By Art Gross, President and CEO, HIPAA Secure Now!
Twitter: @HIPAASecureNow
Read other articles by this author
With healthcare being a top target in the world of cybercrime, it never hurts to do a review every so often of the landscape and of the players in the game. We’ll also take a look at how you might be compromised without even knowing it or suspecting it could happen.
A Lay of the Land
Let’s start at the top, with an overview of the internet structure. When you search, interact, use social media, or buy something on Amazon, you’re using the clear or surface web. While the numbers will continually change, reports usually identify less than 10% of the data that is actually available online as being here. Some reports say even as little as 4% of what is online is only the surface web. Putting that in perspective is to say that if you look at the world population, 5% lives in North America. The rest of the world would represent what you don’t see online – or at least you don’t easily see or use it.
Next, we have the other (approximately) 95% of the information that is online. That is found on the Deep Web. It is called that because you won’t find it on a Google search – or by utilizing any other common search engine. Going even deeper (pardon the pun) within the Deep Web is the Dark Web. Despite the dark and brooding name, this isn’t the underbelly of the world where all crime is committed, but it does allow for illegal activity to happen much more easily. Security was at the core of its intent, meaning you need to use specialized browsers to access the data found here like The Onion Router (Tor). Because of that higher level of security, and often anonymity, criminal behavior is far more likely to happen.
That Account Isn’t Important
It might seem silly to think that a hacker has your Netflix account credentials. They acquired this from a purchase of data on the dark web – which he or she bought for pennies. What could they do with that? Watch The Crown? Not quite what their intent is. They are going to take that password and username, keep a file that cross-references all of the other times your data is compromised, and this could be built up over years, and they will create a file of your information that gets more and more powerful with each acquisition.
They might do a quick phishing email and send you an alert that they “have your credentials” and will threaten to expose compromising messages or photos. This is usually a lie but definitely causes most people to pause and wonder what might be out there that they aren’t aware of. The unsuspecting and fearful victim then clicks on the link and will either send money or deploy dangerous software to their computer – or worse, business network.
But Wait, There’s More
So, let’s say you use the same password for work and for Netflix. A different username, but the same password. A quick guess could provide a hacker with your email login to your work accounts, and they have the password from another breach. Now they are into the network and you have NO IDEA that they are logged in because there was never a compromise that you were alerted to with regard to your work email.
It’s a tangled web that we weave online, and we leave traces of our identities in so many places that we often forget where we put what information. This is why using a unique password for each account is so important and staying diligent when it comes to enabling security measures like multi-factor authentication. This means when someone logs on as you, you get an alert on your phone or via email. Building a strong wall around your own cybersecurity can also enforce the walls around your professional life and ultimately protect all of the patients that you work with as well.
This article was originally published on HIPAA Secure Now! and is republished here with permission. HIPAA Secure Now offers annual online subscriptions to help covered entities and business associates keep up with compliance. Learn more here.
HIPAA Secure Now! now offers PHIshMD training for CEs and BAs to help protect your organization from security threats.
Technology safeguards put a virtual wall around your network, but what happens when the bad actors climb over that wall? It’s up to your employees. Over 90% of breaches get caused by human error according to Kaspersky Lab, and if you’re not educating users HOW to protect your organization in this ever-changing threat landscape, your organization could be next. LEARN MORE