A Great Database Of Learning Resources

SOOOOOOOOO exciting to see people of all ages leverage technology to solve problems for all of us!

Tell your child to head on over to elearn.fyi for access to a great database of learning resources, put together by a 17-year old student, to make accessing online resources for eLearning easy! Share with everyone you know!

The CalvertHealth Technology User Committee

We’re excited to announce the creation of the CalvertHealth Technology User Committee. The User Committee charter is to “Propose solutions and make recommendations to improve patient processes, from registration to payment processing, by facilitating technology discussions throughout the health system.” User Committee representatives provide valuable input to technology decisions, but also take information back out to those they represent to help you understand what is happening in technology and why. The group meets monthly, and the representatives are:

• Emergency Department – Chad Lankford
• Inpatient Nursing Units – Shawndell Young
• Ambulatory – Julia Smith
• Ancillary – Jane Welch
• Business – Dirk Gross
• Administration – Brooke Hainey
• Information Services – Melissa Hall

This time of year is usually Health IT Week; Information Services has celebrated with our non-IT colleagues in the past. This year, in recognition of the multitude of equity and diversity challenges in the national conversation, Health IT Week was instead declared Health Equity Week. Information Services held a voluntary discussion about health equity and what it means to us. I was amazed at (and proud of) the overwhelming attendance as we talked about how each of us defines health equity and what we, as a department, could do about it. The discussion was so fruitful we will be holding it quarterly, and we plan to develop concrete ways to use technology to make healthcare more equitable. Stand by for more!

Protect Your Identity

Nationally, there has been an increased number of fraudulent unemployment insurance claims using personal information from individuals. Unfortunately, this same trend has been identified in Maryland where claims are being filed by imposters using stolen personally identifiable information.

When filing a fraudulent claim, the perpetrator will use your information such as: Your Name, Date of Birth, Social Security Number, and other personal data.

To ensure our employees are not the victims of identity theft, we recommend the following precautions to protect yourself from identity theft:

1. Secure your devices and use passwords that are strong. The best advice is to use a password manager to generate a 16-character random password, then store it on the device and only change it if it is compromised.
2. Check your credit report periodically
3. Don’t put your social security number into websites
4. Monitor your accounts
5. Respond rapidly if you think you are subject to theft

If you believe your information has been compromised, it is highly recommended that you place a fraud alert and get your credit reports. If you learn that someone has your personal information and want to place a fraud alert, you would contact one of three credit bureaus. That company is required to report to the other two.

Experian.com/help
888-EXPERIAN (888-397-3742)

TransUnion.com/credit-help
888-909-8872

Equifax.com/personal/credit-report-services
800-685-1111

If you would like to read more about fraudulent unemployment claims, please visit the Maryland Department of Labor website at: https://www.dllr.state.md.us/whatsnews/uipuafraud.shtml.

Ransomware Attacks

Well, folks, it even happens to me… Earlier this year, I had an email conversation with a company that makes a product to help recover from ransomware. I decided it wasn’t right for us at the time, so I stopped replying or even opening the emails. After hearing of the UHS ransomware attack yesterday (see below!), I went back through my emails to take one more look at the product and it’s pricing. Within fifteen minutes, I received a fresh email from that company, the text of which went something like: “Did you hear about the UHS ransomware attack? I see you coincidentally opened my emails about ten minutes ago…want to talk?”

C-R-E-E-P-Y. I have read receipts turned off in my Outlook, so how did he know? I did some research and…C-R-E-E-P-Y. When you receive email, oftentimes the images in the email aren’t actually loaded into your computer until you read it. The images are kept on a remote server and in the background the email has a download link for the image. So modern email trackers include a very tiny transparent image in every email. When you open the email, it records the request from your computer to download the image! My research found that over 40% of email on the internet is now tracked this way, including from friends and even spouses! C-R-E-E-P-Y. I had my email set not to download images from untrusted sources…but when you correspond with someone, your email software automatically adds them to the trusted list!

How do you avoid email tracking? As with everything security-related, there is no foolproof method. However, you can reduce it (with some inconvenience) by turning off automatic image downloads for all senders. That means that if you receive an email with an image you want to see, you’ll have to click to download it (and will also likely notify the sender). Some companies make their entire email an image just to force you to download it, so you need to be vigilant. On the other hand, if email tracking doesn’t bother you no need to change anything.

Now, about that ransomware attack. The largest health system in the US was successfully attacked with ransomware over the weekend, believed to be the largest ransomware attack ever. Ransomware is software that takes over your network and encrypts all your data until you pay a ransom for the key to unlock it. We have some good protection in place here at Calvert but there is no 100% protection against ransomware. It can happen at home or at work. The best software to prevent an attack is running between your two ears! Here are some tips:

1. Don’t click on links or attachments in email unless it is from a sender you trust and you are expecting it.
2. Pay attention to warnings that pop up. If what you are about to do causes the computer to issue you a warning, it may be your ONLY advance indication of a problem. Don’t just click “OK” or “Allow” – read the message and understand what you are allowing!
3. Never disable the security software on your computer just so you can visit that one site, or download that one email. Get help!
4. If your computer reboots and shows a ransom note, leave it on but immediately unplug the network connection in the back of the computer (usually a blue cable that looks like a thick phone cable). This is one case where it’s okay to just rip it out if you need to. Once a computer is ransomed, it attempts to encrypt others. Severing the network connection may potentially stop the spread but ONLY if you act very fast!

Apple's newest operating system for iPhone…

Apple released its newest operating system for iPhone this week, iOS 14, bringing a host of really useful new features. The most important, however, are the privacy additions. With iOS 14, you can manage your privacy (location, etc.) much better. Apple will also be introducing management features that alert you to all the ways your apps are collecting data about you in the next few months.

On the privacy side, have you looked at some of the new secure mobile browsers? I use DuckDuckGo myself. DDG doesn’t collect data on you, and you can set much tighter security on the app than most. It also has a one-touch “erase data and clear tab” function that I really like. Click the flame, and it closes the browser window and deletes all the data associated with it, meaning websites can’t keep cookies on your phone to track the other websites you might visit.

While you might think secure browsers are only for people trying to cover their tracks, the truth is companies are gathering your data all the time. You may trust the companies you work with to only use that information in good faith, but what if they have a cybersecurity incident? What if their payment data storage system is compromised? I allow Amazon to store my payment card details because I order from them often enough to justify the convenience, but I also do NOT have ALL of my payment cards on the site. I have one card I never share with anyone (never even use), so if the absolute worst happens I still have access to my digital cash.

Our modern technological world provides amazing conveniences, beyond what any of us could ever have imagined just twenty years ago, but it is still important to understand the process behind it so you won’t ever get caught out.

Those scammers are getting much, much sneakier…

Someone dear to me clicked a Facebook ad, taking them to a web page showing a normal price of $193, now only $59.99! So they put two in their cart and entered their credit card data (email, mailing address, CC#, security code, expiration – even had them create an account). That’s when the second warning sign happened (I’ll tell you the first one in a second…): the card was declined. Their first instinct was to put another, different card number in the site, but the weirdness of the error caused them to reach out to me. I opened my browser and searched for the company by name. They showed the end-of-season sale as well…except the normal price was $599 (not $193!) and the discounted price was $279! I knew immediately the person had been scammed. The scammers not only created an identical website with credit card processing, account creation – everything – but also adjusted the prices to make it more believable to the uninitiated. WORSE: They denied every credit card…causing you to input MORE credit card numbers. EVEN WORSE: They sent a follow up email (despite the card being “declined”) with a receipt, saying “the merchant that will show up in your bank account has a different name than our company, so don’t worry about it.” Two days later, they sent another email saying the order had shipped! With a fake tracking number! The scammers didn’t want the person to call the bank and cancel the pending transaction before the money actually cleared! THE WORST: Because the person created an account to check out, reusing a password from other merchant sites, they now had to change their password at every site that shared it.

Because we caught the issue, the person called their bank and reported the fraudulent transaction, cancelled their credit cards, changed passwords, and reported the fraudulent ad to Facebook – and felt very, very dumb. They shouldn’t – the warning signs were subtle.

Lessons learned:

1. For something to be “too good to be true”, you have to know what the truth is…
2. If your credit card is declined, but you entered the info appropriately and the card has sufficient funds available, STOP and call your bank. Don’t try another card.
3. When the merchant doesn’t match the web page you used, you should be suspicious of the transaction.
4. Avoid clicking through Facebook ads to merchants. Go to the legitimate website of the merchant (use a search engine…don’t copy the weblink from the ad!) and verify the offer.
5. Don’t reuse passwords if you can avoid it (use a password manager) and certainly don’t reuse passwords on sites that store your credit card details.

Stay cyber safe!

LATEST UPDATES FOR YOUR DEVICES

Happy Holidays! Take some time to unplug this holiday season and spend some quality time with your family. Before you do, though, be sure to run the latest updates on all your electronic devices! Apple, Google and Microsoft have released lots of really important updates in the last few weeks, and for security’s sake you need to install them!

The weather outside is frightful, and the clouds are NOT delightful...unless you’re talking about THE cloud! Lots of folks ask me, “What is the cloud?”, so I thought I’d share a little bit with you. For decades, devices were completely self-contained; they didn’t need the internet because everything required to run the computer was on-board. That is definitely changing. As storage and processing have grown more sophisticated, it’s become obvious the most efficient way to deliver them is through sharing. It’s a bit like using a taxi; you only pay what you need when you need it, instead of having a car sitting in your driveway or the parking lot unused most of the time. Unlike a taxi, though, the storage doesn’t come to you - you access it remotely. So basically, the cloud is storage or computing that happens remotely from you. So why call it the cloud? Well...as these very sophisticated data centers are built all around the world, they are connected in ways that allow the storage and computing to happen anywhere in the world, making it impossible to specifically tell you where any of it is happening at any time. So where is your data stored? “In the cloud!”

What are the advantages of cloud computing and storage? Well, it allows: you to take more pictures than your phone can hold (because the extras are pushed into the cloud); businesses to operate data centers without spending the money to build them onsite and pay for their upkeep; and provides multiple backup copies of your data to reduce the chance of losing it. What are the disadvantages? It requires internet access (sometimes fast internet), and the data is beyond your control. If you have trust issues, pushing your data into the cloud can be nerve-wracking, but it’s a matter of shifting risk. If you keep everything on your phone and drop it in the water watching the electric light boat parade in Annapolis, you just lost all those awesome pictures of your Great Dane with Santa Claus. Putting it in the cloud means someone else has control, but you can just buy another phone and your pictures come right back!

I HATE TO TELL YOU THIS, BUT YOUR DATA WAS EXPOSED

"On November 22, it was announced that a data leak was discovered containing personal and social information of 1.2 billion people. This data leak was discovered on an open Elasticsearch server on October 16, 2019 by two security researchers. The leaked data included over 4 billion user accounts spanning more than 4 terabytes of data. Names, email addresses, phone numbers, and LinkedIn, Twitter, Facebook, and GitHub profiles were included in the exposed data. Researchers are claiming that the data originated from two different data enrichment companies, People Data Labs and OxyData, who specialize in harvesting data from various sources. However, the server that leaked the data is not associated with either company. It is currently unclear how this data became exposed on the open server and for how long it was exposed prior to discovery.

The data does not appear to include highly sensitive information such as payment cards, banking information, or login credentials. At this time, there is also no evidence that the data was accessed or misused by threat actors. Law enforcement was notified about the exposed database prior to the release of this information and has since removed or secured the database.

Source: https://www.dataviper.io/blog/2019/pdl-data-exposure-billion-people/"

What does this mean for you? Since your passwords and credit cards weren’t compromised, you may be ok. However, an attacker could use your social media profile to guess at your security questions for sites such as CalvertHealth or your bank. Your Facebook profile probably includes your date of birth, your mother’s maiden name, the name of your high school, etc. Remember this: if the service is free, you are the product. Gathering all this data about you allows companies to target you with advertising, phone calls, and worse. Take a look at what you are sharing and think about what you get in return. If that equation doesn’t make sense, change something!

BUG IN THE FACEBOOK APP

Another week, another report of a privacy-compromising bug…this time it’s the Facebook app (who knew?). A bug in the Facebook app on iPhone turns on your camera while you browse your feed. Facebook released the fix, so if you have the Facebook app on your iPhone you know what to do: download the update! Alternatively, consider how important that app is on your phone – maybe it’s time to delete it – or at least consider not giving the app permission to use the camera. https://9to5mac.com/2019/11/13/facebook-ios-camera-bug-fix/

MANUFACTURING ERROR IN INTEL CHIPS

A long-standing manufacturing error in every chip EVER MADE by Intel still isn’t fixed. There are updates this month for Windows to fix some of them, but they’re not gone yet. Please keep your computers at home up to date, with antivirus as well. If you’re really into Transaction Asynchronous Aborts…here’s the link: https://www.extremetech.com/computing/301812-new-spectre-related-cpu-flaw-tops-intels-latest-critical-security-fixes

WHY REBOOT A DEVICE?

I’m often asked, “Why do help desk technicians always ask me to reboot my device when I have a problem?”. There’s a few reasons: 1) When your device powers up, it runs a set of tests on itself to determine if the hardware is working. If your device successfully reboots, we can generally rule out significant hardware failure. 2) Today’s software is extremely complex and adaptive. Sometimes, things are loaded into memory in the wrong order, or something isn’t deleted from memory that should, or a thousand other things. Rebooting the device gives the software a fresh slate, an opportunity to fix itself. 3) Devices collect information about themselves continuously until they are rebooted…if you run your device for a long time without it, those logs of information fill up and cause slowdowns in performance. So the next time your device – at work or at home – isn’t running well, save your work, log out and reboot the device. Not only will it potentially fix your problem without submitting a ticket, but it will eliminate one troubleshooting step for whoever helps you!

GOOD NEWS ABOUT YOUR iPHONE

Just read an article to make you feel better about that technology in your pocket - the CRADLE app uses artificial intelligence to spot eye disease in children over a year earlier than conventional means! The app is free and uses images you've already taken in your phone. The app is NOT a substitute for medical advice and if you suspect an issue with your child's eyesight, you should immediately seek medical advice from a licensed practitioner. However, an app like CRADLE may be able to prompt you to seek that medical advice much earlier than you otherwise would.

APPLE DEVICE SECURITY UPDATE

Quite a few of you have Apple devices, so I thought I'd share some recent security news:

1. So your iPhone needs a charge from your computer but you forgot your cable. The friendly guy next to you in Starbucks says, "Don't worry, you can borrow mine." ZAP. There went your passwords and financial data. Don't ever - EVER - plug anything into your computer unless it's from a source you completely trust. A researcher has developed an iPhone charging cable that looks EXACTLY like the real thing - and even functions like the real thing - but creates a wireless hotspot inside the cable that a hacker can connect to and search your computer. Always order branded, legitimate cables from Apple or another trusted source like Amazon. See this article: https://9to5mac.com/2019/10/02/hacked-lightning-cables/
2. Apple released its new iOS 13 a couple of weeks ago and already issued TWO security updates. Get 'em while they're hot.
3. A FUD story (Fear, Uncertainty, Doubt) is going around about hacking iPhones - apparently every iPhone from the iPhone 3G to iPhone X can be hacked and the hack is unfixable....except...it requires the hacker to actually have your phone in their physical hands and make a series of test calls with exquisite timing. Maybe a national government would pull this off to target a person of interest, but I'm guessing none of you are on the radar of the Russian government. If you are, however, please let me know.