<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=Windows-1252">
</head>
<body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;">
<span style="font-family: Arial;">In this issue:</span><br>
<div apple-content-edited="true">
<div style="color: rgb(0, 0, 0); letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;">
<div style="color: rgb(0, 0, 0); letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-stroke-width: 0px; word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space;">
<div style="margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style="margin: 0px; font-family: Arial;">1. EVENT: Laptop Tagging and Registration on Wed. 5/7</div>
<div style="margin: 0px; font-family: Arial;">2. The Rise of Identity Theft in Healthcare</div>
<div style="margin: 0px; font-family: Arial;">3. Phishing Scheme Used VoIP to Steal Debit Card Data</div>
<div style="margin: 0px; font-family: Arial;">4. Hackers Lurk in the Strangest Places</div>
<div style="margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style="margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style="margin: 0px; font-family: Arial;">----------------------------------------------------------------------------</div>
<div style="margin: 0px; font-family: Arial;">1. EVENT: Laptop Tagging and Registration on Wed. 5/7</div>
<div style="margin: 0px; font-family: Arial;">----------------------------------------------------------------------------</div>
<div style="margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style="margin: 0px; font-family: Helvetica;">This Wednesday, there is an opportunity to register and tag your laptop.</div>
<div style="margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style="margin: 0px; font-family: Helvetica;">Where: <b>Lobby of Building 10</b></div>
<div style="margin: 0px; font-family: Helvetica;">When: <b>Wed., May 7, 11:00 am - 12:30 pm</b></div>
<div style="margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style="margin: 0px; font-family: Helvetica;">Cost: $10 cash (no cards) or MIT Cash Object</div>
<div style="margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style="margin: 0px; font-family: Helvetica;">Just as you might register a bike with the police, you can also register your laptop. Information Systems & Technology partners with MIT Police to provide STOP (Security Tracking of Office Property) tags for
laptops. The tag is affixed to the device, has a unique number, and is registered with a world-wide database.</div>
<div style="margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style="margin: 0px; font-family: Helvetica;">Sgt. Cheryl Vossmer of the MIT Police says that although a STOP tag is not software that can track a device via GPS or other means, it has been very effective at providing a way for lost or stolen laptops to
be returned to their rightful owners.</div>
<div style="margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style="margin: 0px; font-family: Helvetica; color: rgb(71, 135, 255);"><span style="color: #000000">Read
<a href="https://www.stoptheft.com/">laptop recovery stories here</a>.</span></div>
<div style="margin: 0px; font-family: Helvetica; min-height: 17px;"><br>
</div>
<div style="margin: 0px; font-family: Helvetica; color: rgb(71, 135, 255);"><span style="text-decoration: underline"><a href="http://kb.mit.edu/confluence/display/istcontrib/MIT+Police+Laptop+Tagging+and+Registration">Learn more about laptop registration at
MIT</a></span><span style="color: #000000">.</span></div>
<div style="margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style="margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style="margin: 0px; font-family: Arial;">--------------------------------------------------------</div>
<div style="margin: 0px; font-family: Arial;">2. The Rise of Identity Theft in Healthcare</div>
<div style="margin: 0px; font-family: Arial;">--------------------------------------------------------</div>
<div style="margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style="margin: 0px; font-family: Arial;">The Identity Theft Resource Center produced a survey last month showing that medical-related identity theft accounted for 43% of all identity thefts reported in the US in 2013. This amount is far greater than identity
theft involving banking, finance, the government, military or education. Since 2009, between 27.8 million and 67.7 million people have had their medical records breached. </div>
<div style="margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style="margin: 0px; font-family: Arial;">Stolen medical information is generally used to commit insurance fraud and illegally obtain prescription drugs.</div>
<div style="margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style="margin: 0px; font-family: Arial;">Unfortunately, this type of identity theft has one of the lowest recourses for victims. They experience financial repercussions and may often find erroneous information added to their medical files. According to
James Pyles, a Washington, DC lawyer, “It’s almost impossible to clear up a medical record once medical identity theft has occurred.”</div>
<div style="margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style="margin: 0px; font-family: Arial;">Identity theft occurs when someone gains unauthorized access to the medical information, and passes it on without permission (20%) or when systems are hacked (14%). </div>
<div style="margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style="margin: 0px; font-family: Arial;">But the majority of identity theft (over 50%) occurs when the theft of a computer or other medical device is involved. This is why it’s so important to protect those devices. “We say, encrypt, encrypt, encrypt,”
says Rachel Seeger, a spokesperson for the US Department of Health and Human Services.</div>
<div style="margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style="margin: 0px; font-family: Arial;"><a href="http://www.studentdoctor.net/2014/04/the-rise-of-medical-identity-theft-in-healthcare/">Read the full story online</a>.</div>
<div style="margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style="margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style="margin: 0px; font-family: Arial;">----------------------------------------------------------------------------</div>
<div style="margin: 0px; font-family: Arial;">3. Phishing Scheme Used VoIP to Steal Debit Card Data</div>
<div style="margin: 0px; font-family: Arial;">----------------------------------------------------------------------------</div>
<div style="margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style="margin: 0px; font-family: Arial;">In a new variation on phishing campaigns, thieves used text messages and VoIP (voice over Internet protocol) calls to steal debit card data from customers of a number of US financial institutions. The method is
called voice phishing or “vishing” (using a phone to scam customers). </div>
<div style="margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style="margin: 0px; font-family: Arial;">The targeted bank customers received text messages telling them their debit card has been deactivated and were given a phone number to call to reactivate the card. The number sent them to an interactive voice response
(IVR) system that asked for their debit card number and PIN.</div>
<div style="margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style="margin: 0px; font-family: Arial;"><a href="http://www.computerworld.com/s/article/9248027/Voice_phishing_scheme_lets_hackers_steal_personal_data_from_banks">Read the full story online</a>.</div>
<div style="margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style="margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style="margin: 0px; font-family: Arial; min-height: 16px;">-----------------------------------------------------</div>
<div style="margin: 0px; font-family: Arial; min-height: 16px;">4. Hackers Lurk in the Strangest Places</div>
<div style="margin: 0px; font-family: Arial; min-height: 16px;">-----------------------------------------------------</div>
<div style="margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style="margin: 0px; font-family: Arial;">When hackers were unable to gain access to Target’s records through their main system, they went through its heating and cooling system. In other cases, hackers have used printers, thermostats, video-conferencing
equipment and a Chinese takeout menu.</div>
<div style="margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style="margin: 0px; font-family: Arial;">A Chinese takeout menu? Yes, when hackers couldn’t breach the computer network at a big oil company, they infected the online menu of a Chinese restaurant with malware that was popular with employees of the oil
company. When workers browsed the menu, they inadvertently downloaded code that gave attackers a foothold in the business’ network.</div>
<div style="margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style="margin: 0px; font-family: Arial;">Companies that are doing everything possible to seal up their systems are now having to look in the unlikeliest places for vulnerabilities. The situation has grown increasingly complex and urgent. Access to a network
is given to all kinds of other computerized systems and services, including heating, ventilation and cooling systems, billing and expense systems, health insurance providers and even vending machines. </div>
<div style="margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style="margin: 0px; font-family: Arial;">While security researchers are often employed to find such leaks in a system, it is now becoming as difficult as finding a needle in a haystack. </div>
<div style="margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style="margin: 0px; font-family: Arial;"><a href="http://www.nytimes.com/2014/04/08/technology/the-spy-in-the-soda-machine.html">Read the full story online</a>.</div>
<div style="margin: 0px; font-family: Arial;"><br>
</div>
<div style="margin: 0px; font-family: Arial;"><br>
</div>
<div style="margin: 0px; font-family: Arial; min-height: 16px;">
<div style="margin: 0px; font-family: Helvetica;">=======================================================================================</div>
<div style="margin: 0px; font-family: Helvetica;">Read all archived Security FYI Newsletter articles and submit comments online at
<a href="http://securityfyi.wordpress.com/"><span style="color: rgb(4, 46, 238);">http://securityfyi.wordpress.com/</span></a>.</div>
<div style="margin: 0px; font-family: Helvetica;">=======================================================================================</div>
<div><br>
</div>
</div>
<div style="margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
<div style="margin: 0px; font-family: Arial; min-height: 16px;"><br>
</div>
Monique Buchanan<br>
IT Security Communications Consultant<br>
Information Systems & Technology (IS&T)<br>
Massachusetts Institute of Technology<br>
<a href="http://ist.mit.edu/secure">http://ist.mit.edu/secure</a><br>
tel: 617.253.2715<br>
<br>
<br>
</div>
</div>
</div>
<br>
</body>
</html>