UAB IT announced Friday that Windows XP systems (that do not have an approved exeception in place) will have all internet access suspended.  The UAB IT Oversight Committee approved this plan in late April.  See detail about the announcement below and effective dates.

May 2, 2014

Office of the Chief Information Security Officer


Suspension of Internet Access for XP Computers/System


All UAB Faculty and Management

What is Happening:

Effective April 8th, Microsoft stopped support for the Windows XP operating system and associated software.  Non-support represents a significant vulnerability to UAB and, as a result, the IT Oversight Committee has directed that action be taken to mitigate this vulnerability.


Mitigation actions include the following steps:

1.    XP system owners will be notified via an email that their Internet access will be suspended. Notices will start being sent on Monday May 5th.

2.    7 calendar days after notification, Internet access will be suspended via our IPS/IDS system.

3.    After May 31st, all XP systems will be disconnected from the UAB campus network.

4.    If an XP system requires campus network and Internet access, an Exception Request must be submitted to the Information Security Office, be adjudicated by the Enterprise Information Security Council, and the system access restored if approved.

Contact: For questions call the Enterprise Information Security staff at (205) 975-0842 or email
Physician Tax Fraud Scheme

Alabama has now been added to a growing list of states with a doctor targeted tax fraud outbreak.  Hundreds of physicians in Arizona, Connecticut, Indiana, South Dakota, New Hampshire, Michigan, North Carolina, Vermont and Alabama have been impacted.

A bulletin from the North Carolina Medical Society recently said, “The majority of those affected first become aware of it when they receive an IRS 5071C letter advising them of possible fraud. Others are receiving a rejection notification when attempting to electronically file their tax return. It indicates it cannot be submitted because a return has already been filed under that Social Security number.”

Earlier week, the UAB IT Information Security Team received information that a half-dozen physicians associated with a local medical group affiliated with the Children’s Hospital of Alabama have also been victimized as a result of this scheme.  We have unconfirmed reports that several UAB physicians may also be impacted.

We are in contact with the local FBI field agent regarding this matter and are asking if you or a physician you know has been affected by this, please contact UAB IT's Enterprise Information Security division at (205) 975-0842 or by email to for additional information.
The OpenSSL/Heartbleed vulnerability has been recently spotlighted in the news media since being announced on April 7, 2014.  UAB IT has reviewed all centrally supported systems for this vulnerability and, working with our vendors, have installed patches on all supported systems to mitigate this vulnerability.  We have used results from our daily Nessus campus network scans to identify system which are/were vulnerable and mitigated those systems which are centrally supported.  Additional mitigation steps were taken where needed to protect sensitive credentials and data from compromise.

We believe that the possibility of a data breach or compromise is very low at this time however we recommend that all users take additional steps from an abundance of caution perspective.  Those steps include 1) if you have access as an administrator to a system change your password(s) after you have verified that the vendor supporting your system has patched it appropriately, 2) increase your effort to mitigate those vulnerable systems identified on the weekly Nessus vulnerability report available at (if you need assistance please call Information Security at 205-975-0482), 3) please ensure that all systems that use SSL encryption services are fully patched, then restart the service on that system, 4) replace all SSL certificates on those systems with one provide free of charge from UAB IT from (certificates from UAB are vetted, patched and kept up to date), 5) change all privileged account passwords immediately after vendor patches have been applied, and 6) be aware that many network devices and printers have embedded SSL based encrypted web based access portals which should be updated with vendor patches to mitigate this vulnerability.

We also recommend that all users with privileged access change their BlazerID passwords immediately as a precaution to mitigate any possible exfiltration of sensitive data by the OpenSSL vulnerability.  And we also recommend that users change their personal passwords which they may use to access personal non-UAB web sites such as on-line banking and others to assist in reducing the possibility of becoming a cybercrime victim.

If you need additional assistance, please call AskIT at (205) 996-5555.

GraphPad Prism Software Subscriptions 

UAB now has an agreement in place with GraphPat for their Prism software at a discounted price to what is available to individual users and schools direclty from GraphPad.  

GraphPad Prism is a commercial scientific 2D graphing and statistics software published by GraphPad Software, Inc.. Prism is available for both Windows and Macintosh computers. 

  • Provides statistical guidance for novices.
  • Analysis checklists review if an appropriate analysis was performed.
  • Nonlinear regression with many options (remove outliers, compare models, compare curves, interpolate standard curves, etc.).
  • Live links. When data are edited or replaced, Prism automatically updates the results and graphs.
  • Analysis choices can be reviewed, and changed, at any time.
  • Automatic error bars. Raw data (replicates) can be entered, and then plotted as mean with SD, SEM or confidence interval.

For more information about the GraphPad Prism subscriptions available under UAB's Agreement click here.

Page 31 of 31