Thanks to a federal deadline extension, more physicians may be able to collect Medicare electronic health record (EHR) financial incentives of up to $44,000. The deadline for meeting stage 2 standards of meaningful use of EHRs has been delayed until 2014 to encourage more physicians to participate.

Physicians, hospitals, and others have already received more than $1.2 billion in EHR incentive payments. To get an incentive payment, physicians participating in the incentive program in 2011 and 2012 need to attest that they met stage 1 standards.

If you have questions about what you need to do to meet meaningful use and earn the incentives, you may find some answers in an interactive resource guide recently developed by the Centers for Medicare and Medicaid Services.

The guide contains information on:

• Program basics—EHR incentive program overview, requirements, and program options
• How to participate—Eligibility and registration
• Meaningful use—How to successfully attest to meaningful use for Medicare, including the core and menu objectives and clinical quality measures you must meet
• Attestation—Steps to follow to attest and what happens afterwards

from https://www.fbi.gov/news/news_blog/holiday-shopping-tips

In advance of the holiday season, the FBI’s Internet Crime Complaint Center reminds shoppers to beware of cyber criminals and their aggressive and creative ways to steal money and personal information.

Scammers use many techniques to fool potential victims including fraudulent auction sales, reshipping merchandise purchased with a stolen credit card, sale of fraudulent or stolen gift cards through auction sites at discounted prices, and phishing e-mails advertising brand name merchandise for bargain prices or e-mails promoting the sale of merchandise that ends up being a counterfeit product.

Here are some tips you can use to avoid becoming a victim of cyber fraud:

• Do not respond to unsolicited (spam) e-mail.
• Do not click on links contained within an unsolicited e-mail.
• Be cautious of e-mail claiming to contain pictures in attached files, as the files may contain viruses. Only open attachments from known senders. Always run a virus scan on attachment before opening.
• Avoid filling out forms contained in e-mail messages that ask for personal information.
• Always compare the link in the e-mail to the web address link you are directed to and determine if they match.
• Log on directly to the official Web site for the business identified in the e-mail, instead of “linking” to it from an unsolicited e-mail. If the e-mail appears to be from your bank, credit card issuer, or other company you deal with frequently, your statements or official correspondence from the business will provide the proper contact information.
• Contact the actual business that supposedly sent the e-mail to verify that the e-mail is genuine.
• If you are requested to act quickly or there is an emergency, it may be a scam. Fraudsters create a sense of urgency to get you to act impulsively.

This blog post was inspired by You Dirty, Shady RAT, a feature article at infosecurity-magazine.com which contains a very thorough accounting of the threat and the pursuing industry controversy.

In August, a McAfee analyst detailed Operation Shady RAT, a hacking operation that targeted more than 70 organizations across at least 14 nations.

Infographic: Industries affected by Shady RAT

Researcher Dmitri Alperovitch characterizes the operation as commonplace, not unusual at all.  “This is a problem of massive scale that affects nearly every industry and sector of the economies of numerous countries, and the only organizations that are exempt from this threat are those that don’t have anything valuable or interesting worth stealing,” he wrote.

Eugene Kaspersky, founder and CEO of the extremely capable Kaspersky Labs, criticized the disclosure by McAfee.  He characterizes the malware behind Shady RAT as a “lame piece of homebrew code that could have been written by a beginner.”
Read More »

Being the personal IT professional for about 30 family members, many friends and of course my clients, I get a lot of calls asking for advice.  “You know computers, right?”  Yes, computers I know.  The primary complaint I hear is that the machine has just lost it’s former pep. “You know, it just seems slower.”

Here a few tips to try regain that spring in your PC’s step.  Perform the following suggestions at your own risk, but if you follow the directions carefully, you should be ok.

The actions we take depend on the exact symptoms, but if the machine is usable we usually follow variations of the procedures below….  When the machine is unusable, extremely slow, we usually do the same type of stuff, but in a different order, booting into safe mode for some of them, etc.  Sometimes, we completely reinstall the operating system.

These directions are specifically for Windows XP.  Other flavors have slight differences.  You can usually figure it out or just google what you are trying to do with windows vista home or whatever you are using at the end… let me know in comments and I’ll try and help.

Read More »

I recently read “Kingpin: How One Hacker Took Over the Billion-Dollar Cybercrime Underground”(Google Books Preview, Library, Amazon), a well-written and exciting read about the dark and festering hacker subculture boiling beneath the surface of the world wide internet.   Author Kevin Poulsen is an ex-hacker and is very well tuned in to what is happening in the criminal wing of the public network. I think we all realize that the internet is a hotbed of criminal activity, but Kingpin shows step by step how ‘carding’ or the use of the internet for the trafficing of stolen credit card information, happens on an unimaginable scale.  For anyone who has an interest in how the criminals pull off the credit card fraud we hear about in the media, I highly recommend picking up this book.  I also recommend the blog ThreatLevel at wired.com, of which he is co-founder and a frequent contributor.

There are a multitude of ways the internet makes us personally vulnerable to criminal activity.  I have covered these issues in many posts previously, summarized at the end of this post.

The internet, however,  is not the only way the criminals can get our account details – and sometimes they use techniques that are plain old school, doing it the old fashioned way – with new technology twists. Read More »

A new hacking tool called BEAST cracks TLS 1.0/ SSL in under 10 minutes.

The attack is very specific and the attacker needs access to the network, however most servers are using version 1.0 of TLS required for the crack to work.

Read More »

Many of the electronic fraud schemes in use today are plays on scams that have been around for years, way before the internet and some even before phones. Updated to use today’s technology, the fraudsters use new innovations to trick their victims.

The technology may be new, but the scams still play upon the same age-old weakness in human nature: our trust. Read More »

Data leaks out of every hole possible.  It happens electronically.  It happens physically.  It happens to firms that understand all the issues and should have better safeguards in place: HIPAA Auditor Involved in Own Data Breach.

Don’t let it happen to you!

Who’s writing all these apps anyway?  Well, criminals are writing some of them and getting them on the Android Market!  Once installed, the app described here forwards your SMS messages to a remote server via HTTP POST requests.

https://mobile.reuters.com/article/idUSTRE7580TM20110609?irpc=932