Apr 152013
 

Do you know what to do if your ECU computer is stolen? What if you actually respond to a phishing email? These two scenarios and more are termed a security incident, and it’s important to report them to the IT Help Desk.*

The term, security incident, is any computer, network or paper-based activity which could result in misuse, damage, denial of service, compromise of integrity or loss of confidentiality of the ECU network, your computer (which is connected to the ECU network) and data (paper or digital).

Threats, misrepresentations of identity or harassment of or by individuals using these resources can also result from a security incident.

It is important that all incidents, whether benign and accidental or malicious and deliberate, be reported so that appropriate resolution is undertaken with the least data loss or compromise.

Security incidents you are required to report include, but are not limited to, the following:

  • Lost or stolen computer or smart device
  • Lost or stolen files containing sensitive information
  • Unauthorized access to sensitive information
  • Unauthorized access to your computer
  • Compromise of your ECU user account passphrase
  • Compromise of your personal computer
  • Unauthorized use of your user account
  • Unauthorized access to your locked office or files
  • Unusual activities on your computer or network
  • Unauthorized scans of your computer or the network
  • Accidental disclosure of personally identifiable or sensitive information in response to a phishing scheme
  • Virus, worm or Trojan horse activity on your computer
  • Disclosure of sensitive data, including paper disclosure, email release or inadvertent posting of data on a website
  • Suspected information technology policy violation

To report any security incident, call the IT Help Desk 252.328.9866 or 800.340.7081. If you’re unsure whether or not an activity is a security incident, call the IT Help Desk who can help make a determination.


*Do not call the IT Help Desk if you receive a threat to yourself or others. Report any threats to yourself or others to the appropriate law enforcement agency.

 

Feb 262013
 

Related topics: Protected Health Information (PHI) | HIPAA security policies | HIPAA identifiers | Network storage

HIPAA security regulations define Protected Health Information (PHI) as any oral or recorded information created or received by a health care provider, health plan, employer, insurer, school or university, health care clearing house or a business associate that relates to the past, present or future physical or mental health or condition, provision of health care or health care payment of an individual.

There are eighteen “HIPAA Identifiers” that can be used to identify an individual, an individual’s family, employers or household members. Examples include names, telephone numbers, email addresses, medical record numbers, photographic images and home address. To see all eighteen identifiers, visit the HIPAA Identifiers page.

Please note that it is a VIOLATION of HIPAA law to store PHI on any personal device, such as a USB drive, external hard drive, home computer, iPhone or iPad. Such violations can cost ECU a fine of up to $1.5 million dollars, and you could be criminally liable for such a breach, including termination, fine and imprisonment.

Protected Health Information (PHI) must only be stored on university-approved and authorized devices. If you are unsure about your storage device, please contact the IT Security Team at ITSecurity@ecu.edu.

In the News

The State of Alaska announced in June 2012 that it is paying $1.7 million to the Federal Government for a 2009 security breach of patient data.  A federal investigation following the breach found inferior security measures in place at Alaska’s Department of Health and Social Services.  In October 2009, a portable hard drive was stolen from the car of an employee who worked for the State Health Department.

Jan 092013
 

As the semester begins, ITCS reminds the campus community to avoid mobile phone and email scams, hoaxes and phishing schemes circulating on the Internet. NEVER provide your passphrase or other personally identifiable information* in response to these bogus inquiries.

Although the IronPort spam filter blocks most scam messages from reaching your email, you may receive an occasional hoax email or a fake text message.

A few recent examples include emails from:

  • East Carolina University
  • Service Helpdesk
  • ECU IT
  • ECU Helpdesk
  • Web Master
  • Webmail
  • IRS
  • Any financial institution

If you do receive a phishing message, here’s what to do:

  • NEVER provide personal or sensitive information* in response to any unsolicited email or text message
  • DO NOT open unsolicited email attachments no matter how realistic or enticing the message. You must remain vigilant in not responding to an email or phone hoax or scam
  • NEVER deposit a check sent to you as a result of an email or phone message. Just delete it!

If you receive a message and feel unsure about what to do, contact the IT Help Desk – 252.328.9866/1.800.340.7081.

ITCS will always post legitimate announcements at http://help.ecu.edu. Users can go there to verify the authenticity of an IT-related announcement.

If you have provided personal or sensitive information* in response to an email scam and don’t know what to do, please contact ECU’s IT Help Desk at 328.9866/1.800.340.7081 or http://help.ecu.edu. If you believe you have fallen victim to a criminal scam, please contact the ECU Police Department or your local law enforcement office.

Visit the IT Security website, www.ecu.edu/itsecurity for examples of e-mail scams and additional information on avoiding them.