Archive | security RSS feed for this section

Emerging Electronic Health Information Exchange Systems Fail to meet Patient Needs

15 Mar

Finally FastTech News from the Finally Fast team

Health care organizations need to do more to help patients realize the full benefits of electronic data from emerging health information exchange systems, according to a new study commissioned by Consumers Union that appears in the March 2012 Health Affairs.  The study examines how well five major California health care organizations are meeting the needs of patients and communities in the use of their electronic data and offers important lessons for the rest of the country.

“Electronic health information exchange holds great promise for improving patient care and outcomes,” said Mark Savage, senior attorney for Consumers Union, the nonprofit advocacy arm of Consumer Reports.  “Health care organizations are making progress developing these systems but they must provide patients with greater access to their electronic medical data and the ability to monitor who is accessing this information to maximize benefits and limit potential privacy risks.  Patient and public health must be at the center of these efforts.”

 

The study was funded by the California HealthCare Foundation and assesses the extent to which these efforts are meeting the needs of patients and communities based on a set of principles developed by California organizations representing consumers and patients.  The independent study was carried out by Robert H. Miller, Ph.D., a health economist and faculty member at University of California, San Francisco.

In June 2010, Consumers Union joined fifteen other organizations representing California patients and consumers to develop nine principles for electronic health information exchange.  The principles aim to improve patient and population health care by increasing the availability and use of patient data while protecting patients’ privacy.

The consumer principles balance patients’ various needs—for example, coordinating health care and information among the patient and diverse providers in multiple organizations; ensuring the security and privacy of personal health information; designing systems that can be easily used by non-English speakers and person with disabilities; and accessing safety and quality data about providers and treatments.

The 2009 stimulus bill passed by Congress provided up to $27 billion in incentives for physicians and hospitals to adopt electronic health record systems.  The law also provided an additional $2 billion for activities that encourage meaningful use of electronic health information exchange.  It set a strategic goal of achieving electronic health records for every person in the United States by 2014.

In theory, electronic health information should enable a patient’s providers to share information about the patient’s health status and current medications and to remind themselves about services the patient needs.  The patient should be able to review health records via a web-based patient portal; possibly correct or add information; communicate with providers; view reminders of needed services; and access educational materials tailored to various health issues.  Despite its potential benefits, electronic information sharing can entail risks for patients, especially loss of privacy and misuse of data.

The study examined five different health care organizations that collectively serve a full range of California patient populations:  Kaiser Permanente, Nautilus Health Care Management Group, Santa Clara Valley Hospital and Health System, Inland Empire Health Plan, and the Santa Cruz Health Information Exchange.

Each organization is considered a health information technology leader for the patient population it serves.  The study found that the organizations relied on different approaches and were at different stages of developing their systems, which provided varying benefits to both providers and patients.

Overall, exchange of electronic data among a patient’s providers in different organizations was limited, which limited benefits to patients from the use of that data for their care.  Moreover, of the five health care systems evaluated, only Kaiser and Nautilus had patient portals that enable patients to review some of their health record data.  But neither organization had done much to inform patients — particularly in their own language — about patients’ personal health information rights, remedies, and responsibilities.  Patients of the five health care organizations examined had little ability to monitor who was accessing their data.

The study found that a lack of clear “rules of the road,” including behavioral norms for health information exchange participants, legal agreements, and technical standards, was preventing quicker implementation of health information exchange systems that could benefit providers and patients alike.  Little progress has been made when it comes to using electronic health information to improve the health of the public and communities at large.

The study recommends a number of policies to end the marginalization of patients and consumers in current health information exchange efforts.  For example, launching campaigns to increase health information technology literacy could increase patients’ demand for health information exchange, forcing organizations to respond better to their needs.

In addition, the study calls on state and federal governments to enact new policies that set timetables for organizations to offer patient-friendly web-based portals; create rules that enable consumers to easily understand who has accessed their information and correct data; and fund and publicize timely evaluations of health information exchange systems, including the benefits and risks for patients.

Photo Credit

Tags: , , , , ,

Threat Report Reveals Google replaces Microsoft as Number One Vendor for Vulnerabilities

16 Nov

Finally FastInternet safety tips from the Finally Fast team

Google replaced Microsoft as the number one vendor for reported vulnerabilities, with a total of 82, due to existing vulnerabilities in Chrome as the browser grows in popularity. Oracle came in second, with 63; Microsoft fell to third place, with 58, all according to Trend Micro’s Third Quarter Threat Report.

Trend Micro threat researchers also witnessed a significant shift from mass compromises to targeted attacks, particularly against large enterprises and government institutions. Their work led them to the uncovering of one of the most notable groups of targeted attacks during the third quarter – the LURID downloader.

These attacks, which were classified by Trend Micro as advanced persistent threats (APTs), targeted major companies and institutions in over 60 countries, including Russia, Kazakhstan, and the Ukraine. The cybercriminals behind these attacks launched over 300 malware campaigns in order to obtain confidential data from and take full control of affected users’ systems over an extended period of time. LURID was successful because it was targeted by its nature. By zoning in on specific geographic locations and entities, LURID compromised as many as 1,465 systems.

Other notable security attacks, scams, breaches and exploits

Trend Micro threat analysts came across a new DroidDreamLight variant with enhanced capabilities and routines. Disguised as battery-monitoring or task-listing tools or apps that allow users to see a list of permissions that installed apps utilize, copies of this new Android malware littered a Chinese third-party app store.

In the first half of July, Trend Micro researchers spotted a page that enticed users to click a link to get free invitations to Google’s latest stab at taking a slice of the social media pie—Google+. Instead of invitations to join the site, however, all the users got was an “opportunity” to take part in a survey that put them at risk.

LinkedIn users were also part of a criminal scam that tricked them into clicking a malicious link to a supposed Justin Bieber video that redirected them to a malicious site.

The most notorious spam runs this quarter led to the download and execution of two banking Trojans: The first campaign featured a spam that purported to come from the Spain National Police; the second supposedly came from the Internal Revenue Service.

India and South Korea was part of the top three spam-sending countries. The United States, which commonly takes the top spot, was not on the top 10 spam-sending countries list most likely due to the arrest of several spambot operators.

Notable security research wins

In addition to the discovery of the LURID downloader, Trend Micro and other global security teams made impressive takedowns in Q3:

After months of monitoring, Trend Micro researchers uncovered a SpyEye operation controlled by a cybercriminal residing in Russia with the handle, “Soldier,” and his accomplice in Hollywood, California. This botnet operation, which amassed more than US$3.2 million within six months, targeted large enterprises and government institutions in the United States, as well as organizations in Canada, the United Kingdom, India, and Mexico. More details on this win can be found in Trend Micro’s research paper, “From Russia to Hollywood: Turning Tables on a SpyEye Cybercrime Ring.”

Trend Micro researchers were also able to gather in-depth information on two of the largest FAKEAV affiliate networks to date—BeeCoin and MoneyBeat. More details on how FAKEAV affiliate networks work can be found in the research paper,”Targeting the Source: FAKEAV Affiliate Networks.”

Photo Credit

Tags: , , , , , ,

How to Repair Your Credit Now

8 Aug

Finally FastPersonal finance tips from the Finally Fast tips

Credit repair begins with you. Many people have bad credit and they don’t even know about it or they think they have no way to repair it. But before you take any steps to repair your credit, you need to know your credit score.

Your credit score is a 3-digit number, usually between 300 and 850, that lets lenders know how you are paying off your current debts and how much of a credit risk you may be to them. Your credit score is based on the information listed in your credit report, which contains a history of your past debts and repayments.  Credit bureaus use computers and mathematical calculations to arrive at a particular credit score using all of the information contained in your credit report.

Each credit bureau uses different methods to do this, which is why you will have different scores with different companies, but most credit bureaus use the FICO system.  FICO is an acronym for the widely used credit score calculating software offered to the credit bureaus by the Fair Isaac Corporation. Credit scores are often redder to as FICO scores or FICO ratings. Everyone has the right to see his or her credit reports and to repair this score.

One you have copies of your reports and know your scores, you can take the following steps:

Pay Your Bills On Time

This is the simplest step, and the most important. Your best bet is to set up automatic payments with all your creditors. If you can’t make a payment, call your creditor and make something work so that they won’t report it to the credit bureaus.

Increase Debt to Limit Ratio

There are two ways you can do this: keep your balances low or increase your limits. Always make sure your balances are below 35% if possible. Increasing your limits will help the ratio as long as you don’t increase your debt on those accounts too.

Diversify Your Credit

Unless you have a mortgage or car loan, you will need to start with the basics. First, get a checking account with your bank with a line of credit, and then get a credit card attached to your bank account. Finally, get a merchant store card.

 

Talk to Your Creditors

Creditors want their money too and they will negotiate to get it. Always talk to your creditors before paying off a bill. Use your leverage to negotiate the removal of the negative items upon final payment.

Dispute Negative Items

The main reason most people get denied loans is because of past negative items. The Fair Credit Reporting Act gives you the right to dispute any and all items on your credit reports that you feel classify as inaccurate, unverifiable, or misleading. If the bureaus cannot verify that the information on your reports is indeed correct, then those items must be deleted.

Photo Credit

Tags: , , , , , , ,

Getting Paid…Minus the Headaches

17 Mar

From the FinallyFast Help Desk:

Here’s a topic that’s near and dear to the hearts of all work-at-home freelancers: actually getting paid! It seems there are always employers out there ready to slow-pay or no-pay you for independent contractor jobs. But here are a few commonsense things you can do to make sure there is plenty of green at the end of your gig.

  • Go through a reputable freelance website – there are many reasons to funnel projects through a freelance website such as Guru.com or Elance.com, even if you initially get the job elsewhere. Reason #1? Escrow. The agreed-upon funds for the job are paid to a third-party prior to any work being done. That way you know the employer is actually serious about the job, has the funds, and won’t suddenly go AWOL when they have what they need from you. On the flip side, escrow protects the employer. It’s really win-win. Reason #2? Arbitration. If there is a fundamental disagreement about who owes what to whom, you’ll have a digital “paper trail” of correspondence on the site and a third party ready to find a solution. The bad news about freelance websites is that they involve membership fees or administrative fees, and often both. But that conveniently brings me to the next point…

  • Add fees to your invoices – Most employers understand that you’d like to net rather than gross your bid amount. That is to say, if you bid $1000, you don’t want to end up with $910 after transaction fees, admin fees, escrow fees, and whatever else. You’re already responsible for all your own taxes; don’t get nicked by fees. Find out what your freelance website charges—including for escrow, which is often a separate fee—and have the confidence to tack on fees to your amounts.

  • Establish a pay schedule – Going along with the first point, most freelance websites give you the ability to set up project agreements and milestone events, including at what point in the process you get paid, whether that’s a certain date or the delivery of a certain product/service. It’s extra work, but it sure gives your request for payment a little more juice and legitimacy. Let’s face it – freelancers have to endure the kind of slow-pay, didn’t-get-to-it-yet, went-on-vacation-for-a-month excuses that employers would never even think of trying to pull with regular employees. It’s a reality, so at least create a formal, written schedule to lessen those excuses. Plus, if you’ve used escrow, clicking the “release escrow” button is a lot easier for some smaller employers than the “release money from my bank account” button.

HBGary Federal CEO steps down, Anonymous claims victory

1 Mar

 From the FinallyFast Help Desk:

HBGary Federal CEO Aaron Barr recently announced he is stepping down from his position following an embarrassing battle with the Anonymous hacking organization.

“I need to focus on taking care of my family and rebuilding my reputation,” Barr said in a phone interview with Kaspersky Labs’ Threatpost. “It’s been a challenge to do that and run a company. And, given that I’ve been the focus of much of bad press, I hope that, by leaving, HBGary and HBGary Federal can get away from some of that. I’m confident they’ll be able to weather this storm.”

Barr and HBGary Federal previously collaborated with the FBI on an investigation into the hacking organziation known as Anonymous. Barr claimed in an interview with the Financial Times that he obtained the identity of two members of Anonymous residing in the United States, and scheduled an address at this month’s RSA Security Conference in which he was expected to reveal these identities.

Before the conference began, Barr’s personal Twitter account was breached, through which a hacker posted a statement on Anonymous’ motives. Meanwhile, both domain names used for the HBGary Federal website were hijacked and the home page was replaced with a similar statement from Anonymous. Then, news broke that Anonymous stole 60,000 company emails and immediately began publishing them on the internet.

“Today we taught everyone a lesson. When we actually decide to bite back against those who try to bring us down, we bite hard,” the hackers posted from Barr’s Twitter account.

HBGary Federal proceeded in light of the data breach, with Barr still scheduled to speak at the RSA Security conference. However, after the first two days at RSA brought hecklers to the HBGary Federal showcase tent and death threats against Barr and his family, the company vacated the conference. Shortly after, in place of an HBGary Federal sign explaining its sudden departure, a large white sign claiming victory in the name of Anonymous was found in the place where HBGary Federal’s tent was set up.

Now, after Barr announced he is stepping down, a Twitter account by the name of Topiary, which claims to be an “online activist” and “supporter of anonymous operations, WikiLeaks and maintaining freedom on the internet” declared “victory” in a Tweet with the link to news about Barr’s departure attached.

Anonymous has grown into one of the world’s most influential hacking organizations in a short time. The group emerged shortly after the international persecution of WikiLeaks and its founder Julian Assange, defending both by lashing out at the organizations that condemned either. Anonymous has claimed responsibility for distributed denial-of-service attacks that have successfully brought down the MasterCard website, as well as targeted online payment service PayPal and Visa, after each declared they would stop processing donations to WikiLeaks.

Tags: , , , , ,

What Makes People Susceptible to Scams

14 Feb

From the FinallyFast help Desk:

How do you protect PC and your information? Below shows the ways that you can get tricked by  Cyber criminals. (Click on the image to make it larger.)

Tags: , , , ,

Malware and How to Protect your PC

8 Feb

From the FinallyFast Help Desk:

There is a war going on. Behind the scenes cyber criminals are attacking your PC and stealing personal information. Whether is Malware, Spyware, or a Trojan horse, it’s important to keep your PC safe. Programs like FinallyFast and SpywareStriker are great ways to keep your PC clean and your information secure.

What is Malware?

Malware is a malicious software which is designed to access a computer without the owner’s consent.  Spyware, Trojan horses, viruses and worms are all considered Malware. Malware is usually a part of cyber crime, by stealing information like bank accounts from your PC. Malware is usually passed from user to user by email and more recently through social networking sites like Facebook.

What is Spyware?

Spyware does what it sounds like; it spies on your PC. Whether it is to steal your information like credit cards and bank account information, or simply to get passwords, Spyware is a huge security threat and a huge issue for computers. Often times Spyware will be completely hidden from the user of the PC and is very difficult to detect. As Spyware works it slowly steals various types of personal information, it can also change computer settings, install other software and redirect browser activity on the Web. A AOL and National Cyber-Security Alliance, study in 2005, found 61 percent of users’ computers were infected with spyware of some form (“AOL/NCSA Online Safety Study”, America Online & The National Cyber Security Alliance. 2005.) Spyware is not like viruses and worms in that it does not self-replicate usually. For more information check out http://en.wikipedia.org/wiki/Spyware#cite_ref-aolstudy_2-0

What is a Trojan Horse?

You might think a Trojan Horse was just a part of a book where the Greeks had fun playing a trick on the Trojan’s. A computer Trojan works much the same way as the Greeks famous Horse, it pretends to be something else. Most computer users click on what they think is a desired program and install it and never become wiser. The Trojan horse will conceal a harmful or malicious payload (meaning another program like spyware, worms, or viruses). The payload goes to work immediately. For more information check out http://en.wikipedia.org/wiki/Malware

What Can You Do?

Although firewalls and anti-viruses can stop many things from getting into your PC, there are many things that can get through those systems. Many programs that run behind-the-scenes can often get around firewalls and anti-virus software. The best thing is to get a Spyware Scan that can look things that are hiding in your system behind the scenes, undetected. SpywareStriker Pro is an amazing Spyware Scan that eliminates Spyware and Malware from your system. Spyware Striker Pro includes CounterSpy scan engine. This Award-Winning scan has been awarded the CNET Editor’s Choice Award as: “the only antispyware product that correctly identified every piece of spyware… It did very well in active scanning, on-demand detection, and complete spyware removal.” In another words it is kind of like James Bond for your PC. You can check out SpywareStriker Pro at FinallyFast or by clicking here.

Tags: , , , , ,

Spanish police arrest botnet masterminds

4 Mar

The Mariposa botnet, one of the most notorious malicious networks active on the web in recent years, was taken down on December 23. Spanish police announced on Wednesday, however, that they made three arrests in conjunction with the case. Spanish police, along with two computer security firms, Defense Intelligence and Panda Security, located the men responsible for spreading the malware. The tracking of the men began in May of 2009, but it took nearly nine months to shut down the malware strain. Latest estimates saidthat the virus spread to 190 countries and more than 11 million unique IP addresses. “Our preliminary analysis indicates that the botmasters did not have advanced hacking skills,” Pedro Bustamante, senior research advisor at Panda Security, wrote in a March 3 statement. “This is very alarming because it proves how sophisticated and effective malware distribution software has become, empowering relatively unskilled cyber-criminals to inflict major damage and financial loss.” In recent weeks, web and software security firms reported the discovery of the Kneber botnet, which infected nearly 75,000 computers worldwide. Also, Microsoft successfully destroyed the Waldedac botnet after receiving a court order to shut down domains known to infect computers with it.

Tags:

Government warns to use caution when giving to Haitian relief causes

25 Jan

Much as was seen following other natural disasters, such as the Asian tsunami in 2004 and Hurricane Katrina in 2005, U.S. law enforcement agencies and charity watchdogs have warned donors to use caution when donating to Haitian relief efforts. Relief scams ranging from phishing emails that direct donors to bogus websites, to those who target grief-stricken friends and family with offers to help locate or financially assist possible victims have already been seen, according to reports. Some cyber criminals may even claim to be victims themselves, asking for direct financial assistance. “Beware of people sending emails or spam claiming to be individuals who need help,” Daniel Borochoff, president of the American Institute of Philanthropy in Chicago, told Reuters. “It’s very easy to throw up a website that appears to be a legitimate charity even if it’s not.” The FBI has also issued a warning to internet users to be alert for unsolicited appeals to donate for relief efforts for Haiti. The feds warned that even emails that look as if they come from legitimate charitable organizations should be met with skepticism, and advised that those looking to donate seek out the websites directly, never clicking links or opening attachments in emails.

Tags:

Hackers waste no time infecting internet searches for Brittany Murphy

22 Dec

It’s happened to Michael Jackson and Tiger Woods, but celebrities don’t need to be on the A-list to have news about them targeted by hackers. Just hours after the national media reported that 32-year-old actress, Brittany Murphy, had died of cardiac arrest, the criminals behind many rogue anti-virus campaigns targeted search results with her name and related keywords to create fake news listings that do nothing but offer fake system infection warnings, several sources reported. During the time immediately following the news of the Clueless and 8 Mile actress’ death, Google reported spikes for the search terms related to Murphy, while over the 24 hours following 14 of the top 30 searches were related to Murphy and the news of her untimely demise. Within those top searches, criminals wasted no time in spiking the results with malicious links, The Tech Herald reported. Using comment spam from legitimate sites to boost their rankings criminals have been able to get their malicious domains pushed to the top for many of the common searches. According to Websense, “Brittany Murphy death” returned several malicious links within the top 10 results. The result of the malicious links is Rogue anti-virus installations, which start in the form of warnings about PC infection. Experts from several security vendors have noted that in 2010 they expect to see a rise in these types of attacks.

Tags:

← Older Entries

Follow

Get every new post delivered to your Inbox.

%d bloggers like this: