A computer security post on TGDaily.com entitled, “BlackHole RAT Trojan targets Mac OS X” discusses Mac’s very own variant of a Microsoft Windows Remote Access Tool (RAT) called darkComet.

The Mac version is known as “BlackHole RAT” and it is not quite ready for prime time, though it seems to offer a great stepping stone to be used to target the Mac OSX platform. While most Mac owners still believe they are impervious to exploits, blog articles and service requests tend to prove otherwise. The Mac has mainly been an unattractive target to the authors of malware because the rewards for their efforts would be low.

This is basically “security through obscurity” which certainly can work, but Mac sales have been increasing slowly, making the operating system a little more visible on the black hat radar.

Those of you reading this blog probably feel I am beating a dead horse, but now is the time for you Mac owners to get anti-virus on your systems. It actually may be too late, since the Mac is such a great multitasking system, you may be infected, and not even know it. Another thing to seriously consider is backup!

We recommend Trend Micro for your Mac, and offer it for sale. We can also help with Greenville / Upstate SC Mac virus removal and cleanup, as well as Servosity Online Backup for your Mac. Please call 864.990.4748 for more information, or email info@homelandsecureit.com

Homeland Secure IT Alert for Wednesday, October 6, 2010

I realize I am sounding like a broken record (remember those?), however, Adobe has addressed vulnerabilities in their Adobe Reader, Adobe Acrobat, and also Adobe Air products which you should be aware of.

Skipping to the chase, please, for the love of God, update your Adobe products when prompted, or if NOT prompted, open each Adobe product and go to the Update option and do so… If you are running really old versions, you could just visit the Adobe.com website and download the latest versions, but be sure you update those too!

These vulnerabilities affect Apple Macintosh OS X, Microsoft Windows and even UNIX operating systems. Nobody is left out here.

Should you require assistance with this or any other computer / network security or support issue in the Greenville / Upstate SC area, feel free to call upon us at 864.990.4748 or email info@homelandsecureit.com

Original CERT alert follows…

—

—–BEGIN PGP SIGNED MESSAGE—–

Hash: SHA1

National Cyber Alert System

Technical Cyber Security Alert TA10-279A

Adobe Reader and Acrobat Affected by Multiple Vulnerabilities

Original release date: October 06, 2010
Last revised: –
Source: US-CERT

Systems Affected

* Adobe Reader 9.3.4 and earlier versions for Windows, Macintosh, and UNIX
* Adobe Acrobat 9.3.4 and earlier versions for Windows and Macintosh
* Adobe Reader 8.2.4 and earlier versions for Windows, Macintosh, and UNIX
* Adobe Acrobat 8.2.4 and earlier versions for Windows and Macintosh

Overview

Adobe has released Security Bulletin APSB10-21, which describes
multiple vulnerabilities affecting Adobe Reader and Acrobat.

I. Description

Adobe Security Bulletin APSB10-21 describes a number of
vulnerabilities affecting Adobe Reader and Acrobat. These
vulnerabilities affect Reader and Acrobat 9.3.4, earlier 9.x
versions, 8.2.4, and earlier 8.x versions.

An attacker could exploit these vulnerabilities by convincing a
user to open a specially crafted PDF file. The Adobe Reader browser
plug-in, which can automatically open PDF documents hosted on a
website, is available for multiple web browsers and operating
systems.

Additional information is available in US-CERT Vulnerability Note
VU#491991.

II. Impact

These vulnerabilities could allow a remote attacker to execute
arbitrary code, write arbitrary files or folders to the file
system, escalate local privileges, or cause a denial of service on
an affected system as the result of a user opening a malicious PDF
file.

III. Solution

Update

Adobe has released updates to address this issue. Users are
encouraged to read Adobe Security Bulletin APSB10-21 and update
vulnerable versions of Adobe Reader and Acrobat.

Disable JavaScript in Adobe Reader and Acrobat

Disabling JavaScript may prevent some exploits from resulting in
code execution. Acrobat JavaScript can be disabled using the
Preferences menu (Edit -> Preferences -> JavaScript; uncheck Enable
Acrobat JavaScript).

Adobe provides a framework to blacklist specific JavaScipt APIs. If
JavaScript must be enabled, this feature may be useful when
specific APIs are known to be vulnerable or used in attacks.

Prevent Internet Explorer from automatically opening PDF files

The installer for Adobe Reader and Acrobat configures Internet
Explorer to automatically open PDF files without any user
interaction. This behavior can be reverted to a safer option that
prompts the user by importing the following as a .REG file:

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\AcroExch.Document.7]
“EditFlags”=hex:00,00,00,00

Disable the display of PDF files in the web browser

Preventing PDF files from opening inside a web browser will
partially mitigate this vulnerability. If this workaround is
applied, it may also mitigate future vulnerabilities.

To prevent PDF files from automatically being opened in a web
browser, do the following:

1. Open Adobe Acrobat Reader.
2. Open the Edit menu.
3. Choose the Preferences option.
4. Choose the Internet section.
5. Uncheck the “Display PDF in browser” checkbox.

Do not access PDF files from untrusted sources

Do not open unfamiliar or unexpected PDF files, particularly those
hosted on websites or delivered as email attachments. Please see
Cyber Security Tip ST04-010.

IV. References

* Security update available for Adobe Reader and Acrobat -
<http://www.adobe.com/support/security/bulletins/apsb10-21.html>

* US-CERT Vulnerability Note VU#491991 -
<http://www.kb.cert.org/vuls/id/491991>

* Adobe Reader and Acrobat JavaScript Blacklist Framework -
<http://kb2.adobe.com/cps/504/cpsid_50431.html>

____________________________________________________________________

The most recent version of this document can be found at:

<http://www.us-cert.gov/cas/techalerts/TA10-279A.html>

—

According to a story published in the Washington Post, computer users are happier with their PCs than at any time since the first year (1994) that this was tracked! This was based around a poll run by ACSI LLC.

It was not surprising that Apple had the highest user satisfaction with their “cult-like” Mac following, though it may catch some off guard that Microsoft held its own. The article cites improvements in Microsoft customer satisfaction since the release of Windows 7, which we have seen ourselves. In fact, since the release of Microsoft Windows 7, we have been seeing people dump their aging Macs and opt for less expensive Windows machines as replacements.

Some factors that appear to be contributing to the migration from Mac to the Windows platform are the consistently lower prices for Microsoft Windows based machines, security holes being exploited in the Mac rapidly narrowing the “Mac is more secure” gap, the overall user friendliness and reliability of Windows 7 and of course the larger software selection.

Either way, across the board people are as happy as ever with their computers!

If you find your experience is less than satisfactory, I would like to hear from you. Reply here, shoot me an email, give me a call, etc. We can likely help improve your satisfaction!

Secure IT Alert for Tuesday, September 21, 2010

This is not a repeat… I repeat, this is not a repeat. Sorry, that was redundant…

Adobe announced yesterday, September 20th, the release of additional patches to Adobe Flash Player to address vulnerabilities. These affect Microsoft Windows, as well as Mac, Linux, Solaris and even Android.

It’s the same old song and dance with this one…  Update your Flash Player or risk being exploited. This *may* affect Adobe Reader as well, but Adobe’s announcement indicates that they will not address the potential threat to Adobe Reader in October updates. Presumably because it is not being actively exploited (yet).

As always, avoid random browsing to unknown / untrusted /shady sites, and don’t follow unexpected links in email… Keep your operating system up to date with patches. Insure you have the best Anti-Virus protection you can possibly afford, such as Trend Micro Internet Security or Trend Micro Worry-Free Business Security and that it is function and up-to-date. If your computer is acting differently than normal, including slow response, unusual pop-ups, random shutdowns, etc, contact a computer service or support professional, especially if that computer is used for business or financial purposes.

Included below is the original Adobe Security Bulletin.  If you require assistance with this or any other computer or network security issue in the Greenville or Upstate SC area, please call us at 864.990.4748 or email info@homelandsecureit.com

—

Security update available for Adobe Flash Player

Release date: September 20, 2010

Vulnerability identifier: APSB10-22

CVE number: CVE-2010-2884

Platform: All Platforms

SUMMARY

A critical vulnerability exists in Adobe Flash Player 10.1.82.76 and earlier versions for Windows, Macintosh, Linux, and Solaris, and Adobe Flash Player 10.1.92.10 for Android. This vulnerability also affects Adobe Reader 9.3.4 and earlier versions for Windows, Macintosh and UNIX, and Adobe Acrobat 9.3.4 and earlier versions for Windows and Macintosh. This vulnerability (CVE-2010-2884) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild against Adobe Flash Player on Windows. Adobe is not aware of any attacks exploiting this vulnerability against Adobe Reader or Acrobat to date.

Adobe recommends users of Adobe Flash Player 10.1.82.76 and earlier versions for Windows, Macintosh, Linux, and Solaris update to Adobe Flash Player 10.1.85.3, and users of Adobe Flash Player 10.1.92.10 for Android update to Adobe Flash Player 10.1.95.1.

AFFECTED SOFTWARE VERSIONS

Adobe Flash Player 10.1.82.76 and earlier versions for Windows, Macintosh, Linux, and Solaris, and Adobe Flash Player 10.1.92.10 for Android.

To verify the version of Adobe Flash Player installed on your system, access the About Flash Player page, or right-click on content running in Flash Player and select “About Adobe (or Macromedia) Flash Player” from the menu. If you use multiple browsers, perform the check for each browser you have installed on your system.

SOLUTION

Adobe recommends all users of Adobe Flash Player 10.1.82.76 and earlier versions upgrade to the newest version 10.1.85.3 by downloading it from the Adobe Flash Player Download Center or by installing it via the auto-update mechanism within the product when prompted.

Users of Flash Player for Android version 10.1.92.10 and earlier can update to Flash Player version 10.1.95.1 by browsing to the Android Marketplace on an Android phone.

For users who cannot update to Flash Player 10.1.85.3, Adobe has developed a patched version of Flash Player 9, Flash Player 9.0.283, which can be downloaded here.

SEVERITY RATING

Adobe categorizes this as a critical update and recommends affected users update their installations to the newest versions.

DETAILS

A critical vulnerability exists in Adobe Flash Player 10.1.82.76 and earlier versions for Windows, Macintosh, Linux, and Solaris, and Adobe Flash Player 10.1.92.10 for Android. This vulnerability also affects Adobe Reader 9.3.4 and earlier versions for Windows, Macintosh and UNIX, and Adobe Acrobat 9.3.4 and earlier versions for Windows and Macintosh. This vulnerability (CVE-2010-2884) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild against Adobe Flash Player on Windows. Adobe is not aware of any attacks exploiting this vulnerability against Adobe Reader or Acrobat to date.

Adobe recommends users of Adobe Flash Player 10.1.82.76 and earlier versions for Windows, Macintosh, Linux, and Solaris update to Adobe Flash Player 10.1.85.3, and users of Adobe Flash Player 10.1.92.10 for Android update to Adobe Flash Player 10.1.95.1.

We expect to provide updates for Adobe Reader 9.3.4 for Windows, Macintosh and UNIX, and Adobe Acrobat 9.3.4 for Windows and Macintosh during the week of October 4, 2010.

Google Chrome users can update to Chrome 6.0.472.62. To verify your current Chrome version number and update if necessary, follow the instructions here: http://www.google.com/support/chrome/bin/answer.py?hl=en&answer=95414.

—

When selecting a backup solution, you may be considering one of the following:

LTO, DLT, DAT Tape – The de facto standard in backup media for business and enterprise. Though it is growing a little long in the tooth, the format has proven itself to be reliable and affordable when you consider the lifetime of the drive and the media. These are available in a variety of flavors, from SCSI, to SATA, internal and external. And for those needing massive storage and speed, there are enormous auto-loaders such as 96 slot HP LTO 5 fiber channel systems.

Iomega REV removable cartridge systems – Outdated, no longer sold or supported by Iomega. (You can still buy media)

Portable hard drives – While these seem attractive because they are cheap and available at every office supply house in town, the reliability of these devices is not idea for mission critical solutions. The constant plugging and unplugging of USB cables can wear connectors out prematurely and there is the slight possibility that a server can be damaged by static when plugging in a drive. Most IT people feel this is a better solution than no solution at all.

Remote Backup or In-The-Cloud backup – We offer Servosity Online Backup and feel it is a great addition to any existing hardware backup system you may have, and could serve as your primary backup if so desired. These are affordable solutions that require very little hands-on time.

Network based disk storage – These are awesome for speed, and convenience, but they generally remain on site and in the event of a catastrophic disaster such as fire, flood, or even theft, you could be left with no backup. This falls under the “much better than nothing” category.

Flash drives and other non-volatile storage media, including CD & DVD – Again, this better than nothing and surely works for small amounts of data, but longevity may be in question. CDs and DVDs have a lifespan after written to, usually of only a few years, making long term archival use impossible. Flash drives are great to make a quick backup, but there are occurrences of people losing data on one from high powered RF devices erasing them. Probably not a solution for most businesses.

A plethora of other technologies exist, but one that has been gaining momentum in the business and enterprise market is RDX.

RDX, or Removable Disk Technology is based around a docking station that accepts an RDX cartridge. The cartridge encases and protects a hard drive. RDX cartridges come in many sizes, whether you need 160GB or 1.5TB, there is bound to be one that fits your data needs.

What makes RDX different from a typical portable or removable drives? It is a “hardened” solution that encloses the hard drive and enables it to take a drop of up to 1 meter. These systems also offer protection from static discharge. A typical RDX can move upwards of a 100GB an hour. If you outgrow the the original size cartridge, you can begin replacing them with larger capacity as the dock is backwards and forwards compatible with any other RDX cartridge.

RDX is a standard that allows you to purchase cartridges from any manufacture to use in your system. It also offers a shelf life of up to 30 years, allowing you to archive your data and know that if the IRS audits you, you can access it.

No need to upgrade your current backup software in most cases when switching to RDX as the technology is already supported in most backup applications such as Symantec Backup Exec!

If you are looking for a backup solution, whether it is your first, or an upgrade of a current system, then you may wish to give RDX a close look. Call us at 864.990.4748 or email info@homelandsecureit.com. We offer RDX products from HP, Imation, Lenovo, and Quantum to name a few. We offer a free evaluation in Greenville and the Upstate of South Carolina.

I hate to keep beating this dead horse, but a dear friend called this morning as I was on my way in to the office, telling how his notebook computer had experienced a totally depleted battery over the weekend and that when he tried to bring it back up, he got the dreaded blue screen of death… This was followed by lots of time attempting to get the machine to run, and then a restless / sleepless night worrying about lost productivity, unrecoverable data, and expense involved.

I told him not to worry because somehow, some way, we will recover his data and get him back online. Of course, he didn’t mention that no backup existed until near the end of the conversation… Hopefully this story will have a happy ending…

What are you doing for a disaster recovery plan? Sure you are backing up your desktops and servers, but what about those notebooks? We offer a free trial of Servosity Online Backup…

With Servosity Online Backup you will be able to sleep at night knowing your data is protected, even on mobile computers which may never see the main office. Your data is encrypted and uploaded to the Servosity secure remote storage server. In the event of a disaster, individual files, folders, or an entire system drive can be restored.

Have important files that change throughout the day? Servosity also offers CONTINUOUS backup protection – important files are backed up as they are changed on your system. All of this takes place automatically.

Servosity works with Microsoft Windows, Apple Mac OSX, Linux and other *nix based operating systems. Don’t take a chance, try out Servosity TODAY! For FREE!

Homeland Secure IT offers many backup solutions and one is just right for your application! Tape, Backup-2-Disk, NAS/SANs, Autoloaders and Jukeboxes… Email info@homelandsecureit.com or call 864.990.4748 for more information.

Microsoft’s latest version of Office 2011 is due out in October of 2011. It features many improvements over previous versions and comes in the following flavors:

Microsoft Office for Mac Home and Student 2011 includes Word for Mac, PowerPoint for Mac, Excel for Mac and Messenger for Mac. It will retail for $119  for a single install and $149 for the “Family Pack” giving you up to 3 installs. The Home and Student edition includes the core productivity applications that Mac users want and need.

Microsoft Office for Mac Home and Business 2011 includes Word for Mac, PowerPoint for Mac, Excel for Mac, Outlook for Mac and Messenger for Mac. It will retail for $199 for a single install and $249 for the “Multi-Pack” which allows two installs. This version sports all features of the Home and Student version with the addition of Microsoft Outlook for Mac.

Microsoft Office for Mac Academic 2010 includes Word for Mac, PowerPoint for Mac, Excel for Mac, Outlook for Mac and Messenger for Mac. It will retail for $99 and be available direct from Microsoft and authorized academic stores.

Buy  Microsoft Office 2008 for Mac today and upgrade to Office 2011 at no additional cost!

If you require additional information about Microsoft Office for Mac or Windows, please email info@homelandsecureit.com or call 864.990-4748. Homeland Secure IT offers computer and network support in the Greenville / Upstate area, as well as national sales of Microsoft products!

Homeland Secure IT Alert

Secure IT Alert #2 for Thursday, August 26 2010

More bad news for Mac owners. PLEASE update your systems. We are seeing the number of Mac and *nix exploits ramp up at an alarming rate. Many people have found rootkits were installed on their systems for no telling how long before they were discovered.

The following information was provided courtesy of WatchGuard. Fantastic firewall devices at reasonable prices! If you should be interested, we are a partner with WatchGuard and offer their full line-up.

 

Malicious Documents and Images Threaten OS X

Severity: Medium

24 August, 2010

Summary:

• These vulnerabilities affect: All current versions of OS X 10.5.x (Leopard) and OS X 10.6.x (Snow Leopard)
• How an attacker exploits them: Multiple vectors of attack, including enticing your users into downloading and viewing various documents or images
• Impact: Various results; in the worst case, an attacker executes code on your user’s computer
• What to do: OS X administrators should download, test and install Security Update 2010-005 as soon as possible, or let Apple’s Software updater do it for you.

Exposure:

Today, Apple released a security update to fix vulnerabilities in all current versions of OS X. The update fixes thirteen (number based on CVE-IDs) security issues in seven components that ship as part of OS X, including PHP, CoreGraphics, and ClamAV. Some of the fixed vulnerabilities include:

• CoreGraphics Buffer Overflow Vulnerability. CoreGraphics is an OS X component that helps output graphics to your display (or printer). CoreGraphics suffers from a heap buffer overflow vulnerability involving the way it handles PDF files. If an attacker can get a victim to view a specially crafted PDF document (perhaps hosted on a malicious web site), he could exploit this flaw to either crash an application or to execute attack code on the victim’s computer. By default, the attacker would only execute code with that user’s privileges.
• ATF Buffer Overflow Vulnerability. The Apple Type Service (ATS) helps OS X machines handle fonts. ATS suffers from a buffer overflow vulnerability having to do with the way it handles embedded fonts. By tricking one of your users into downloading and viewing a malicious document containing a specially crafted font, an attacker can exploit this flaw to execute code on that user’s computer. By default, the attacker would only execute code with that user’s privileges. 
• Multiple PHP Vulnerabilities. PHP is a general-purpose scripting language primarily used to create dynamic web applications, which ships with OS X. Apple’s update fixes several vulnerabilities found in PHP 5.3.1. However, Apple only describes one of the PHP vulnerabilities in any detail. The vulnerability involves a buffer overflow flaw within one of PHP’s image handling function libraries. By enticing one of your OS X users into viewing a specially crafted PNG image (perhaps hosted on a malicious web site), an attacker could exploit this flaw to execute code on that user’s computer, with that user’s privileges.

Apple’s alert also describes other vulnerabilities, including some Denial of Service (DoS) flaws, information disclosure issues, and a few more code executions flaws. Components patched by this security update include:

ATS	CFNetwork
ClamAV	CoreGraphics
libsecurity	PHP
Samba

Please refer to Apple’s OS X 10.5.x and 10.6.x alert for more details.

Solution Path:

Apple has released OS X Security Update 2010-004 and OS X 10.6.4 to fix these security issues. OS X administrators should download, test, and deploy the corresponding update as soon as they can.

• Security Update 2010-005 (Leopard)
• Security Update 2010-005 (Leopard Server)
• Security Update 2010-005 (Snow Leopard)
• Security Update 2010-005 (Snow Leopard Server)

Note: If you have trouble figuring out which of these patches corresponds to your version of OS X, we recommend that you let OS X’s Software Update utility pick the correct updates for you automatically.

For All Users:

These flaws enable many diverse exploitation methods. Some of the exploits are local, meaning that your perimeter firewall never encounters the attack (unless you use firewalls internally between departments). Installing these updates, therefore, is the most secure course of action.

Status:

Apple has released updates to fix this flaw.

References:

• August 2010 OS X 10.5x and 10.6.x Security Update

This alert was researched and written by Corey Nachreiner, CISSP.

---

Did this alert help you? How could we improve it?
Let us know at lsseditor@watchguard.com.

For past alerts, log into the LiveSecurity Archive.

Jargon defined in the LiveSecurity Online Glossary.

—

If you require assistance please call us at 864.990.4748 or email info@homelandsecureit.com - we offer computer & network support to Greenville / Upstate, SC

Homeland Secure IT Alert for August 18, 2010

Adobe has announced that August 19th will bring out-of-cycle updates to Adobe Reader 9.3.3 across the Microsoft Windows, Apple Mac and UNIX platforms, as well as Acrobat 8.2.3 on Apple Macintosh to address critical vulnerabilities. An update to Adobe Flash player is also anticipated.

More info can be found here but the bottom line is – please insure your products are updated as soon as the release is made. We are seeing clients already exploited through these vulnerabilities.

If you require assistance, contact your computer service professional, or if you are in the Greenville / Upstate SC area, please call 864-990-4748 or email info@homelandsecureit.com

It is no surprise that Electronic Healthcare Records / Electronic Medical Records are all over the news currently. It is an issue that affects our privacy and anytime that is in question, we get people on both sides of the fence up in arms.

Built into the 2009 stimulus bill are requirements that healthcare records go digital by 2014. Yet it is not mandated exactly how that be done, nor how that is to be protected. If you Google around a little bit you will find websites and forums dedicated to this topic. Obviously more is being said about the policy itself than the mechanics of it. I won’t get into what I believe here, but I will cover some specifics about how medical facilities are handling this requirement.

Some doctors in small practices are already digital, or at least using a blend of paper records and electronic records. They may be storing them in various formats, from scanning the paper documents and storing images of them on a computer, to having full fledged professionally written and mainstream client management systems, but the majority I am aware of in family practices go for the cheapest way out in order to have their data on computers. The advantages of having digital copies are that they can back it up offsite in case of  a catastrophe and, they can access it from another location besides their own office, in the event they need to do so.

Now for the downsides. These systems have the exact same vulnerabilities that your desktop PC has, because they are using nothing more than the standard desktop PC. IF they are at all concerned about HIPAA they may have some safeguards in place, but time and time again, I hear about computers with some of the following issues:

No backup system in place: Not a threat to YOUR data, but all that information could be lost.

No anti-virus, or outdated / non-functional anti-virus: Of course this is a huge issue and could pose the largest threat. Even though anti-virus, like Trend Micro Worry Free Business Security is affordable, many doctors fail to realize the importance of this, or feel that using a FREE product is fine, when in fact it is against the terms of usage for those “free” products to be used in business.

Machines not patched: Another common-place problem is for computers to go without updates from Microsoft (or even Apple if they are using Mac OS-X) which make for extremely vulnerable systems – one part-time employee gets bored and browses to the wrong site and a bad guy now has access to everything inside that doctor’s office because the OS had big gaping holes in it, or applications such as Adobe Flash were unpatched.

Hardware firewall not in use or outdated: Many people believe the firewall on their PC (either built-in one or one provided by an anti-virus solution) is adequate and all they have in place is a Linksys, D-Link or other router. Firewalls keep bad guys from getting in, or at least slow them down. Quality devices from Cisco, WatchGuard, SonicWALL, Zyxel are affordable these days, however many opt to leave them out of the mix. A common excuse I hear is that the ISP provides their firewall, in the form of an Adtran or even a Cisco router, but nobody is aware of whether it has the latest software loaded on it. Any firewall in place is better than none, but one that is not up to date is vulnerable to someone who really wants in.

These are just a few of the more common issues that can make Electronic Medical Records vulnerable to disclosure. The list is a long one, and it is best to enlist the assistance of a computer service provider to evaluate your network. In fact, it would be a good idea to have more than one network support specialist look over your network if you are in the medical field. If you are in the Greenville or Upstate SC area, please call upon us at 864-990-4748 or email info@homelandsecureit.com if you would like more information. We are authorized dealers for Cisco, Trend Micro, SonicWall, Zyxel, WatchGuard, Servosity Online Backup and more.

If you worry about the security of your medical records, ask your healthcare provider to provide you with information that shows what they are doing to protect your privacy.