Cyber attack on CareFirst exposes customer data

carefirstCareFirst BlueCross BlueShield, Maryland’s largest healthcare insurer, announced on Wednesday that it had been the target of a cyber attack. The data breach compromised the personal information of approximately 1.1 million members. The database that was attacked contained personal information, but not Social Security or credit card numbers, medical information or passwords.

"CareFirst BlueCross BlueShield has confirmed that cyber-attackers gained limited, unauthorized access to a CareFirst database. We understand that the security of your information is important and we are taking steps to protect members in light of this attack and moving forward." - CareFirst BlueCross BlueShield
They have set up a website providing further information about the attack and the impact on CareFirst members at In addition, CareFirst is offering two years of free credit monitoring and identity theft protection services for those members affected.

This is the third major attack on a healthcare insurer in the past several months. Anthem, currently the nation’s second largest health insurer, acknowledged that it had been hacked in February. The Anthem cyber attack included personal data such as birthdays, medical IDs, social security numbers, email addresses and employment information. Premera, a health insurer out of Washington and Alaska, suffered a similar attack in January. 

Brian Krebs, Cyber Journalist, suggests that the same threat actors that attacked Anthem and Premera may have been involved with Carefirst. “It turns out that the same bulk registrant in China that registered the phony Premera and Anthem domains in April 2014 also registered two Carefirst look alike domains - careflrst[dot]com (the “i” replaced with an “L”) and caref1rst[dot]com (the “i” replaced with the number “1”).” – Krebs on Security

So what should you do?
Go to the CareFirst website to stay informed and follow guidance on that compromise. As with any announced data breach, take the time to change your password on that site. Always follow good password practices that include the following: 
• Use a combination of complex upper and lower case letters, numbers and characters
• Make sure your password is eight characters or longer
• Do not use the same password across different sites
• Change your passwords several times a year
• Use a password manager like 1Password or LastPass
• Be sure to have your devices set to auto-lock

Ease Technologies provides IT support services and cloud solutions for organizations in Baltimore, Washington or Fairfax. Watch our Ease Cloud Workspace video and learn how our secure cloud offering can be your virtual office wherever you go.

Comments (0)

6 IT Policies to Help Protect Your Company

Many companies rely on IT to help run their businesses. For this reason, they often depend on a set of IT policies to ensure the productive, appropriate, and legal use of IT resources. IT policies establish expectations and regulations for behavior related to company computers and networks.

In addition, IT policies detail consequences for employees or customers in the event of a policy violation. The proper enforcement of IT policies may also provide a basis for defense in the event of a lawsuit.

Here are six common IT policies to help protect your company:

1. Acceptable Use Policy

An acceptable use policy, or AUP, restricts use of a company's network or services. AUPs prevent illegal activity, ensure security, and safeguard the reputation of the company.

AUPs also outline the consequences of breaking the rules. A common penalty is restricted or permanent loss of access to the associated network or service.

2. Privacy Policy

Privacy policies protect the personal information collected from a company's customers and employees. Personal information includes anything that can be used to identify an individual. Names, social security numbers, credit card numbers, email addresses, and even photos of individuals are considered personal information.

Privacy policies typically document how personal information is collected, stored, used, and disposed of. Privacy policies may also disclose when personal information is shared or sold to third parties.

3. Data Governance Policy

Data governance policies describe how data is managed as it passes through company systems. Specifically, these policies document how a company makes sure that data is accessible and secure, as well as accurately collected and properly maintained.

Data governance policies also identify the people responsible for the quality and security of company data. They might also mention any third parties that play a role in the company's data management plans.

4. Disaster Recovery Policy

A disaster recovery policy outlines the broad requirements of a company's disaster recovery plan. These policies identify critical data and responsible departments or staff. They also specify allowable downtime, as well as how to ensure business continuity in the event of downtime.

Disaster recovery plans are usually created by senior IT staff. However, the specifics of data recovery plans are normally left to those designing and executing the plan.

5. BYOD Policy

A BYOD policy, or Bring Your Own Device policy, is an IT policy that governs the use of personal mobile devices in the workplace. BYOD policies are becoming increasingly important, with study after study showing the dramatic shift of personal mobile devices into the workplace.

Specifically, BYOD policies state the degree to which personal mobile devices are allowed within the workplace, what can be done with these devices, and how the company will support them.

6. Social Media Policy

Social media policies govern employee use of social media both in and out of the workplace. These policies define how a company will manage and monitor the online behavior of it's employees. They also set forth any company expectations regarding the nature and tone of information being posted.

As a result, social media policies are sometimes perceived as repressive. However, they can actually empower employees by letting them know what can and cannot be posted. Striking a balance between the needs of the company and employees is the key to a successful social media policy.

Comments (0)

4 Questions You Should Ask Before Hiring a Cloud Provider

Hiring a cloud provider means that you're entrusting a vendor with all of your important data, which is no small thing. It's important that you choose a provider that you can be confident in trusting with your information.

As you search for the right cloud provider, make sure you ask the right questions.

Who has access to my data? You're entitled to know who is going to be handling your sensitive data. Make sure you know specifics about the hiring process of privileged administrators, how much access they have, and who controls this access.

How will our data be protected? As a customer, you also have a right to know what security measures are being taken to protect your data, both physically, at storage locations, and virtually on the server. Service providers should be willing to provide you with information on the locations where your data is being stored, their processing practices, and information on the subcontractors that they are working with. If a cloud provider is unwilling to be transparent with this information, or refuse to undergo external audits and security certifications, consider it a red flag.

How is data encrypted? While your data is sitting in the cloud, is it encrypted? It's important that the service provider has designed and tested their encryption schemes thoroughly. If you're using a public cloud service, it means that your data is sitting alongside the data of other customers. Make sure you know how your data is being segregated.

How is data recovered? All cloud service providers should have a plan that adequately deals with disaster scenarios. Make sure your provider will replicate your data and store it across multiple sites. If your service provider does not have the ability to perform a complete data restoration, your data is at serious risk.

If cloud providers seem to resist questioning or are not completely transparent about important aspects of their operation, consider moving on. Entrusting your most invaluable asset should not be taken lightly, and taking the time and measures to find a provider that best fits your company is a worthy investment.

Ease Technologies offers a secure and reliable cloud platform that is your virtual office wherever you go.  To learn more watch our video on the Ease Cloud Workspace here.

Comments (0)

How to Increase Your Smartphone's Battery Life

gmail authenticationEvery year smartphone batteries increase in capacity. Yet, at the same time, it seems new phone models last less and less time before they need to be plugged in. This frustrating cycle leads many smartphone owners to wonder the same thing. Why can't their latest iPhone or Android device stay on longer than a few hours, despite claims of a much larger battery?

The answer is that newer phones can do more things, beyond streaming cat videos, taking photos, and browsing the web. They also have bigger screens, louder speakers, faster data speeds, more sensors, and so on. These improvements not only take more battery power, but lead to increased usage of smartphones.

So what can you do to increase battery life? While the specifics depend on the exact phone you're using, here are some things that will help right away:

Turn On Automatic Screen Brightness
Most phones have an option to automate the screen's brightness based on ambient light levels. This will help keep screen brightness down when it isn't necessary, and save battery life.

Turn Off GPS, Wi-Fi, Bluetooth, and Other Networks and Sensors
Just having these on is considerably draining to the battery life. Turn them off when not in use to make your phone last longer.  

Browse Only on Wi-Fi
When possible, turn off  4G or LTE connectivity and use Wi-Fi networks to browse the web. Wi-Fi antennas use less power than 4G, and will extend the life of your phone.

Use a Case That Blocks the Wake Button
Most people don't realize how often they bump into the unlock button while their phone sits in their pocket. Every time they do, the screen lights up and steals a little bit of battery life. Using a case that secures this button can go a long way for people whose phones live mainly in their pockets.

Android: Turn Off Auto Sync
Unlike iOS, Android apps update and sync individually, and every time they sync they have to power on the phone's data radio. Turning on the radio takes a lot of power and drains your battery. Instead, keep auto sync turned off and instead, sync your phone manually every half hour or hour.

iOS: Turn Off Active Background, Background Motion, and Background App Refresh
These features, many of them introduced in iOS 7, are visually stunning. They're also a major drain on battery resources.

Call Ease Technologies today at (301)854-0010 or contact us here to learn how you can cut costs and accelerate your growth with Ease’s unique IT support services and solutions for organizations in Baltimore, Washington or Fairfax.

Comments (0)

Cloud Computing Made Easy With the Ease Cloud Workspace

The Ease Cloud Workspace™ is your virtual office wherever you go. The customized work environment allows you to use of your business applications and data with secure access from anywhere, from any device, via any internet or private connection.  You can run and scale your business quickly and securely from anywhere. 

Work From Anywhere
The Ease Cloud Workspace gives users secure, high-performance access to applications and data from any internet-connected device. Enhance productivity by allowing employees to work from home or on the road. A simple logon from your computer, laptop or tablet device gives you quick and easy access your desktop. 

Reduce IT Costs
Significantly reduce operational costs and cut capital expenditures by eliminating on-site servers, software, and maintenance.  The Ease Cloud Workspace can also extend the life of your current workstation investments and removes server costs. 

Eliminate Complex Security Challenges
Information security is imperative. The Ease Cloud Workspace platform addresses complex data privacy and other security requirements so you can focus on building your business.  Your virtual desktop is a secure encrypted session that protects all your sensitive data.

For more information on the Ease Cloud Workspace and other cloud services, give the experts at Ease Technologies a call today at 1-888-327-3911.
Comments (0)
Our Newsletter

Upcoming Events
Calendar Icon

Upcoming Events

iOS For Business [Webinar]
5/27/2015 12:00 PM - 1:00 PM

Wounded Warrior iPad Training
6/18/2015 12:00 PM - 1:00 PM

Blog Archive

Archive by Years