by Sean Murray | Mar 23, 2016 | Uncategorized
This article is just another example of how absolutely essential it is to have all telecommunications, cloud services and technical components SECURE. It costs more in the long run to be faced with destroyed or unusable data. To be sure that your hospital or medical facility’s security is secure, Applied Utility Auditors LLC, can provide a thorough test of your current security levels.
While it was not the first hacked organization to acquiesce to attackers’ demands, the California hospital that paid $17,000 in ransom to hackers to regain control of its computer system was unusual in one notable way: It went public with the news.
Hollywood Presbyterian Medical Center relented to the demands, President Allen Stefanek said, because he believed it was the “quickest and most efficient way” to free the Los Angeles hospital’s network, which was paralyzed for about 10 days.
That announcement sparked fears Thursday among hospitals and security experts that it would embolden hackers to launch more “ransomware” attacks and calls in California for tougher laws.
“It’s no different than if they took all the patients and held them in one room at gunpoint,” said California State Senator Robert Hertzberg, who on Thursday introduced legislation to make a ransomware attack equivalent to extortion and punishable by up to four years in prison.
Usually embarrassment and a desire to discourage hackers keep attacked companies quiet. Hollywood Presbyterian did not say why it made the disclosure, but its hand may have been forced by spreading rumors a week after the hack. Stefanek confirmed the cyber attack after at least one doctor appeared to have told local media.
In addition, he disputed media reports the 434-bed hospital had faced a ransom demand of $3.4 million, far more than the amount paid in the hard-to-trace cyber-currency bitcoin.
In a ransomware attack, hackers infect PCs with malicious software that encrypts valuable files so they are inaccessible, then offer to unlock the data only if the victim pays a ransom.
The hack at Hollywood Presbyterian forced doctors to use pen and paper in an age of computerization. News reports said its fax lines were jammed because normal e-mail communication was unavailable, and some emergency patients had to be diverted to other hospitals.
Investigators said administrators were so alarmed that they may have paid ransom first and called police later.
Medical facilities in the area plan to consult cyber security experts on how to protect themselves, the Hospital Association of Southern California said. “Hospitals are certainly now aware of ransomware more than they ever were before, and this has become a very real threat,” said spokeswoman Jennifer Bayer.
Some experts said ransomware encryption can be so hard to crack that victims feel they have little choice but to pay if they want their systems back. The hackers’ success could also prompt other hospitals to make quick payments to avoid the disruption and bad publicity Hollywood Presbyterian faced.
“Our number one fear is that this now pretty much opens the door for other people to pay,” said Bob Shaker, a manager at cyber security firm Symantec Corp.
‘CAT AND MOUSE’
He knew of at least 20 other attacks on healthcare facilities in the past year and hundreds more in other industries that had been kept secret.
Some of those put patients at risk and affected infusion pumps that deliver chemotherapy drugs, risking patient overdoses, he said.
Because hackers hide their identities and demand payment in bitcoin, authorities may have to work harder to find them than if they used old-fashioned methods.
But cyber-crime experts say that they can still be traced.
“The public nature of the network does give law enforcement an angle to help defeat them,” said Jonathan Levin, co-founder of Chainalysis, a New York company working with bitcoin users. “But it’s a game of cat and mouse.”
Ransomware is big business for cyber criminals and security professionals. Although ransoms typically are less than the hospital paid, $200 to $10,000, victims of a ransomware known as CryptoWall reported losses over $18 million from April 2014 to June 2015, the FBI said.
Ransomware attacks climbed sharply in 2014, when Symantec observed some 8.8 million cases, more than double the previous year. IBM said that last year more than half of all customer calls reporting cyber attacks involved ransomware.
by Sean Murray | Mar 21, 2016 | Uncategorized
To be properly vetted a cloud provider needs a reputable CPA firm to perform this certification, and the usual cost is between $75,000 and $100,000.
Are you sure your cloud provider obtain this certification?
Learn About the SSAE16 History here, or read on to learn more about Service Organization Control Reports in the words of SSAE16.com:
Service Organization Control (SOC) reports
One of the most effective ways a service organization can communicate information about its controls is through a Service Organization Control (SOC) report. A SOC 1 report focuses on controls at the service organization that would be useful to user entities and their auditors for the purpose of planning a financial statement audit of the user entity and evaluating internal control over financial reporting at the user entity. The SOC 1 report contains the service organization’s system description and an assertion from management. In addition, the independent service auditor (i.e., CPA firm) opinion or service auditor report is included. There are two types of SOC 1 reports: Type I and Type II.
A Type I report is intended to cover the service organization’s system description at a specific point in time (e.g. June 30, 2012). A Type II report not only includes the service organization’s system description, but also includes detailed testing of the service organization’s controls over a minimum six month period (e.g. January 1, 20xx to June 30, 20xx) – also known as Tests of Operating Effectiveness. The contents of each type of SOC 1 report is described in the following table:
![]()
In a Type I report, the service auditor will express an opinion and report on the subject matter provided by the management of the service organization as to (1) whether the service organization’s description of its system fairly presents the service organization’s system that was designed and implemented as of a specific date; and (2) whether the controls related to the control objectives stated in management’s description of the service organization’s system were suitably designed to achieve those control objectives – also as of a specified date.
In a Type II report, the service auditor will express an opinion and report on the subject matter provided by the management of the service organization as to (1) whether the service organization’s description of its system fairly presents the service organization’s system that was designed and implemented throughout the specified period; (2) whether the controls related to the control objectives stated in management’s description of the service organization’s system were suitably designed throughout the specified period to achieve those control objectives; and (3) whether the controls related to the control objectives stated in management’s description of the service organization’s system operated effectively throughout the specified period to achieve those control objectives.
SOC 2 and SOC 3 reports are designed to allow service organizations to communicate information about their system description in accordance with specific criteria related to availability, security, and confidentiality. You can read more about SOC 2 and SOC 3 reports in the Trust Services section [of SSAE16.com.]
by Sean Murray | Mar 18, 2016 | Uncategorized
No business can be too careful when it comes to managing overhead costs… especially when those costs relate to utility expenses. There are upwards of 100+ factors that affect utility billsand some industry estimates and studies report that as many as 70% of businesses are being overcharged by utility companies due to any number of these factors. The three biggest culprits are:
-
Faulty Meter Equipment
Unfortunately, one of the only ways to notice a faulty meter is to know how the meter used to behave. A sudden increase or decrease in usage reflected on your bill with no external factors to attribute it to are a good indication of your meter not working properly. Even if the bill is your favor, be sure to have the faulty meter replaced immediately in order to avoid being charged a very large lump sum in the future. Conversely, if you’ve been overpaying, the utility company is required to give you a refund. is if you receive a utility bill that is much higher or much lower than what you’ve come to expect. Unfortunately, in either case, both parties must accept the results.
-
Incorrect Rate Class
A rate class is designed to categorize users by the amount of energy they use. If you are in a “small use” rate class, but use a lot of energy, then you’ll be paying much more than necessary. It is not the responsibility of the utility company to place their customers in the appropriate rate class, and therefore, they often do not bother to check.
In order to determine if you are in the right rate class, you will want to reach out to
Utility Bill Experts who deal with these issues on a daily basis.
Applied Utility Auditors works on a contingency basis, so it costs nothing to determine if you are being overcharged.
-
Bundled Rates Never give an energy supplier a reason to estimate your rates. If you are lumped in with a number of other businesses, especially if those other businesses are less energy efficient, there is a good chance that you are being overcharged. Suppliers are certainly not known for estimating
low.
If your energy supplier doesn’t use smart meters for tracking individual customer usage, you may be permitted to submit your own meter readings. Contact a
Utility Bill Auditor to assess the situation and possibly secure you a refund from your energy supplier.
Applied Utility Auditors works on a contingency basis, so it costs nothing to determine if you are being overcharged.
Contact Paul Steberger of Applied Utility Auditors Today to Discuss your Utility Bill Concerns. (877) 209-0021
by Sean Murray | Mar 16, 2016 | Uncategorized
WASHINGTON, Dec 21 (Reuters) – Iranian hackers breached the control system of a dam near New York City in 2013, an infiltration that raised concerns about the security of the country’s infrastructure, the Wall Street Journal reported on Monday, citing former and current U.S. officials.
Two people familiar with the breach told the newspaper it occurred at the Bowman Avenue Dam in Rye, New York. The small structure about 20 miles from New York City is used for flood control.
The hackers gained access to the dam through a cellular modem, the Journal said, citing an unclassified Department of Homeland Security summary of the incident that did not specify the type of infrastructure.
The dam is a 20-foot-tall concrete slab across Blind Brook, about five miles from Long Island Sound.
“It’s very, very small,” Rye City Manager Marcus Serrano told the newspaper. He said FBI agents visited in 2013 to ask the city’s information-technology manager about a hacking incident.
The dam breach was difficult to pin down, and federal investigators at first thought the target was a much larger dam in Oregon, the Journal said.
The breach came as hackers linked to the Iranian government were attacking U.S. bank websites after American spies damaged an Iranian nuclear facility with the Stuxnet computer worm.
It illustrated concerns about many of the old computers controlling industrial systems, and the White House was notified of the infiltration, the Journal said.
The newspaper said the United States had more than 57,000 industrial control systems connected to the Internet, citing Shodan, a search engine that catalogs each machine.
Homeland Security spokesman S.Y. Lee would not confirm the breach to Reuters. He said the department’s 24-hour cybersecurity information-sharing hub and an emergency response team coordinate responses to threats to and vulnerabilities in critical infrastructure.
by Sean Murray | Feb 10, 2016 | Uncategorized
Like any other utility expense, street lights can cause unnecessary overhead costs to the towns and cities who run them. So what does one need in order to perform a Street Light Audit?
The Street light Audit Checklist:
1. Does the city have any metered street lights, or are they all unmetered?
2. An inventory of street lights
3. A current month’s copy of all bills associated with street lights and outdoor/security lighting. (There may be only one, but there can be more. We received an excel spreadsheet that may have had some billing information in it, but a scanned copy of the bill(s) would be better.
4. A copy of the letter of authorization/agency (assuming it covers subs) so we can speak directly to the utility company.
5. Copies of any agreements between the DOT and the client regarding highway lighting and/or maintenance.
6. Copies of any service agreements between the utility and the client.
7. A list of outdoor (security) lighting, including number, wattage and type, if known, and whether metered or unmetered.
8. A copy of the sales tax exemption certificate for the city (seller: please leave blank)
9. Any previous electric providers that may have served the city, if applicable, and the approximate dates of service.
10. Contact Information:
o Who in the organization pays the bills?
o Who is most familiar with street lights?
o Who is the account manager at the utility company who handles the city’s account?
These are the items we will need for every city we audit for street lights and outdoor/security lighting. Not every city will have every piece of information, but if they don’t have it, it is better to make a note of the missing items, or else we will delay the audit not knowing they don’t have it.
Contact Paul Steberger of Applied Utility Auditors Today to get started. 877•209•0021
SUCCESSFUL STREETLIGHT AUDITS:
Applied Utility Auditors LLC
84 Upsala Path West Milford, New Jersey 07480
600 Manatee Avenue Holmes Beach, Florida 34217
877-208-0021
Fax 973-547-8127
Street light audits
With my business partner
Borough of East Rutherford N.J.
Population 9, 201
Audit in 2012
Refund of $44,020.00
Annual savings of $9,062.00
City of New Orleans, LA
Population: 490,000 (at time of audit)
Audits in 1991 & 2000
40,000+ unmetered street lights
Refunds totaling $15 million for street lights
Annual savings of $500,000+
Village of Arlington Heights, IL
Population: 70,000
Audit in 2005
1,185 unmetered street lights (mix of utility and customer owned)
Refunds totaling $29,560 for street lights
Annual savings of $7,400
City of Fort Stockton, TX
Population: 7,000
Audit in 2008
800 street lights (mix of metered and unmetered)
Refund totaling $926,815 for street lights, covering 11 years of overcharges
Annual savings of $82,00
City of Plantation, FL
Population: 85,000
Audit in 2007
4,500 unmetered street lights (mix of utility and customer owned)
Refunds totaling $21,000 for street lights
Annual savings of $7,000
City of Bishop, TX
Population: 3,000
Audit in 2007
190 unmetered street lights
Refund totaling $32,760 for street lights
Annual savings of $11,000
City of Las Vegas, NV
Population: 580,000
Audit in 2008
16,000+ metered city-owned street lights
300 unmetered utility-owned street lights
Refunds totaling $250,400 for street light
Annual savings of $100,000
by Sean Murray | Jan 15, 2016 | Uncategorized
Applied Utility Auditors helps a wide range of businesses update and select the best telecom solutions for their needs. This is an example of a Cisco Call Manager Solution that moved a premise based Call manager to the cloud. It is one of many Call Manger Solutions offered by or Partners.
ABT ASSOCIATES
ABT Associates is a mission-driven, global leader in research and program implementation in the fields of health, social and environmental policy, and international development. Known for its rigorous approach to solving complex challenges, ABT Associates is regularly ranked as one of the top 20 global research firms and one of the top 40 international development innovators.
HEADQUARTERS: Cambridge, Massachusetts
EMPLOYEES: 1045 domestic, 2000 in Africa
LOCATIONS: 4 US locations
NUMBER OF SEATS: 1045
THE CHALLENGE
Abt Assoc. had been using NWN for premise-based Cisco Call Manager services. With very limited IT resources the company lacked the expertise to pull together its disparate communications tools. It was also using different collaboration tools – Cisco Jabber, Microsoft Lync and Google apps – that did not integrate with each other.
SOLUTION
We moved the voice services to VoiceMaxx CE and into the cloud. We also supplied ControlMaxx for their 20 contact center workers. Since the company was using Cisco already, the interfaces for VoiceMaxx CE were nearly identical to those of the Call Manager. InterCall also provided Abt with 3000 WebEx licenses. In order to federate their disparate messaging and presence platforms, We also implemented NextPlane, which allowed their US locations using Cisco Jabber to integrate with their Australian location, which was locked into Microsoft Lync.
YOUR SOLUTION
Every business faces unique challenges. The best solution for you may have more to do with integration of current applications than with apparent rates and fees. Applied Utility Auditors and Applied Telecom Solutions make your solution seeking simple. We know the industry inside and out, and can help you get running efficiently and effectively. Call Paul Steberger today to learn more.
877-209-0021
