
  • Encryption. If you must use Wi-Fi or powerline networks, encryption will scramble data, but a hacker can crack into Wi’Fi’s WEP.
  • Say no to third-party Wi-Fi hotspots.
  • Security updates. Keeping up to date will guard against hackers who use a keylogger to figure out your keystroke pattern—which can tell him your passwords.
  • Hotshot Shield; This service protects you from fraudulent activity when you’re working online in an unprotected network (wired or wireless), such as at airports, hotels or coffee houses.
  • Get identity theft protection. Generally your identity is protected from new account fraud. Many of the services monitor your data on the dark web.
____________

Robert Siciliano is an identity theft expert to BestIDTheftCompanys.com discussing  identity theft prevention. For Roberts FREE ebook text- SECURE Your@emailaddress -to 411247. Disclosures.