The Office of Civil Rights (OCR) at the Department of Health and Human Services (HHS) has issued a new fact sheet providing guidance to entities that have patient medical records covered under the Health Insurance Portability and Accountability Act (HIPAA). The fact sheet identifies the types of information security measures that these entities should have in place to prevent a cyber or ransomware attack (www.hhs.gov; “FACT SHEET: Ransomware and HIPAA”).
Although not addressed to consumers, the FACT SHEET is worth reading for educational purposes. For example, the OCR HHS fact sheet underscores the notification obligations of an organization that experiences a ransomware breach.
Reading the OCR HHS FACT SHEET will help consumers understand the kinds of security safeguards OCR HHS recommends for their medical providers as well as others in the health industry. That way, in case of a breach, consumers can know what information they should receive and be pro-active if they haven’t gotten timely notification.
Yes, the primary tax season has been over for several months. And no, that doesn’t mean the IRS scams have are also over. How do I know this? From first-hand knowledge in addition to the various news reports and alerts.
I got robo calls on two consecutive days. Each was clearly a robo call with a woman — with a flat and menacing voice — announcing — “this is your final IRS notice.” The robo call likely said much more but I hung up immediately after just hearing the first few seconds.
And you should do the same. These scams are meant to scare individuals by sounding as if this is an official IRS call and the recipient’s being warned that she or he or they owe taxes. And how to fix this problem? By simple sending the stated dollar amount via prepaid debit card or wire transfer to the site that’s given in the rest of the message.
I’ve said it before but it’s worth repeating: the IRS does NOT make these kinds of calls to taxpayers. So hang up ASAP if you get one of these robo calls. What else can you do? Well, I went to the website of the Treasury Inspector General for Tax Administration (TIGTA) and hit the red “IRS Impersonation Scam Reporting” box that’s on the right hand side. I entered all the needed information and submitted my complaint. I first tried their “800” scam reporting hotline but that line had gotten so many calls about these IRS impersonation scams that the recording urged individuals to go to the TIGTA website unless the individual had actually suffered a financial loss.
So please don’t be taken in if you get one of these calls or a phishing email. Go to the “Scams and phishing” link at the IRS website (www.irs.gov) where you’ll find helpful contact information for TIGTA, the Federal Trade Commission and other agencies to contact about these and other scams.
I’ve been following the Federal Communications Commission’s (FCC) proposed broadband privacy regulations. While well intended, the scope of the FCC’s proposed regulations is much too narrow. I am concerned that their final regulations will create confusion and inconsistency in online consumer protections.
I wrote an article about my concerns that TechCrunch published on June 23rd. The article is titled New FCC Regulations May Not Give Consumers True Online Privacy Protection. It can be found at: https://techcrunch.com/2016/06/23/new-fcc-regulations-may-not-give-consumers-true-online-privacy-protection/.
There is yet another alert about the Adobe Flash Player. Brian Krebs has posted a very helpful article about it so I’m sharing the link to his site.
He explains the problem and what needs to be done. As always, Mr. Krebs has provided a most timely and useful article.
Unfortunately, increasing numbers of extortion email schemes is one of the results of the recent high-profile data breaches. The FBI issues a June 1st alert warning about these schemes (www.ic3.gov/media/2016/160601.aspx; “Extortion E-Mail Schemes Tied to Recent High-Profile Data Breaches”).
The FBI alert is very helpful as it provides five different extortion emails that consumers have reported to them. These extortion messages all want the consumer to send money in bitcoins or dollars. If the consumer doesn’t comply, the or thieves will share the consumer’s personal and financial information with other people, including employers; or send all of the information to the people on the consumer’s Facebook page.
I urge you to read the full FBI alert so that you’re familiar with the specific examples and the tips provided to try and protect yourself. Anyone who has received an extortion email should contact your local FBI field office and file a complaint with the FBI’s Internet Crime Complaint Center (www.ic3.gov).
Consumers already need to be careful when using their credit cards at various stores due to data breaches. That happened at Walmart and now Walmart shoppers have another reason to be extremely careful when shopping there.
Brian Krebs has posted a timely and important blog about Walmarts. He writes that skimmers have been found in some of the self-checkout lanes at some Walmart stores. So consumers using their credit cards at those locations may be at risk at having their credit card information stolen and used by criminals. (http://krebsonsecurity.com/2016/05/skimmers-found-at-walmart-a-closer-look/).
Mr. Krebs notes that he had seen sales ads for skimmers built for the very same types of card terminals. Yes, that makes his blog even more important to read.
It also emphasizes the need for consumers to be ever more vigilant in checking for skimmers whenever they use credit or debit cards — whether in ATMs or in self-checkout lanes.
Parents are more and more aware of the need to help protect their kids online activities. But what to do? Yes, they can talk with their kids about being careful online; and yes, there are different types of software that they can install.
I just read Sarah Perez’s article about a new approach that I want to share — it’s called Bark and part of its appeal is that its genesis came from a founding team composed of parents (http://techcrunch.com; “Bark helps parents keep kids safe online without invading their privacy”; May 10, 2016).
Ms. Perez’s article provides a thorough description of Bark. In brief, she writes that Bark differs from current types of software or net nanny-type applications. Parents enroll on Bark’s website, add their kids and then Bark provides the means for parents to work with their kids to connect their social accounts. How is this different? Because, as Ms. Perez writes, parents who use Bark are “..giving the software access to read and view information from those accounts, but you’re not giving Bark permission to store that social data on its own servers indefinitely.”
Even more important for parents, Ms. Perez notes the Bark technology uses “machine learning techniques” so that it can scan and detect any dangerous activity or incidents (e.g., cyberbullying, or even signals indicating that a child might be going through a mental health concern).
I can’t vouch for Bark. However, it has features that parents might find very appealing to allow them to work collaboratively with their kids so the latter can travel and use the web and social media more safely.
Encryption is becoming the accepted default for many devices — and increasingly important given the never ending reports of devices being hacked.
Andy Greenberg wrote a very helpful article in Wired online about steps for making sure encrypted phone messages continue to stay encrypted (“Two Tips To Keep Your Phone’s Encrypted Messages Encrypted”; April 26, http://www.wired com/2016/04/tips-for-encrypted-messages/).
In his article, Mr. Greenberg focuses on two applications that are now being widely used for encrypting phone messages, i.e., WhatsApp and Viber. He outlines the two tips in clear step-by-step language. Equally useful, he highlights additional steps that iPhone users need to take. Why? Because some of the encryption’s protections can be lost when users back up data to the cloud.
His article is worthwhile for anyone currently encrypting phone messages. It’s equally worthwhile for individuals who aren’t encrypting phone messages as he identifies critical reasons for doing so.
Most Internet users have gotten pop-ups with some variation on the message of “install Adobe Flash Player update” when visiting various websites. However, as easy as it might be to hit the “install” button, Graham Cluley’s alerted users to be very, very careful about doing so.
His recent article warns Mac users about the fake updates that have been found to be infecting computers (firstname.lastname@example.org; “Mac Users Attacked Again by Fake Adobe Flash Update;” April 12th). Mr. Cluley cites the Intego security experts who detected the fake update package installer. Part of the difficulty for non-experts is that the scammers behind these fake updates have somehow gotten and are using a legitimate Developer ID certificate.
Why is that important? Because the Mac’s operating systems built in Gatekeeper security is fooled by this legitimate certificate — with the result that the malicious files get installed.
How to avoid this? Mr. Cluley’s article stresses that users should go to the Adobe website; that site has information about updates and allows users to know they’re installing the legitimate version. His article has links to other sources of very helpful background information about this very situation.
Finally, Mac users also have the option of making a change on their computer. They can hit the Apple insignia in the upper left hand corner of the screen; go to “system preferences” and then choose among three different Adobe Flash Player options.
This is an important alert for which we have Mr. Cluley to thank.
The Federal Communications Commission (FCC) voted on March 31st to adopt Chairman Tom Wheeler’s privacy proposal. This proposal will create new privacy rules for broadband Internet Service Providers (ISPs).
I am concerned about the potential unintended negative impact on consumers from this well-intended proposal. I wrote about those concerns in a blog published in the Business Section of the Huffington Post on April 4th. The link to that blog is: