Maybe not as safe as we’d all like to think it is.
A recent study found that over 68% of healthcare organizations had employees with compromised email credentials, which were being sold on the Dark Web. The Dark Web is a subset of the Deep Web, which is a vast part of the World Wide Web that can’t be accessed using regular search engines, like Google and Bing. On the Dark Web, criminal activity — such as the sale of illegally obtained data — is shielded by anonymity.
By exploiting stolen and vulnerable credentials, cybercriminals can gain access to healthcare networks and sensitive information.
Did you know? Compromised email credentials account for almost ⅔ of data breaches in the US.
With the help of ID Agent’s Dark Web ID analysis technology, the study looked at 1,000 HIPAA covered organizations and business associates in the healthcare industry (including healthcare providers, hospitals, IT/software providers, medical billing/collections agencies, and regional health plans). Here’s what they found:
- 68% of organizations had one or more compromised employee email accounts.
- 76% of compromised account information included passwords. Of these, 23% of passwords were fully visible and the rest were “hashed” (meaning the text characters were converted into a string of symbols).
- Even though certain healthcare industry segments performed better than others, every segment analyzed included compromises in over half of its organizations. Medical billing/collections had the lowest percentage, with 55.6% of organizations having at least one compromised account. Regional health plans performed the worst, with 80.4% of those organizations having compromised accounts.
Many of the passwords were old and no longer in use, but be warned that even those could make companies and individuals vulnerable. Hackers can use outdated passwords to understand user behavior and more easily predict future passwords, either through meticulous guesswork or automated algorithms. Though it might seem like those whose stolen account information included hashed — instead of fully visible — passwords dodged the danger, clever hackers can still crack hashed passwords in multiple ways. And, because more than 3 in 4 Internet users choose a similar, or even the same, password for all their online accounts, the threat isn’t limited to the single compromised account or environment.
In more than half the cases studied, emails were compromised in known breaches, where large numbers of account logins were stolen and sold. But, in 6% of cases — which still added up to 450 accounts — the data was obtained through phishing scams. This is especially troubling, given the FBI’s recent warning that business email compromise (BEC) scams are becoming more frequent and more often resulting in financial losses.
The reality is that no company or organization's cybersecurity strategy is complete without addressing the risk of compromised email. The following “best practice” measures are recommended:
Proactive threat intelligence - Staying updated on the latest potential threats, and building defenses against them.
Continuous security management - Constantly monitoring infrastructure and analyzing security (and vulnerabilities) in real-time.
Rapid incident response and recovery - Establishing and maintaining processes and policies that enable fast action in case a breach does happen. Since no security measure is ever 100% guaranteed, it’s important to be prepared to immediately mitigate the potential losses if an email account or other login is compromised.
If all this sounds daunting, overwhelming, or even downright scary, we have you covered. We’ll help your business get on the right security track; just take the first step by reaching out!
Braver Technology Solutions LLC