Blog

The Equifax breach was bad enough. Read about the most common Equifax-related scams to keep from being a victimized twice.

Over 143 million US residents have a reason to worry about the fallout of this year’s Equifax hack. As we all try to sort out how this massive breach has affected us, there are new dangers on the horizon. Consumers from all over the country are reporting an increasing number of Equifax-related scams that attempt to take advantage of the hacker’s victims.

I strongly suggest that our clients take the necessary steps to minimize exposure to this breach. Whether you sign up for aggressive credit monitoring or freezing credit reports, it’s important to take action to keep a bad situation from getting worse by recognizing Equifax scams.

Common Equifax Scams to Avoid

Fake Help Scam

Don’t trust anyone who contacts you out-of-the-blue offering to protect you from the Equifax breach. Many consumers report getting phone calls from people pretending to work for Equifax. Once the scammers convince the target that they’re from Equifax, they explain Equifax is helping vulnerable individuals sign up for credit monitoring. But before the target can sign up, he needs to verify personal information.

This scam has a high potential to trick many people, specifically because Equifax publicly promised to provide free credit monitoring for all US residents. A similar scam involves conmen posing as employees of another credit monitoring service.

If you receive a call like this, hang up instantly. Equifax won’t contact customers by phone. While Equifax did promise to provide credit monitoring, you need to sign up yourself.

Don’t let a scammer trick you into giving up your sensitive information. And just because your Caller ID says the phone call is coming from Equifax or another well-known company, it doesn’t mean you can believe it. Spammers can spoof your Caller ID to confuse you. Remember, you can check for yourself on the Equifax’s website to determine if you’re at risk because of the hack. If you are, you can sign up for their free credit monitoring for a limited time.

Tax Refund Fraud

Most people don’t realize that an identity thief can file a false tax return using their stolen information. After all, the IRS is part of the government—Don’t they keep records to prevent this thing from happening? While the IRS does maintain records on US taxpayers, they don’t scrutinize every tax return before sending out a refund check.  By the time you realize someone stole your identity, the thieves are long gone. Now you’re faced with the difficult task of explaining what happened to the IRS.

With the popularity of eFiling, the IRS saw an increase in the number of identity crimes relating to tax returns.  The good news is that this number has declined during the last few years. In 2015, there were over 700,000 reported cases of people filing tax returns using stolen identities—But in 2016, the number fell to 377,000.  This was due to tougher security checks, and people working with tax preparers to minimize fraud. However, tax experts expect an increase in the number of fraudulent tax returns this year due to the enormous amount of personal information hacks stole in the Equifax breach.

One of the best ways to protect yourself from being a victim of a tax return scam is to file your taxes as soon as possible. Once the IRS receives your tax return for the year, any subsequent tax returns it receives won’t be processed.

Spear-phishing Scams

A phishing scam is an attempt by a fraudster to persuade you to reveal useful information. I am sure there isn’t a week that goes by when you haven’t opened your inbox and discovered at least one phishing scam. These types of emails are usually easy to spot and don’t cost people much more than a momentary delay while they delete them. However, there’s a deadlier version of a phishing scam circulating—It’s called spear phishing.

A spear-phishing scam is similar to a regular phishing scam, but it’s a lot more sophisticated. These scams are extremely dangerous because the scammer customizes the email for each victim. Instead of using generic information, like in a regular phishing email, a spear-phishing email includes real information, the same type hackers stole during the Equifax breach.  In this way, they convince a victim that the email is legitimate. Spear-phishing emails can include your name, the names of your friends or coworkers, your place of employment, or even your current purchases or available credit.

Since spear-phishing scams are difficult to recognize, I tell my clients to never click links from inside an email.  Always type the name of the website in a browser to verify that it’s trustworthy. And, be especially careful when dealing with emails that ask for private information. The best way to remain safe is to never send sensitive information via email. Instead, contact the sender of the email by telephone to make sure the correct person really requested the information from you.

The Equifax hack should serve as a wake-up call for many business owners.  Take a second look at the way your business handles data. Make sure your company has a properly designed data security plan, and that your staff knows how to reduce the risk of data loss by conducting frequent training throughout the year. Feel free to contact me to find out if your data is secure.

New Ransomware Threat Hitting US Businesses

On September 19^th, Barracuda announced that they have been tracking an “aggressive” new ransomware threat. The ransomware attack appears to have originated largely in Vietnam, although other sources have been traced back to India, Columbia, Turkey, and Greece.

This latest attack, following right on the heels of WannaCry and Petya, has been identified by Barracuda researchers as a Locky variant with a single identifier. The significance of the single identifier is worth noting: since there are no unique identifiers for each victim, it’s impossible for the attackers to determine who has paid a ransom and who hasn’t. This indicates that the criminals have no intention of sending decryption keys to the victims who pay the ransom.

---

This threat should not be ignored. Barracuda monitored over 20 million attempted attacks within the first 24 hours of identifying the threat, and that number has been growing steadily since.

---

We’ve already seen a few businesses in Omaha affected by this attack, so we wanted to remind everyone of the importance of a reliable, robust data backup system.

Here’s what you need to know:

These ransomware attacks are mainly coming through via email.

Current reports show that these attacks are coming in the form of spoof emails, usually branded with “Herbalife” logos or disguised as a “copier” file delivery. Though cybersecurity experts are working to stop this attack, the attackers are using randomly-generated payload files to stay ahead of anti-virus updates.

• The latest variants include:
  Email with ‘Emailing – .’ as the subject line. One example is: ‘Emailing — 10008009158.’
• Email with a paragraph with legal wording to make the email seem legitimate.
• Email with “payment is attached” in the subject line to entice people to click on it.

While some businesses are losing days of productivity due to encrypted workstations and servers, our clients who have chosen to protect their data and infrastructure with a reliable backup and business continuity solution are experiencing ZERO downtime. A proper business continuity strategy makes all the difference in these situations, and Datto has proven an essential part of such a strategy.

These unfortunate attacks are becoming more frequent and more difficult to contain. If your business hasn’t already been targeted, we urge you to consider the value of your data and the importance of your network’s integrity. Can you afford to lose days or weeks to a ransomware attack?

You don’t have to.

If you have any questions about this latest ransomware attack or would like to know more about business continuity solutions, InfiNet Solutions offers complete business continuity and cybersecurity experts at (402) 895--5777 or [email protected].

Cybersecurity is a key topic for our healthcare tech professionals, especially as the cost of data breaches continues to rise. As I tell all of my clients, only a layered approach to security will provide a framework for complete protection.  

Did you know that millions of records of data are impacted by data breaches every year? — And few industries are impacted as much as healthcare.

The sheer volume of personally identifiable healthcare information makes healthcare organizations like yours a prime target for cybercriminals—Especially since the going price for these details is $50 per record!

HHS has identified more than 200 data breaches so far in 2017, with each representing the PHI of a minimum of 500 individuals. Every breach requires notification of the individuals affected. The costs of remediation are taxing the resources of overworked healthcare professionals throughout the country.

Is Your Data Vulnerable?

As you know, your caregivers need access to patient data to do their jobs.  However, even the most rigorously-trained may forget and leave their computer unmanned for a few moments, potentially exposing PHI to dishonest individuals.

Your nurses, doctors, and administrators need quick access to the most detailed and personal information in order to provide the highest possible quality of care—And if this access is provided on an unsecured workstation or on personal devices such as mobile phones or tablets, the information can easily be laid bare for all to see.  The result?  You’ll pay the price.

Digital Records and Devices Are Essential But Pose a Risk to Your Organization.

EMRs and EHRs provide portability to an individual’s healthcare that your doctors and providers can track information over time.  They’ve proven to be much more efficient than using the traditional paper records of the past.

A person’s EHR contains a great many details that can easily be passed between different medical practices, hospitals or other healthcare providers—And, as helpful as this is, information can be lost or exposed if connections lack the proper security.

Lost laptops and mobile phones are also a critical concern as someone could quickly grab a device that’s been left out for only a moment. If you allow your staff to BYOD (Bring Your Own Device) you face an additional hurdle as individual phones or tablets accessing your intranet or medical records may be easier to hack than computer devices in your facility.

A Data Breach It Can Have a Far-Reaching Impact on Your Patients.

If you experience a data breach and immediately notify those affected, they can usually protect their personal accounts. However, if the notification isn’t received or acted upon, they may find themselves spending weeks, months and even years trying to untangle the web of fraudulent credit accounts and charges.

Identity theft causes an average of $2,500 in out-of-pocket costs to each person whose data has been misappropriated—a staggering sum that most American families would find difficult to recover from. This is especially distressing as fewer than one-third of the individuals a healthcare organization attempts to notify, receives the intended notification.

A Data Breach = Lost Business and Legal Fees

Studies show that more than 90 percent of individuals whose data is exposed due to a data breach move to a different healthcare provider—while others file lawsuits, change insurance providers and take actions against the organization that was the target of the cyberattack.

Unfortunately, consumers don’t typically report the data breach to the organization where the breach occurred—which can make it even more problematic for smaller healthcare providers to determine the cause of the breach, or even discover that an attack has happened.

Healthcare providers are trusted with a great deal of information. This can cause a strong negative reaction from those they serve when they find that the details of their personal health and life have been obtained by cybercriminals. The best way to maintain positive relations with your patients is by implementing stringent security protocols to ensure data integrity and preservation.

So, What’s the Lesson Learned?

Attacks will continue to grow in sophistication as your information systems grow in complexity, resulting in a perfect nexus of data that are ripe for attack. To avoid paying the price of a data breach, you must implement a sound basis for your IT operations that only a layered approach to security can provide. Contact us and we’ll be happy to explain what this is.

InfiNet Solutions
(402) 895--5777
[email protected]

Make sure you are!

OCR’s new enforcement head is watching you more closely, and changes are coming in 2018!

Federal HIPAA administrators are ready for action: they’re on the lookout for organizations that aren’t staying up to date with changing regulations. Learn what it takes to stay safe and compliant.

Have you ever had a teacher or boss who went out of their way to make an example of someone? –Catching them in the act of something what was wrong or against the rules?

That’s exactly what the new head of the Office of Civil Rights is doing in his search for a “big, juicy, egregious” breach case. He’s out to make an example of one unlucky organization! This means it’s incredibly important for you to review your HIPAA compliance procedures.

The Increasing Complexity of HIPAA Regulations

Healthcare entities are always focused on patient-centered care, but now they’re increasingly distracted by ever-changing HIPAA regulations and compliance.

The life-saving treatment of patients is being helped with new technologies, but with a renewed focus on keeping patient data private, healthcare providers are more overwhelmed than ever. And, it’s the smaller practices that are staggering under the administrative burden of rules and regulations imposed by the federal government.

Costly and complicated IT systems are required to keep pace with the HIPAA information requirements, and interoperability of data standards continue to be serious barriers to full compliance.

The Continually Changing Requirements

Even though the Health Insurance Portability and Accountability Act was enacted on August 21, 1996, there continue to be changed to the requirements added on a regular basis. Major regulatory changes are coming in 2018 that will fundamentally change the way you can record a patient’s medical condition.  This will likely lead to many incorrect filings and compliance issues.

There’s been a 700% increase in the number of codes that must be used to record and report medical procedures, and it’s causing a spike in compliance issues as doctors attempt to make sense of the new conditions. The sheer volume of rules and regulations now exceeds the IRS codes, and are many times more complicated.

The Importance of HIPAA Compliance

All that said, HIPAA is an important part of keeping patient data secure, including PHI (Protected Health Information). Handling of this personally-identifiable information is dictated by a HIPAA rule that allows for release of relevant information to health care professionals tasked with the patient care, while providing higher level of security, data integrity and confidentiality.

Standards are applied to three different types of entities under HIPAA: health care providers, health plans and health care clearinghouses. Protected health information can be in writing, oral or electronic format – All three data types are covered under compliance guidelines.

If HIPAA standards and guidelines aren’t followed, there’s a strong possibility that your healthcare practice or organization will be found in default of government policies and required to pay a stiff fine and could incur additional penalties.

Evolving Threats

The Office of Civil Rights (OCR) is the enforcement agency for HIPAA compliance, and Roger Severino was named director of the regulatory agency in March 2017.

Severino has stated publicly that he is focused on finding new ways to safeguard patient health information that could be released via leaks such as ransomware, physical security breaches or cybersecurity lapses. He’s not being forthcoming about where his search for an egregious error will begin, simply that he will be reviewing all avenues where problems could occur.

With enforcement actions in 2017 exceeding $2.5 million to date due to a stolen laptop computer, it’s unlikely that he will have to look very far or very hard to find a case of sufficient magnitude for his needs.

Organizational Impact

Data breaches themselves can be incredibly expensive due to the requirements for notification of affected individuals. When you add in any damage to consumer trust, the cost of creating a remedy for the breach and compliance costs, the impact can be significant on any size organization.

The OCR is not simply looking for large offenders, they are also actively targeting smaller businesses and practices that may not have the benefit of support from a large technology or office staff to maintain compliance.

The growing threats in the cybersecurity landscape have caused enforcement agencies to continuously look for ways to encourage compliance.

If you have concerns about whether your organization is fully compliant with HIPAA standards, contact InfiNet Solutions at (402) 895--5777 or via email to [email protected]. We specialize in creating standardized practices and procedures that will help you maintain conformity with federal guidelines such as HIPAA.  

Some terrific new features are about to arrive for Microsoft’s SharePoint Online and OneDrive solutions.  They’re sure to take your productivity to a bold new level.  

To say that technology has changed the way businesses operate is something of an understatement, even if they weren’t “techie” businesses to begin with.

SharePoint Online makes it easier to store, share and manage digital information.

OneDrive for Business is a similar option and allows you to store, sync and share work files from anywhere, on any device, at any time.

Both use a collection of cloud and web-based resources that would have seemed like something out of a science fiction film even a decade ago!

Thanks to solutions like these and others, suddenly “productivity” and “geography” are no longer as closely tied together as they once were. If you’re in the middle of an important product launch, but also happen to be halfway around the world, you no longer have to wait until you’re back in the office to get things done. You can be just as productive while sitting in an airport lounge waiting for your flight to take off as you can at your desk in the office.

The best part of all is that because these options are cloud-based, they’re being updated all the time to become even more valuable than they already were. For example, in just a few short weeks, Microsoft is going to begin adding support for special characters like “#” and %” to both SharePoint Online and OneDrive for Business that enterprise users, in particular, will no doubt be thrilled about.

The Addition of “#” and “%”—What’s the Story?

Early in 2017, Microsoft announced that they were adding support for special characters like “#” and “%” for file and folder names across the document libraries that you’re already creating in SharePoint Online and OneDrive for Business. This is something that we’ve long been clamoring for and will begin rolling out in October.

This will give you the ability to create, store and sync files containing these special characters with greater ease than ever before – regardless of whether they’re used as a prefix or suffix in a particular file or folder name.

This is a small but essential change, as it gives you a greater level of control over how files and folders are created in line with your own in-house organizational practices. Other solutions and even other operating systems have long supported characters like “#” and “%” in this way, so their addition to SharePoint Online and OneDrive for Business is a welcome addition.

Savvy users are no doubt already aware that this feature has actually been available in an “opt-in” capacity since earlier in 2017. Starting in October, this feature will be turned on by default for those already using these solutions. The total global rollout is expected to be completed around March of 2018, along with Office 365 Roadmap ID 14656.

Do You Need More Time to Prepare?

Because this feature will be enabled by default in just a few short weeks’ time, some may need more time to prepare their in-house methods for the adjustment. Thankfully, this feature also has administrative controls that allow you to disable it at will, and enable again.

If you and your team need additional time to prepare for the change, go into the administration panel on your deployment and configure the feature to be “off by default” by the end of September 2017. Then, when the global rollout completes, you can go back in and enable it whenever you’re ready.

Guest Compatibility

Another new feature that’s slowly making its debut involves guest compatibility for Teams, something that affects not only SharePoint Online and OneDrive for Business, but all the apps in the Office 365 productivity suite. Now you can add guest accounts for your pre-configured Teams at will so they can work under the same policies and protections as regular members.

This is perfect for people who want to bring a client or a new employee into the fold on a temporary basis, giving them access to certain resources in a limited capacity without making them a full-fledged member. Teams was originally launched in March of 2017 as Microsoft’s alternative to other workplace communication applications, with Slack being perhaps the most prominent example.

With the already robust feature set and support for options like special characters, and more being added all the time, it’s easy to see why SharePoint Online and OneDrive are widely used by businesses and other professionals all over the world.

If your business in Omaha needs assistance with SharePoint Online, OneDrive, or other Microsoft solutions, please don’t delay. Contact InfiNet Solutions today at (402) 895--5777 or [email protected]. We can help you accomplish your goals with the right IT solutions.