Take steps to secure sensitive patient data from becoming the next records for sale on the dark web.
The dark web, once a hidden or at least largely unknown haven for both cyber criminals and the most hardcore of tech and privacy enthusiasts, is becoming more widely publicized. The surge in data breaches over the last few years has turned the spotlight towards previously hidden dark web networks, bringing them out of the shadows and into public discussion. However, despite this exposure, the dark web remains the premier location for selling stolen digital goods to this day.
Unless you have a focus on internet security, you may not be familiar with the dark web. It’s a name given to corners of the internet which remain inaccessible without specialized software like the Tor browser or the Invisible Internet Project (I2P) router. Hidden from the view of everyday internet users, dark web marketplaces have flourished with users selling everything from hacking tools to illegal drugs. These dark web markets, along with other underground forums, are also where you may find your personal information after a major data breach like the one Equifax suffered last year.
After a successful breach, cyber criminals typically inventory their stolen data and pick out “the good stuff” to sell on dark web locations in exchange for cryptocurrencies like Bitcoin and Monero. These records often fluctuate in value, and some researchers estimate the average cost of an individual’s personal information at around $20. Others, like the author of a recent forbes.com article, suggest that electronic medical health record (EHR) could be worth hundreds or even thousands of dollars.
Law enforcement officials from the United States and internationally have made efforts to shut down popular dark web markets recently. For example, in July of last year, two parallel operations involving the FBI, DEA, Dutch police, and Europol succeeded in shutting down AlphaBay and Hansa, two of the most popular dark web markets at the time. These marketplaces, however, have proven to resemble the Hydra of ancient mythology. Where one market is shut down, two more open their doors to take over.
We are faced with the reality that it is nearly impossible to scrub your data from the dark web once it is posted. That’s why now, more than ever, it is important that you take steps to protect your data, and your customer’s data, from making it to the dark web in the first place. As a collector of patient data, start with a review of the records you collect and enact policies to only store what is minimally required.
Although security veterans will correctly note that no protection is flawless, Henry Schein TechCentral works with several technology manufacturers to provide tools to help protect your patient data. Server encryption services provided by TechCentral will use AES 128 or 256-bit encryption to help protect your data at rest. The WatchGuard all-in-one network security solution consists of different security layers working cooperatively with one another to dynamically detect, block and report on malicious traffic and respond to breaches in their early stages, so as to best limit potential damage from such breaches.
Data breaches are poised to remain a major issue for years to come. Taking steps to secure and reduce your available sensitive information can help prevent your patient data from becoming the next records for sale on the dark web.
Take the first step in data breach prevention by scheduling a free technology assessment performed by a TechCentral technology professional who will evaluate your networks, servers, firewall, and more. Visit www.HSTechCentral.com/DarkWeb to schedule your assessment today.
Visit http://www.hstechcentral.com/ to get more information about TechCentral and to schedule your free technology assessment.
The WatchGuard all-in-one network security solution is provided by WatchGuard Technologies, Inc. Henry Schein, Inc. and its affiliates are not responsible for, and expressly disclaim, all liability for damages of any kind arising out of the use of the WatchGuard products. Using the WatchGuard all-in-one network security solution in no way guarantees complete protection from data breaches.
By Marc Laliberte, Information Security Threat Analyst, WatchGuard Technologies
Marc Laliberte specializes in networking security protocols and Internet of Things technologies. Marc’s day-to-day responsibilities include researching and reporting on the latest information security threats and trends. He has discovered, analyzed, responsibly disclosed, and reported on numerous security vulnerabilities in a variety of Internet of Things devices since joining the WatchGuard team in 2012.
Originally published in Dentrix Magazine, Summer 2018