No Confidence in The Hierarchy Skills and Integrity
Would you trust your company’s EMails to Jacques Latoison who:
– Claimed the Russians destroyed his entire EMail server and its backup.
– Refuses to report emails being hacked.
– Sends passwords directly to Hotmail, Gmail, AOL, and Yahoo emails without encryption.
– Laptops in the offices can have guest log-ins so everybody can share.
– Sends passwords via email to Black Cipher Security cybersecurity 🤡🤣
– New user account passwords never need to be changed.
– Expiring web passwords offer the option to “Use the button below to continue with the current password.”
– Uses weak passwords and shares admin passwords.
– Admin passwords stored in Word documents.
– HR laptops do not go to sleep or turn off or lock when the laptop screen is closed.
– No confidentiality agreement on contractors or family members being paid
under the table.
— Still running MS Office 2016 on RDP because older apps have not been upgraded.
– Ineffective offboarding of fired employees leaving email open until the user signs out or the email server is booted. Fired workers have had access to their email for 8 hours.
– Contractors are required to use their personal computers.
– Embezzles his contractor’s pay and then demands confidential information be copied to jump drives and mailed to his company PO Box which is returned as undeliverable.
😬🤡🤣🤣 Failed to recognize his own client’s phishing test declaring Vladimir Putin had attacked his email server again 😬🤡🤣🤣
Failure to Report a Data Breach
“Government contractors and other recipients of government funding are accountable for violating cybersecurity requirements and placing government data and security systems at risk. Federal rules and obligations attach to federal funds, even where those funds are first passed through state governments.” **
- knowingly provide deficient cybersecurity products or services;
- knowingly misrepresent cybersecurity practices or protocols; or
- knowingly violate obligations to monitor and report cybersecurity incidents and breaches.
In May 2022, the programmer notified UAC management that there were concerns that the CAREWare jProg (AIDS) database might reside on a non-HIPAA-compliant server. Passwords are being shared. Unauthorized users on the server portal saw the shortcut to the CAREWare application, causing alarm and confusion. Unannounced maintenance to CAREWare was being done during business hours, crashing SRV7 and corrupting data.
Urban Affairs Coalition refused to provide the programmer with an industry-standard Business Associate Agreement to memorialize obligations concerning Protected Health Information under the requirements of HIPAA and relevant implementing regulations, including the Privacy Rule the Security Rule, and the Breach Notification Rule. Does UAC have a business associate agreement with The Hierarchy, ODAAT, and SELF employees who handle PHI data?
The Hierarchy Email to UAC C-Suite Management
“In their world, IT Security is first then staff have email and they believe UAC should be the same way.” – Jacques Latoison
Reference: Cyber Security Article
Philadelphia Alerts Public to Recent Data Breach
You can look up HIPAA violations affecting more than 500 people on the HIPAA Wall of Shame website. Smaller violations like the HIV Testing breach out of AACO are not listed.
The City of Philadelphia issued a notice on October 20, 2023, reporting a security breach from May 26 – July 28, 2023. In June 2023, the programmer expressed concerns to UAC C-suite managers about a potential breach involving PHI (Protected Health Information) data in the back end of CAREWare. It wasn’t until the programmer contacted HHS on 8/22/2023 to report that AIDS patient data might be involved that action was taken.
The CAREWare database is used by One Day at a Time (ODAAT). AIDS patients get a pass to the ODAAT Food Bank. Something seems amiss with The Hierarchy charging $1,950 monthly to store the CAREWare backend on its SQL Server and fees of $100 per hour to apply upgrades. Latoison said that the Caucasian IT vendor, Provident Technology, was unjustly awarded the CAREWare business. Provident is also charging $3,748 monthly for ODAAT hosting. Latoison said his friend Mel Wells, ODAAT President and UAC Board Member, wants The Hierarchy to have the entire ODAAT contract. The only issue is a woman named Jennifer who “forced her way in”, requesting lower hosting fees, standing in their way.
🚩🚩I was told not to enter my hours supporting CAREWare. 🚩🚩
New email users of UAC receive their login IDs and passwords via email to their Gmail, Yahoo, Hotmail, and other less secure email accounts. These passwords do not comply with industry standards, and frequently, the emails end up in the spam folder. Why are login credentials being sent to personal email accounts that might be shared with family members? Additionally, why is the programmer’s industry-standard random password generator application not being utilized as presented to the UAC auditors? The Hierarchy password protocol and procedures are the same ones used in 2010. 🦖
Below is the information for your new company e-mail account, as well as what you will need to access your new account through the web. This information is specific to you, so you should not share this information with anyone.
Also, keep this paper on your person, so as to not leave it out for anyone to see.”