Physician Tax Fraud Scheme

Alabama has now been added to a growing list of states with a doctor targeted tax fraud outbreak.  Hundreds of physicians in Arizona, Connecticut, Indiana, South Dakota, New Hampshire, Michigan, North Carolina, Vermont and Alabama have been impacted.

A bulletin from the North Carolina Medical Society recently said, “The majority of those affected first become aware of it when they receive an IRS 5071C letter advising them of possible fraud. Others are receiving a rejection notification when attempting to electronically file their tax return. It indicates it cannot be submitted because a return has already been filed under that Social Security number.”

Earlier week, the UAB IT Information Security Team received information that a half-dozen physicians associated with a local medical group affiliated with the Children’s Hospital of Alabama have also been victimized as a result of this scheme.  We have unconfirmed reports that several UAB physicians may also be impacted.

We are in contact with the local FBI field agent regarding this matter and are asking if you or a physician you know has been affected by this, please contact the UAB Chief Information Security Officer at (205) 975-3117 or by email to jwp3@uab.edu for additional information.
The OpenSSL/Heartbleed vulnerability has been recently spotlighted in the news media since being announced on April 7, 2014.  UAB IT has reviewed all centrally supported systems for this vulnerability and, working with our vendors, have installed patches on all supported systems to mitigate this vulnerability.  We have used results from our daily Nessus campus network scans to identify system which are/were vulnerable and mitigated those systems which are centrally supported.  Additional mitigation steps were taken where needed to protect sensitive credentials and data from compromise.

We believe that the possibility of a data breach or compromise is very low at this time however we recommend that all users take additional steps from an abundance of caution perspective.  Those steps include 1) if you have access as an administrator to a system change your password(s) after you have verified that the vendor supporting your system has patched it appropriately, 2) increase your effort to mitigate those vulnerable systems identified on the weekly Nessus vulnerability report available at https://silo.dpo.uab.edu/vulnreport (if you need assistance please call Information Security at 205-975-0482), 3) please ensure that all systems that use SSL encryption services are fully patched, then restart the service on that system, 4) replace all SSL certificates on those systems with one provide free of charge from UAB IT from www.uab.edu/uabcrt (certificates from UAB are vetted, patched and kept up to date), 5) change all privileged account passwords immediately after vendor patches have been applied, and 6) be aware that many network devices and printers have embedded SSL based encrypted web based access portals which should be updated with vendor patches to mitigate this vulnerability.

We also recommend that all users with privileged access change their BlazerID passwords immediately as a precaution to mitigate any possible exfiltration of sensitive data by the OpenSSL vulnerability.  And we also recommend that users change their personal passwords which they may use to access personal non-UAB web sites such as on-line banking and others to assist in reducing the possibility of becoming a cybercrime victim.


If you need additional assistance, please call AskIT at (205) 996-5555.
After 10 years as a student and 25 years working at UAB, Doug Rigney, Ph.D., interim vice president of Information Technology, has announced his retirement, effective May 31.  See the full article on Dr. Rigney here.

GraphPad Prism Software Subscriptions 

UAB now has an agreement in place with GraphPat for their Prism software at a discounted price to what is available to individual users and schools direclty from GraphPad.  

GraphPad Prism is a commercial scientific 2D graphing and statistics software published by GraphPad Software, Inc.. Prism is available for both Windows and Macintosh computers. 

  • Provides statistical guidance for novices.
  • Analysis checklists review if an appropriate analysis was performed.
  • Nonlinear regression with many options (remove outliers, compare models, compare curves, interpolate standard curves, etc.).
  • Live links. When data are edited or replaced, Prism automatically updates the results and graphs.
  • Analysis choices can be reviewed, and changed, at any time.
  • Automatic error bars. Raw data (replicates) can be entered, and then plotted as mean with SD, SEM or confidence interval.

For more information about the GraphPad Prism subscriptions available under UAB's Agreement click here.

Beginning April 30 UAB will be upgrading students to Microsoft Office 365, a new cloud-based platform for e-mail, file storage, and Microsoft Office applications (Word, PowerPoint, Excel). This new service provides students with the following benefits:

  • 50 GB of e-mail space, an increase of 49 GB from the current service
  • 25 GB of free file storage, an increase of 24 GB from the current service
  • Access to Microsoft Office applications from laptops, tablets, and other mobile devices
  • A single web interface to access all of the above features

Students who prefer to work offline will be able to download the Office applications and continue using their preferred e-mail clients.

We expect all students to be transitioned to the Office 365 service by June 30, 2014. For more information and how the transition will occur please visit our Office 365 for Students info page.
UAB IT is aware of an issue with Optidoc and systems that have been upgraded to Java 1.7.51.  When opening Optidoc users may be prompted with an alert (see examples below).  The work around for these alerts is to click 'Run' until such time as the vendor resolves the issue.  You can also check the "Always trust content from this publisher" to prevent the alert from appearing each time you start Optidoc. While this resolution is not optimal, it is the only solution available at this time.

If you have any questions please contact AskIT.


OptidocOptidoc
tech talkUAB IT is introducing a new quarterly series, “Tech Talk,”   beginning this month.  On March 19th,  Dell Field Marketing Senior Advisor, Andrew Vanderploeg will kick off our series.  The focus will be a review of end-user computing, as well as the current state of Dell and where they are headed in the future.  Please plan to attend, and feel free to pass the invitation along to others on campus that you feel may want to attend.  March 19, 2pm-4pm CEC 140.
Effective January 1, 2014, UAB has a new password/passphrase standard for all active Blazer ID users. This standard supports the Data Protection and Security Policy and is designed to improve the overall security posture on campus. This standard applies to all users and systems at UAB which utilize a BlazerID.

The basics of this standard include:

  • minimum/maximum length requirements for BlazerID passwords/passphrases
  • password/passphrase expiration intervals
  • restrictions on reusing the same password/passphrase for the six previous intervals
  • password/passphrase complexity requirements
  • system logging of failed attempts to log on
  • disabling of unused accounts after a specific interval of non-use
  • requirements for credential encryption while in transit
  • several other recommendations

An official copy of this standard can be found in the UAB Policies and Procedures Library and on the UAB IT Information Security website in the IT Related Policies and Guidelines page.

Questions on this standard and its implementation should be directed to AskIT at (205) 996-5555 or to the Enterprise Information Security line (205) 975-0842 or to datasecurity@uab.edu.



tft logoThe 20th Annual UAB Holiday Toy Drive is underway!  From now until December 10th, members of the UAB community are encouraged to bring new, unwrapped toys suitable for children between the ages of infant and 12 years. 

Individuals wishing to donate toys should place them in the designated collection boxes or bring them to the UAB Administration Building lobby by noon on December 10th.  Toy collection boxes are located in buildings throughout campus, including the Administration Building, Campbell Hall, CH19, Cudworth Hall, FAB, Kaul Building, Heritage Hall, Hoehn, Lister Hill Library, School of Nursing, and the UAB Police Department just to name a few.  Sterne Library is also participating again this year, and library fines not exceeding $25 will be waived when you bring in the overdue books and a new, unwrapped toy (applied to current overdue books and fines only).

For more information about the 20th annual UAB Holiday Toy Drive, contact Eric Thompson at 975-0250 or mcshawn@uab.edu.

UAB IT Information Security reports that there has been a recent sharp rise in the occurrence of a scam commonly known as a “support desk scam” on campus. In effort to help prevent you from being victimized, UAB Information Security has provided a description of the scam and some tips you can use to protect yourselves. 

About the scam:
Support Desk Scams are perpetrated  through a phone call.  Typically, the scammer will have a thick foreign accent and claim to be from some company’s (e.g. Microsoft, Apple) Support Services in the Technical Department.  The scammer will tell you something along the lines of “Your computer is seriously infected and has been causing a lot of trouble on the internet” or that “Your machine is at serious risk for infection”. Some scammers even offer you the opportunity to verify their ID by typing a specific command into your computer but this is not a legitimate method of verification. Once the scam caller feels they have your trust, they will ask you to take one of the following actions:

  1. visit a website that will allow them complete access to your machine
  2. download something they claim will help but is actually a virus
  3. purchase an item that will protect your machine but will do more harm than good and require you provide them will personal information. 

What you should look for and know:

  • Microsoft will never call you and say you’re machine is at risk/compromised or that you have been causing problems on the internet.
  • Always ask for a call back number and say you’ll call them back. Google the phone number they give you.  It is likely someone else has posted complaints about scammer online.
  • Never purchase and/or download something blindly from the internet based on the suggestion of an untrusted source.
  • Never give anyone access to your machine that you do not know and explicitly trust.

Remember, it is very simple to avoid being a victim by using caution.  If you ever have legitimacy concerns about a phone call or an email, contact UAB AskIT @ AskIT@uab.edu or 205-996-5555.