Today’s consumers have health and fitness literally at their fingertips. There are smartphone apps to help track calories. There are wearable devices to count steps per day or to help ensure you’re getting enough sleep at night. There are even Facebook groups to help you stay motivated to reach your fitness goals.

Although healthy industry regulations require medical providers to protect consumer health data, those regulations often don’t extend to health-related apps, social media, or wearable tech.

The Computer Company offers these need-to-know tips when it comes to keeping your health records safe:
What Companies Must Legally Protect My Health Information?

“Currently the HIPAA Privacy and Security Rules protect health data in traditional settings, however, it doesn’t extend to health apps compliance. Many of the companies providing these technologies share consumers’ data with other entities, with no regard for privacy, without repercussion,” explains Compliancy Group. Read more.

The National Institutes of Health states that “Covered entities are defined in the HIPAA rules as (1) health plans, (2) health care clearinghouses, and (3) health care providers who electronically transmit any health information in connection with transactions for which HHS has adopted standards. Generally, these transactions concern billing and payment for services or insurance coverage. For example, hospitals, academic medical centers, physicians, and other health care providers who electronically transmit claims transaction information directly or through an intermediary to a health plan are covered entities. Covered entities can be institutions, organizations, or persons.” Read more.

Why Should I Care Who Has Access to My Information?

“Here’s the reality of life as a wearable device owner: There’s no doctor/patient privacy or patient privacy or any privacy for that matter,” Huffington Post notes. “Monitoring your health and collecting data is like publishing your own medical autobiography online.” Read more.

PBS.org reports that with its recent purchase of FitBit, Google has stated that privacy and security are a top priority, but consumer “advocates say Google and other tech companies need to prove that only a small percent — if any — of the data they release can be rematched with individual users …

The threat of re-identification has led privacy advocates to question the motives of companies that create health apps, which have not been proven to improve health.” Read more.

What Can I Do to Protect Myself?

The BBC reports that there’s “too much onus on the consumer to navigate an opting-out system” along with “the fear that hackers could access [databases] and find the details of individual users.” Read more.

When using social networking sites, Privacy Rights Clearinghouse states that users “become familiar with the privacy settings available on any social network you use, and review your privacy settings frequently. On Facebook, for example, you may want to make sure that your default privacy setting is ‘Friends Only.’ Alternatively, use the ‘Custom’ setting and configure the setting to achieve maximum privacy.” Read more.

How Should Healthcare Providers Protect My Medical Information?

First, it’s wise to get an idea of what constitutes a HIPAA violation. According to Zeguro “Although HIPAA violations arise in a variety of ways, they all incorporate “someone who shouldn’t know something who learns about it because there weren’t enough protections.” This definition includes everything from employees having too much system access, to a hacker gaining entrance to your system, to someone leaving a piece of paper on a desk or a screen open to view. Read more.

“Healthcare organizations, while under fire, have been improving their cybersecurity posture over the last few years. Many have hired cybersecurity professionals from more mature industries, like financial services; most are working to adopt strong frameworks such as ISO, NIST, and HITRUST to evaluate and improve cybersecurity controls, including security awareness training for the healthcare workforce,” explains Becker’s Health IT and CIO Report. Read more.

Navigating health laws and data privacy can feel complicated and overwhelming at times. Start by understanding the current laws, regulations, and health privacy certifications, such as HIPAA and HITRUST. Do some research before investing in wearable tech or signing up for an app or social account. Above all, read the privacy policies and review the settings for any software or hardware you use. By following the tips listed in this article, you’ll stand a better chance of keeping your medical data safe.

Contributed by:
Diane Harrison

diane@healthpsa.info

In today’s threats-cape, antivirus software provides little piece of mind.

In fact, anti-malware scanners on the whole are horrifically inaccurate, especially with exploits less than 24 hours old. After all, malicious hackers and malware can change their tactics at will. Swap a few bytes around, and a previously recognized malware program becomes unrecognizable.

Here are 11 sure signs you’ve been hacked and what to do in the event of compromise.

Sure sign of system compromise No. 1: Fake antivirus messages

In slight decline these days, fake antivirus warning messages are among the surest signs that your system has been compromised. What most people don’t realize is that by the time they see the fake antivirus warning, the damage has been done. Clicking No or Cancel to stop the fake virus scan is too little, too late.

Why does the malicious program bother with the “antivirus warning”? This is because the fake scan, which always finds tons of “viruses,” is a lure to buy their product. Clicking on the provided link sends you to a professional-looking website, complete with glowing letters of recommendation. There, they ask you for your credit card number and billing information. You’d be surprised how many people get tricked into providing personal financial information. The bad guys gain complete control of your system and get your credit card or banking information. For bad guys, it’s the Holy Grail of hacking.

What to do: As soon as you notice the fake antivirus warning message, power down your computer. (Note: This requires knowing what your legitimate antivirus program’s warning looks like.) If you need to save anything and can do it, do so. But the sooner you power off your computer, the better. Boot up the computer system in Safe Mode, and try to uninstall the newly installed software (oftentimes it can be uninstalled like a regular program). Either way, follow up by trying to restore your system to a state previous to the exploitation. If successful, test the computer in regular mode and make sure that the fake antivirus warnings are gone. Then follow up with a complete antivirus scan. Oftentimes, the scanner will find other sneak remnants left behind.
Please call us if you are experiencing any of these problems: 860.635.0500

Sure sign of system compromise No. 2: Unwanted browser toolbars

This is probably the second most common sign of exploitation: Your browser has multiple new toolbars with names that seem to indicate the toolbar is supposed to help you. Unless you recognize the toolbar as coming from a very well-known vendor, it’s time to dump the bogus toolbar.

What to do: Most browsers allow you to review installed and active toolbars. Remove any you didn’t absolutely want to install. When in doubt, remove it. If the bogus toolbar isn’t listed there or you can’t easily remove it, see if your browser has an option to reset the browser back to its default settings. If this doesn’t work, follow the instructions listed above for fake antivirus messages. You can usually avoid malicious toolbars by making sure that all your software is fully patched and by being on the lookout for free software that installs these tool bars. Hint: Read the licensing agreement. Toolbar installs are often pointed out in the licensing agreements that most people don’t read. Again please call us if you are experiencing this problem: 860.635.0500

Sure sign of system compromise No. 3: Redirected Internet searches

Many hackers make their living by redirecting your browser somewhere other than you want to go. The hacker gets paid by getting your clicks to appear on someone else’s website, often those who don’t know that the clicks to their site are from malicious redirection.

You can often spot this type of malware by typing a few related, very common words (for example, “puppy” or “goldfish”) into Internet search engines and checking to see whether the same websites appear in the results — almost always with no actual relevance to your terms. Unfortunately, many of today’s redirected Internet searches are well hidden from the user through use of additional proxies, so the bogus results are never returned to alert the user. In general, if you have bogus toolbar programs, you’re also being redirected. Technical users who really want to confirm can sniff their own browser or network traffic. The traffic sent and returned will always be distinctly different on a compromised computer vs. an uncompromised computer.

What to do: Follow the same instructions as above. Usually removing the bogus toolbars and programs is enough to get rid of malicious redirection.

Sure sign of system compromise No. 4: Frequent random popups

This popular sign that you’ve been hacked is also one of the more annoying ones. When you’re getting random browser pop-ups from websites that don’t normally generate them, your system has been compromised. I’m constantly amazed about which websites, legitimate and otherwise, can bypass your browser’s anti-pop-up mechanisms. It’s like battling email spam, but worse.

What to do: Not to sound like a broken record, but typically random pop-ups are generated by one of the three previous malicious mechanisms noted above. You’ll need to get rid of bogus toolbars and other programs if you even hope to get rid of the pop-ups. Call if you need help.

Sure sign of system compromise No. 5: Your friends receive fake emails from your email account

This is the one scenario where you might be OK. It’s fairly common for our email friends to receive malicious emails from us. A decade ago, when email attachment viruses were all the rage, it was very common for malware programs to survey your email address book and send malicious emails to everyone in it.

These days it’s more common for malicious emails to be sent to some of your friends, but not everyone in your email address book. If it’s just a few friends and not everyone in your email list, then more than likely your computer hasn’t been compromised (at least with an email address-hunting malware program). These days malware programs and hackers often pull email addresses and contact lists from social media sites, but doing so means obtaining a very incomplete list of your contacts’ email addresses. Although not always the case, the bogus emails they send to your friends often don’t have your email address as the sender. It may have your name, but not your correct email address. If this is the case, then usually your computer is safe.

What to do: If one or more friends reports receiving bogus emails claiming to be from you, do your due diligence and run a complete antivirus scan on your computer, followed by looking for unwanted installed programs and toolbars. Often it’s nothing to worry about, but it can’t hurt to do a little health check when this happens.

Sure sign of system compromise No. 6: Your online passwords suddenly change

If one or more of your online passwords suddenly change, you’ve more than likely been hacked — or at least that online service has been hacked. In this particular scenario, usually what has happened is that the victim responded to an authentic-looking phish email that purportedly claimed to be from the service that ends up with the changed password. The bad guy collects the logon information, logs on, changes the password (and other information to complicate recovery), and uses the service to steal money from the victim or the victim’s acquaintances (while pretending to be the victim).

What to do: Call if you need help. If the scam is widespread and many acquaintances you know are being reached out to, immediately notify all your contacts about your compromised account. Do this to minimize the damage being done to others by your mistake. Second, contact the online service to report the compromised account. Most online services are used to this sort of maliciousness and can quickly get the account back under your control with a new password in a few minutes. Some services even have the whole process automated. A few services even have a “My friend’s been hacked!” button that lets your friends start the process. This is helpful, because your friends often know your account has been compromised before you do.

If the compromised logon information is used on other websites, immediately change those passwords And be more careful next time. Websites rarely send emails asking you to provide your logon information. When in doubt, go to the website directly (don’t use the links sent to you in email) and see if the same information is being requested when you log on using the legitimate method. You can also call the service via their phone line or email them to report the received phish email or to confirm its validity. Lastly, consider using online services that provide two-factor authentication. It makes your account much harder to steal.

Sure sign of system compromise No. 7: Unexpected software installs

Unwanted and unexpected software installs are a big sign that your computer system has likely been hacked. In the early days of malware, most programs were computer viruses, which work by modifying other legitimate programs. They did this to better hide themselves. For whatever reason, most malware programs these days are Trojans and worms, and they typically install themselves like legitimate programs. This may be because their creators are trying to walk a very thin line when the courts catch up to them. They can attempt to say something like, “But we are a legitimate software company.” Oftentimes the unwanted software is legally installed by other programs, so read your license agreements. Frequently, I’ll read license agreements that plainly state that they will be installing one or more other programs. Sometimes you can opt out of these other installed programs; other times you can’t.

What to do: There are many free programs that show you all your installed programs and let you selectively disable them. My favorite for Windows is autoruns It doesn’t show you every program installed but will tell you the ones that automatically start themselves when your PC is restarted. Most malware programs can be found here. The hard part is determining what is and what isn’t legitimate. When in doubt, disable the unrecognized program, reboot the PC, and re-enable the program only if some needed functionality is no longer working.

Sure sign of system compromise No. 8: Your mouse moves between programs and makes correct selections

If your mouse pointer moves itself while making selections that work, you’ve definitely been hacked. Mouse pointers often move randomly, usually due to hardware problems. But if the movements involve making the correct choices to run particular programs, malicious humans are somewhere involved.

Not as common as some of the other attacks, many hackers will break into a computer, wait for it to be idle for a long time (like after
midnight), then try to steal your money. Hackers will break into bank accounts and transfer money, trade your stocks, and do all sorts of rogue actions, all designed to lighten your cash load.

What to do: If your computer “comes alive” one night, take a minute before turning it off to determine what the intruders are
interested in. Don’t let them rob you, but it will be useful to see what things they are looking at and trying to compromise. If you have a cellphone handy, take a few pictures to document their tasks. When it makes sense, power off the computer. Unhook it from the network (or disable the wireless router) and call in the professionals. This is the one time that you’re going to need expert help.

Using another known good computer, immediately change all your other logon names and passwords. Check your bank account transaction histories, stock accounts, and so on. Consider paying for a credit-monitoring service. If you’ve been a victim of this attack, you have to take it seriously. Complete restore of the computer is the only option you should choose for recovery. But if you’ve lost any money, make sure to let the forensics team make a copy first. If you’ve suffered a loss, call law enforcement and file a case. You’ll need this information to best recover your real money losses, if any.

Sure sign of system compromise No. 9: Your anti-malware software, Task Manager, or Registry Editor is disabled and can’t be restarted

This is a huge sign of malicious compromise. If you notice that your antimalware software is disabled and you didn’t do it, you’re probably exploited — especially if you try to start Task Manager or Registry Editor and they won’t start, start and disappear, or start in a reduced state. This is very common for malware to do.

What to do: Call if you need help. You should really perform a complete restore because there is no telling what has happened. But if you want to try something less drastic first, research the many methods on how to restore the lost functionality (any Internet search engine will return lots of results), then restart your computer in Safe Mode and start the hard work. I say “hard work” because usually it isn’t easy or quick. Often, I have to try a handful of different methods to find one that works. Precede restoring your software by getting rid of the malware program, using the methods listed above.

Sure sign of system compromise No. 10: Your bank account is missing money

I mean lots of money. Online bad guys don’t usually steal a little money. They like to transfer everything or nearly everything, often to a
foreign exchange or bank. Usually it begins by your computer being compromised or from you responding to a fake phish from your bank. In any case, the bad guys log on to your bank, change your contact information, and transfer large sums of money to themselves.

What to do: In most cases you are in luck because most financial institutions will replace the stolen funds (especially if they can stop the transaction before the damage is truly done). However, there have been many cases where the courts have ruled it was the customer’s responsibility to not be hacked, and it’s up to the financial institution to decide whether they will make restitution to you.

If you’re trying to prevent this from happening in the first place, turn on transaction alerts that send text alerts to you when something unusual is happening. Many financial institutions allow you to set thresholds on transaction amounts, and if the threshold is exceeded or it goes to a foreign country, you’ll be warned. Unfortunately, many times the bad guys reset the alerts or your contact information before they steal your money. So make sure your financial institution sends you alerts anytime your contact information or alerting choices are changed.

Sure sign of system compromise No. 11: You get calls from stores about nonpayment of shipped goods

In this case, hackers have compromised one of your accounts, made a purchase, and had it shipped to someplace other than your house.
Oftentimes, the bad guys will order tons of merchandise at the same time, making each business entity think you have enough funds at the beginning, but as each transaction finally pushes through you end up with insufficient funds.

What to do: This is a bad one. First try to think of how your account was compromised. If it was one of the methods above, follow those
recommendations. Either way, change all your logon names and passwords (not just the one related to the single compromised account), call law enforcement, get a case going, and start monitoring your credit. You’ll probably spend months trying to clear up all the bogus transactions committed in your name, but you should be able to undo most, if not all, of the damage.

Years ago you could be left with a negative credit history that would impact your life for a decade. These days, companies and the credit
reporting agencies are more used to cyber crime, and they deal with it better. Still, be aggressive and make sure you follow every bit of advice given to you by law enforcement, the creditors, and the credit-rating agencies (there arethree major ones).

The hope of an anti-malware program that can perfectly detect malware and malicious hacking is pure folly. Keep an eye out for the common signs and symptoms of your computer being hacked as outlined above. And if you are risk-adverse, as I am, always perform a complete computer restore with the event of a breach. Because once your computer has been compromised, the bad guys can do anything and hide anywhere. It’s best to just start from scratch.

Most malicious hacking originates from one of three vectors: unpatched software, running Trojan horse programs, and responding to fake phishing emails. Do better at preventing these three things, and you’ll be less likely to have to rely on your anti-malware software’s accuracy — and luck.

Please call us if you are experiencing any of these problems: 860.635.0500

Computer Networking

Eliminate Your Computer Support Problems

• Network down?
• Printer offline?
• VPN underperforming?
• Email over capacity?
• Overwhelmed by spam?
• System under a virus attack?

We have designed many IT administration and support solutions specifically to solve all these problems and others. Growing organizations do face computer support obstacles like these.  But TCC has already faced every obstacle and we know how to ramp your business back up to full efficiency.

Strengths and Skills

With our 24/7 customer support services, immediate response is guaranteed and we’ll stay focused on your needs until the problem has been resolved. Our total IT support services include:

Staff Support

We’ll augment your current IT staff and provide deep technical expertise at a rate more affordable than adding more staff

Risk Minimization

When your IT staff is unavailable, we can immediately resolve many IT problems. Use us as your emergency staff and always have IT help available.

Efficiency Optimization

Regular maintenance and system health reviews reduce downtime and increase the overall efficiency of your network. A thorough IT audit can reduce, if not eliminate, the expense of future infrastructure outages.

We provide, “IT Solutions Done Right.”

Hartford Location

15 Commerce Drive

Cromwell, CT 06416

860.635.0500

By Roger A. Grimes

We hope you never see this screen.

Image from https://www.extremetech.com

The malware widely believed to be responsible is a version of Petya which security researchers are calling “NotPetya.”

Who has been Infected?

The world suffered another ransomware nightmare Tuesday, with pharmaceutical companies, Chernobyl radiation detection systems, the Kiev metro, an airport and banks all affected. One U.S. hospital also appears to be a victim. Worse is expected, thanks to some pernicious features in the ransomware sample.

Could this happen to you?
Perhaps most crucially, thanks to all these added features, the new strain will infect even patched Windows PCs, including those with Windows 10, as one IT professional noted in a blog, whereas WannaCry worked largely on older systems.

If Your System Fails, Could You Recover?

Disasters do happen.  The question is, when something fails, will it be a temporary inconvenience or a business-shaking crisis?  When a hard drive crashes, can you be back in business in hours? If a natural disaster shuts your network down, can you recover every business-critical application that day?

The Computer Company offers a full range of disaster recovery consulting services, practices, and solutions for your business to prevent many events, minimize any damage, and return your system to its full capabilities as soon as possible.  We do disaster recovery right.

Call 860-635-0500 today and get the protection your business needs.

Consider these facts:

• Ransomware attacks doubled in 2015.
• The FBI estimated that ransomware would net criminals $1 billion in 2016.
• And it may be worse in 2017.

The latest Ransomware is called WannaCry, and more than 230,000 computers in 150 countries have been affected, locking people out of their data and demanding they pay a ransom or lose everything. Victims include hospitals, banks, telecommunications companies, and warehouses.

How do I protect my machine?

If you’re running a Windows PC, make sure all your software is up-to-date. Also, don’t open suspicious emails, click on links or open any files you weren’t expecting.

How can I protect my business against the next attack?

1. Apply Windows Patches when they come out. For example, in March, Microsoft released a security update which addressed the vulnerability from
2. Make sure your business uses a good Antivirus that is kept up-to-date.
3. Those who have Windows Update enabled are usually protected against most attacks.
4. Update your Windows Operating System to the latest Windows 10
5. Have backups for all your business files. (off-site backups are even better)
6. Secure your business by moving to a Data Center with a plan to get updates and backups automatically done for you.