Compromised Computers or Devices

A Compromised Computer is defined as any computing resource whose confidentiality, integrity or availability has been adversely impacted, either intentionally or unintentionally, by an untrusted source. A compromise can occur either through manual interaction by the untrusted source or through automation. Gaining unauthorized access to a computer by impersonating a legitimate user or by conducting a brute-force attack would constitute a compromise. Exploiting a loophole in a computer’s configuration would also constitute a compromise. Depending on the circumstances, a computer infected with a virus, worm, trojan or other malicious software may be considered a compromise. 

Symptoms of a compromised computer include, but are not limited to, the following:

• Frequent pop-up windows, especially the ones that encourage you to visit unusual sites, or download antivirus or other software
• Changes to your home page
• Mass emails being sent from your email account
• Frequent crashes or unusually slow computer performance
• Unknown programs that startup when you start your computer
• Programs automatically connecting to the Internet
• Unusual activities like password changes

UTHSC Owned Devices

UTHSC is required by various state and federal regulations to investigate any incident that may involve the breach of personally identifiable information and other non-public information according to GP-002-Data & System Classification. UTHSC is also required to notify an individual if the privacy of their personally identifiable information has been breached. Failure to preserve evidence or conduct an investigation related to a compromised computer could result in unnecessary financial costs for the institution. It is also important that the details of a compromise and the ensuing investigation remain confidential. The Office of Cybersecurity has IR-001-Security Incident Response which outlines how UTHSC responds to incidents regarding our devices, data and systems.

Personally Owned Devices

If the symptoms stated above are occurring on a personally owned device, there are things to do immediately to mitigate the threat to your device and information. Note that UTHSC does not offer any guarantee on remediating personally owned devices.

1. Reset your passwords on every account to which that device had access
2. Log out of all online accounts
3. Disconnect from the internet
4. Remove external hard drives, such as USBs or any other attached devices
5. Scan the device for malware and viruses
6. Wipe the hard drive if necessary – hopefully you have a backup of your data
7. Closely monitor credit and financial accounts

Lastly, to avoid being targeted again, here are some tips:

• Keep security (antivirus/antimalware) up-to-date
  • Keep all operating systems and software up-to-date
• Maintain strong passwords
• Do not leave your device unattended in public
• Keep files backed up

Students

All University of Tennessee Health Science Center students are eligible for one copy of the standard consumer version of Malwarebytes, provided at no additional cost to each student.

Obtain your personal copy of Malwarebytes by going to https://my.malwarebytes.com/en/edu/email and entering your netid@uthsc.edu address.  You will be emailed a link to download Malwarebytes. 

Note that the University of Tennessee has no management of nor visibility into these installs, so we will not be able to see anything that is on your computer.