Welcome to the 9th Annual Midwest Fall Technology Conference – MFTC
After a successful 2014 conference at Chicago filled with learning, fun, and networking, we are happy to announce the Detroit Michigan HIMSS Chapter 2015 Event. Last year’s conference had close to 700 hundred attendees who participated in unique opportunities, enjoy authentic Chicago nightlife at the House of Blues and premier events.
To be held in:
Detroit, Michigan at the Detroit Marriot at the Renaissance Center
October 25th through the 27th
This Healthcare Information Technology (HIT) event will feature nationally recognized and regional speakers to address some of the most relevant and compelling topics of our time: innovation and leadership, analytics, health information exchanges, clinical engagement / patient engagement / mobile health and industry trends.
In addition to healthcare industry leaders, students and practioners will benefit from an amazing lineup of speakers, including local and national leaders in health information technology. You will have an opportunity to discuss issues with colleagues from across the Midwest, to network, enjoy authentic Michigan landmarks, museums, nature, parks, nightlife and for your students to learn from industry veterans: http://www.michigan.org/hot-spots/detroit/
The Education tracks for the 2015 MFTC include:
Track A: Strategy and Leadership
Track B: Emerging Technology & Cybersecurity
Track C: Public Policy (State and Federal)
Track D: Innovation and Emerging Trends
Track E: Clinical Informatics, Business Analytics & Research
For more Information please visit: http://michigan.himsschapter.org/Events/content.aspx?ItemNumber=41334
For registration please visit: http://www.midwest-ftc.org/
Our organization, RISC Management and Consulting, LLC is involved from a purely volunteer standpoint to assist in reaching Clinicians, Medical, Nursing professionals, educators, and students regarding this unique, local, and exceptional opportunity to learn and share.
Contact us to see how easy DLP can be – RISC Data Loss Prevention Solution
800.648.4358 or Sales@RISCsecurity.com
Part of what RISC provides during our regular education sessions is awareness of phishing emails which may lead to sites that collect sensitive information such as login credentials or passwords, and may contain attachments to infect your computer systems. Cybersecurity is defined as the “protection of information and systems that connect to the Internet. It is in fact protecting your personal information or any form of digital asset stored in your computer or in any digital memory device. It includes detection and response to a variety of cyber (online) attacks” according to the Office of the National Coordinator for HealthIT Information Technology (n.d.).
Just last week, the United States Computer Emergency Readiness Team (US-CERT, 2014a) published “Ebola Phishing Scams and Malware Campaigns” as a cautionary statement to the public.
“Users are encouraged to use caution when encountering these types of email messages and take the following preventative measures to protect themselves:
- Do not follow unsolicited web links or attachments in email messages.
- Maintain up-to-date antivirus software.
- Refer to the Using Caution with Email AttachmentsCyber Security Tip for information on safely handling email attachments.
- Refer to the Avoiding Social Engineering and Phishing AttacksCyber Security Tip for information on social engineering attacks” (USCERT, 2014).
Here are some Email Safety Tips gathered from experts:
- Keep Your Mail Client, Web Browser, and Operating System Updated: Software updates are important, as the bad guys regularly find holes and try to exploit them. Software updates close some of these holes and help protect you. Many operating systems offer automatic updates. If this option is available, you should enable it. If you are running an outdated browser and email client, you could be compromised. (If you have Java installed, you should it or at least disable the browser plugin to protect yourself, too.)
- Use Antivirus Software: On Windows, antivirus software is an important layer of protection. It can help protect you from both mistakes and software bugs that allow malware to run without your permission. If you are using a corporate email system, have a discussion with your Information Technology (I.T.) Department about all the levels of required antivirus; Gateway, Email Server, and Client.
- Be wary of unsolicited attachments, even from people you know – Just because an email message looks like it came from your mom, grandma, or boss doesn’t mean that it did. Many viruses can easily “spoof” the return address, making it look like the message came from someone else. If you can, check with the person who supposedly sent the message to make sure it’s legitimate before opening any attachments. This includes email messages that appear to be from your ISP or software vendor and claim to include patches or anti-virus software. ISPs and software vendors do not send patches or software in email as attachments.
- Don’t Run Dangerous Attachments: If you get a PDF file from someone, it might be safe to open if your .PDF reader and antivirus software are both completely up to date. However, if you suddenly get an email with a .exe file or another potentially dangerous type of file you aren’t expecting – even if it’s from someone you know – you probably shouldn’t run the attachment. Exercise extreme caution with email attachments – they are still a common source of infection.
- Be Careful of Links: Clicking on links provided within the body of an email message is not a good idea. Rather than clicking on a link, which can actually be hyperlinked to something entirely different, open a new tab of your browser and type the address in. When you receive an email that has your bank’s web address in it and it displays as a hyperlink, it could easily map to a scam or virus-laden site.
- Trust your instincts – If an email or email attachment seems suspicious, don’t open it, even if your anti-virus software indicates that the message is clean. Attackers are constantly releasing new viruses, and the anti-virus software might not have the signature. Additionally, 0-day, (Zero Day) attacks are attacks that do not have patches developed or deployed yet, and your antivirus will not recognize them as a threat. At the very least, contact the person who supposedly sent the message to make sure it’s legitimate before you open the attachment. However, especially in the case of forwards, even messages sent by a legitimate sender might contain a virus. If something about the email or the attachment makes you uncomfortable, there may be a good reason. Don’t let your curiosity put your computer at risk.
- When sending email with sensitive information, remember to encrypt it. Some email applications allow you the option of sending encrypted or not encrypted. When in doubt, encrypt. If you don’t have an email encryption solution, use an alternate secure method and contact I.T. to add this to their budget requests.
- Do business with reputable companies.
- Information about known phishing attacks is also available online from groups such as the Anti-Phishing Working Group (http://www.antiphishing.org).
Additional important security tips from the US-CERT (2014b) is knowing how attackers use certain social skills to obtain information such as social engineering and phishing attack.
What is a social engineering attack?
In a social engineering attack, an attacker uses human interaction (social skills) to obtain or compromise information about an organization or its computer systems. An attacker may seem unassuming and respectable, possibly claiming to be a new employee, repair person, or researcher and even offering credentials to support that identity. However, by asking questions, he or she may be able to piece together enough information to infiltrate an organization’s network. If an attacker is not able to gather enough information from one source, he or she may contact another source within the same organization and rely on the information from the first source to add to his or her credibility.
What is a phishing attack?
Phishing is a form of social engineering. Phishing attacks use email or malicious websites to solicit personal information by posing as a trustworthy organization. For example, an attacker may send email seemingly from a reputable credit card company or financial institution that requests account information, often suggesting that there is a problem. When users respond with the requested information, attackers can use it to gain access to the accounts.
Phishing attacks may also appear to come from other types of organizations, such as charities. Attackers often take advantage of current events and certain times of the year, such as
- natural disasters (e.g., Hurricane Katrina, Indonesian tsunami)
- epidemics and health scares (e.g., H1N1)
- economic concerns (e.g., IRS scams)
- major political elections
The goal is not to become the victim. It is important to protect your privacy. Be suspicious of unsolicited phone calls, visits or email messages if others are asking questions about employees or colleagues. Always verify the source directly. It is not good practice to provide personal or financial information via email unless it was through a verified source and encrypted route. Take the extra step to install and maintain anti-virus software, firewalls, and email filters to reduce spam.
Be aware and keep abreast of technology. Lastly, be vigilant for signs of identity theft and consider reporting the attack to the police or file a report with the Federal Trade Commission (http://www.ftc.gov/). For more information on Identity Theft, please visit https://www.fdic.gov/consumers/consumer/alerts/theft.html.
Cybersecurity. (n.d.). Office of the National coordinator for Health Information Technology. Retrieved from http://www.healthit.gov/
How To Geek. (2013). Why opening an email is safe. Retrieved from http://www.howtogeek.com/135546/htg-explains-why-you-cant-get-infected-just-by-opening-an-email-and-when-you-can/
US-CERT. (2014a). Ebola phishing scams and Malware campaigns. Retrieved from https://www.us-cert.gov/ncas/current-activity/2014/10/16/Ebola-Phishing-Scams-and-Malware-Campaigns
US-CERT. (2014b). Avoiding social engineering and phishing attacks. Retrieved from https://www.us-cert.gov/ncas/tips/st04-014
Microsoft has released out-of-band updates to address a critical use-after-free vulnerability in Internet Explorer versions 6 through 11, including IE versions running on Windows XP.
According to the United States Computer Emergency Readiness Team, their organization’s goal is toward a safer, “stronger Internet for all Americans by responding to major incidents, analyzing threats, and exchanging critical cybersecurity information with trusted partners around the world” (US-CERT, 2014). US-CERT is part of the Department of Homeland Security’s National Cybersecurity and Communications Integration Center (NCCIC). US-CERT coordinates the sharing of cyber information and proactively address the nation’s cyber risks while protecting the constitutional rights of Americans.
Please read the following updates and the following links.
Security Update for Internet Explorer (2965111) Published: May 1, 2014
“This security update resolves a publicly disclosed vulnerability in Internet Explorer. The vulnerability could allow remote code execution if a user views a specially crafted webpage using an affected version of Internet Explorer. An attacker who successfully exploited this vulnerability could gain the same user rights as the current user. Users whose accounts are configured to have fewer user rights on the system could be less impacted than users who operate with administrative user rights.
This security update is rated Critical for Internet Explorer 6 (IE 6), Internet Explorer 7 (IE 7), Internet Explorer 8 (IE 8), Internet Explorer 9 (IE 9), Internet Explorer 10 (IE 10), and Internet Explorer 11 (IE 11) on affected Windows clients, and Moderate for Internet Explorer 6 (IE 6), Internet Explorer 7 (IE 7), Internet Explorer 8 (IE 8), Internet Explorer 9 (IE 9), Internet Explorer 10 (IE 10), and Internet Explorer 11 (IE 11) on affected Windows servers. For more information, see the subsection,
Affected and Non-Affected Software, in this section.
The security update addresses the vulnerability by modifying the way that Internet Explorer handles objects in memory. For more information about the vulnerability, see the Frequently Asked Questions (FAQ) subsection for the specific vulnerability entry later in this bulletin.
This security update addresses the vulnerability first described in Microsoft Security Advisory 2963983.
- Most customers have automatic updating enabled and will not need to take any action because this security update will be downloaded and installed automatically. For information about specific configuration options in automatic updating, see Microsoft Knowledge Base Article 294871. For Customers who do not have automatic updating enabled, the steps in Turn automatic updating on or off can be used to enable automatic updating.
- For administrators and enterprise installations, or end users who want to install this security update manually (including customers who have not enabled automatic updating), Microsoft recommends that customers apply the update immediately using update management software, or by checking for updates using the Microsoft Update service. The updates are also available via the download links in the Affected Software table later in this bulletin”.
Affected and Non Affected Software Link to the table: https://technet.microsoft.com/library/security/ms14-021#ID0E1OAE
RISC Management and Consulting, LLC www.RISCsecurity.com
Contact us today for all your compliance needs: Sales@RISCsecurity.com
United States Computer Emergency Readiness Team. (2014). Microsoft releases security update for internet exploere use-after-free vulnerability. Retrieved from ttps://www.us-cert.gov/ncas/current-activity/2014/05/01/Microsoft-Releases-Security-Update-Internet-Explorer-Use-After-Free
Microsoft. (2014). Microsoft security bulletin MS14-021: Security update for Internet Explorer. Retrieved from https://technet.microsoft.com/library/security/ms14-021
The following is a first-hand story from one of our business partners. I thought it was worth sharing as we often feel that certain “types” of software programs and utilities are safe because of their nature or purpose. Let the Downloader Beware!
Proactive PC User
This is a personal experience with the home office PC of a partner of ours. It taught her a lesson to take the same precaution with her own personal computer at home as she does at work. The story refers to a computer virus and having to deal with this unfortunate occurrence. Her home PC was running slower than usual. There were pop-ops; she could not load certain websites; and there were many more operational issues. It took this person two days to figure out what they had done differently. Then she remembered downloading a free eReader application. All of a sudden, she went into panic mode and started reacting instead of being proactive. The “cybercriminals who publish and distribute malware devote significant effort to convincing or tricking Internet users into clicking links that lead to malware, or that download malicious attachments or applications”(Microsoft, 2013, p. 3).
What is a computer virus?
They are unwanted, sometimes destructive software programs that often times have the ability to spread from one computer to another. Their objective is interfering with the computer’s intended operation. Viruses often have the ability to corrupt, delete, or copy and send “home” important information on your computer.
- Adware -Advertising-supported software that plays, displays, or downloads advertising content on your computer. Adware may or may not be destructive, and may or may not jeopardize sensitive or regulated data.
- Companion Virus – Replicate by exploiting the precedence hierarchy according to which the operating system executes program files based on their filename extensions. A good example of a companion virus is a search order to exploit the DLL files. If the malware replicated itself as a DLL application directory, it would take precedence over the DLL with the same name in the system directory.
- Exploits – Malicious code that takes advantage of vulnerabilities specific to software. Exploits can infect, disrupt, and even take control of your computer without your knowledge. The usual focus is on the operating system, web browsers, applications, or software components installed on the computer.
- PUAs- Potentially unwanted applications that contain a broad category of software that has a less threatening intention. It is also referred to as grayware. It still has the capabilities of potentially altering the behavior of your computer. An example would be adware, spyware, various browser toolbars, bundleware, trackware, etc.
- Ransomware – Type of malware that is specifically designed to render files unusable until the user pays a fee to the attacker via electronic money transfer. The message will have an official look similar to the U.S. Federal Bureau of Investigation (FBI) and Scotland Yard. When the ransom has been paid, a password is then provided or access to the computer is restored. The ransom is usually demanded in untraceable Internet currency.
- Rogue security software – Common method that attackers implements to make money, also called scareware. The software makes it seem like you are at risk, or that it would be helpful to have to have a secured computer, but in reality there is no real security provided! In fact they are misleading alerts to temp users to spend their hard earned dollar. The software mimics legitimate security software with the scare tactics of non-existent threats and urging the user to pay for the full version to assist with the removal of the threats.
Some samples of those that don’t hurt a PC, but are only an annoyance
Win32 Adware was frustrating, but with the help of SMEs, it can be removed.
Win32/adware.virtumonde virus is an adware that is designed for delivery of unsolicited advertisement and usually comes in a grouping of other malware.
Win32/AdWare.MultiPlug.N is the threat name and it is categorized under riskware. According to eset their detection it was created December 23, 2013. Prevalence map indicated the highest percentage in Asia such as Laos at 2.22 % and one of the lowest in the United States at 0.28%. The world activity peaked at 2.71% in December 23, 2013. Now in March of 2014, a declining trend is showing to about 0.46% on an average.
DLL files (message will pop up relating to DLL files):
According to Microsoft, DLL is the acronym for Dynamic Link Libraries. A DLL is a library that contains code and data that can be used by more than one program at the same time. For example, in Windows operating systems, the Comdlg32 DLL performs common dialog box related functions. Each program can use the functionality that is contained in this DLL to implement an Open diaglog box. This helps promote code reuse and efficient memory usage. “The use of DLLs helps promote modularization of code, code reuse, efficient memory usage, and reduced disk space. Therefore, the operating system and the programs load faster, run faster, and take less disk space on the computer”
The following list describes some of the files that are implemented as DLLs in Windows operating systems:
- ActiveX Controls (.ocx) files
An example of an ActiveX control is a calendar control that lets you select a date from a calendar.
- Control Panel (.cpl) files
An example of a .cpl file is an item that is located in Control Panel. Each item is a specialized DLL.
- Device driver (.drv) files
An example of a device driver is a printer driver that controls the printing to a printer.
The following list describes some of the advantages that are provided when a program uses a DLL:
- Uses fewer resources
When multiple programs use the same library of functions, a DLL can reduce the duplication of code that is loaded on the disk and in physical memory. This can greatly influence the performance of not just the program that is running in the foreground, but also other programs that are running on the Windows operating system.
- Promotes modular architecture
A DLL helps promote developing modular programs. This helps you develop large programs that require multiple language versions or a program that requires modular architecture. An example of a modular program is an accounting program that has many modules that can be dynamically loaded at run time.
- Eases deployment and installation
When a function within a DLL needs an update or a fix, the deployment and installation of the DLL does not require the program to be relinked with the DLL. Additionally, if multiple programs use the same DLL, the multiple programs will all benefit from the update or the fix. This issue may more frequently occur when you use a third-party DLL that is regularly updated or fixed.
When a program or a DLL uses a DLL function in another DLL, a dependency is created. Therefore, the program is no longer self-contained, and the program may experience problems if the dependency is broken. For example, the program may not run if one of the following actions occurs:
- A dependent DLL is upgraded to a new version.
- A dependent DLL is fixed.
- A dependent DLL is overwritten with an earlier version.
- A dependent DLL is removed from the computer.
Signs and Symptoms
- Onslaught of pop-up advertisements
- Alerts stating your PC has been compromised
- Alerts will usually include message to help you remove the threats by downloading an additional program or purchasing something
- You PC is running slower than normal
- Unable to play a favorite game, or, in their words, “It was acting weird!”
- Inability to not load certain websites
Real World Example that is beneficial to both the work environment and at home
Scenario X – Work
“A company in a heavily regulated industry (such as banking or health care) may restrict its employees’ use of instant messaging (IM) due to regulatory concerns. To bypass this restriction, a new employee who wishes to chat with friends while at work brings in a USB flash drive with a portable instant messaging (IM) program on it. While free, the program is supported by advertising. It turns out that a criminal bought space on the advertising network used by the program, and uses a maliciously crafted advertisement to inject malware into the new employee’s computer, which then acts as a springboard for stealing the company’s intellectual property.” (Goretsky, 2011, p. 3)
Scenario Y- Home
“Potentially unwanted applications are not limited to the office. Imagine the following scenario: A child using a family computer downloads a “utility” program in order to add additional features to his or her instant messaging program or Minecraft account. The child clicks through the program’s installation process, ignoring the end user license agreement (EULA), and thus doesn’t realize that installing the program will also install adware that monitors user behavior and displays targeted advertising, and that replaces standard search recommendations with paid search results. The adware may then go on to redirect search results to sites from which additional malicious software can be deployed” (Goretsky, 2011, p. 3).
To remove this annoyance
- She upgraded her antivirus to the latest version (worth the money) to locate and remove the potential threats.
- The installed and upgraded antivirus actually found a variant of WIN32/AdWare.MultiPlug.N application, where a message informed the User that it was cleaned by deleting or quarantined.
- Several others were identified but not recorded, these would be available in the AV log.
- Performed several rounds of full system scanning.
- Reconfiguration of the anti-virus software to update itself regularly.
- The User had to modify behavior and occasionally check that the anti-virus software was the latest version, receiving regular updates, and that they added the license validation/renewal date in their calendar alert to renew my license prior to expiration.
Where it went wrong
The User had forgotten to update her anti-virus because she was too busy at work. She figured it was only her home PC and there’s nothing she needed to keep confidential or safe from prying eyes…Wrong! There were photos of her family, letters, their family’s home addresses and birth dates, copies of their own school work that was as yet unpublished, and more.
The User actively checks that their anti-virus is up to date. Behavior was modified to include understanding that “installing security software is the first step toward cybersecurity.” Their extensive research for the best anti-virus product they could afford for their home computer involved several steps. They (family) used several sources online such as PC Mag digital edition, 10 Best Online, and reading AV Comparative’s tests results. AV-Comparatives is an independent not-for profit organization where they test security software and determine if they live up to their promises. Thirdly they educated themselves with how to navigate the Internet with safety in mind. ESET Smart Security 7 provided the User with a training module complete with real life scenarios and tips for protecting their computer. ESET received high marks according to independent testing laboratories or an AAA rating, which is the highest possible from Dennis Technology Labs for example (Rubenking, 2013). However, ESET was not perfect either because in one test of blocking malicious URLs, ESET only blocked 41% of the over 100% URLs tried (Rubenking, 2013). Avast Internet Security 2014 received a better score which blocked 79% in the same category (Rubenking, 2013). The User enjoyed reading the 10 Best Online review because it was easy to see the comparison due to the visual details. They use the popular “5 Star Rating” (10 Best Online, 2014).
However, the bottom line is to find what is more important to you as a User and prioritize your needs.
The User expressed regret and misses playing a video game that their children had introduced to them as it, “Had simply disappeared!” It was probably due to a deleted or corrupted DLL file, or a dependent DLL was upgraded to a new version.
Either way, the User reported learning their lesson to continue to implement controls similar to their work environment on their home PC. In addition, they reported protecting all of their digital devices including their smartphone, tablet, desktop computer and laptop, even when used only in the home environment.
A few free tips:
In addition, protect your personal email, only use secure and private connections, don’t submit vital information such as your social security number online, check a link’s authenticity, creating a strong password for online accounts, change your password at least every three to six months, enable strict privacy settings on my networking sites, don’t link with anyone you do not know, think twice prior to sharing information or at least limit the details such as not providing your GPS location which will tell others that you are not home and become a target for physical theft for criminals, don’t clink on links in email, even if they are from known individuals, instead re-type important URLs into a fresh browser window after ensuring Real Time Protection is enabled on your PC, and be extremely wary of joke and humor sites, online surveys, and other questionable websites.
ESET. (2014). ESET: Virus radar. Retrieved from http://www.virusradar.com/en/Win32_Adware.MultiPlug/detail
Microsoft.(2014). Microsoft support: What is a DLL. Retrieved from http://support.microsoft.com/kb/815065
Goretsky, A. (2011). Problematic, unloved and argumentative: What is a potentially unwanted application. Retrieved from http://go.eset.com/us/resources/white-papers/Problematic-Unloved-Argumentative.pdf
Rubenking, N. (2013). PC Mag: ESET Smart Security 7. Retrieved from http://www.pcmag.com/article2/0,2817,2428165,00.asp
Ten Best Online. (2014). 10 Best antivirus software comparison for 2014. Retrieved from http://www.10bestonline.com/top_10_best_antivirus_reviews/top_10_best_antivirus_comparison/