Looking for a Business Associate Agreement? Download our FREE starter template.
Total HIPAA Logo

How HIPAA Can Help Deter Hackers

The number of hacks and breaches that occur continues to rise exponentially. Though you may have security measures in place, hackers are finding new ways to infiltrate your system. So, what can you do to stay one step ahead of the hackers?

A 2015 Reader’s Digest article outlines “20 Things Cyber Crooks Don’t Want You to Know”. From this list of 20 things, we chose a few that are more specific to businesses and describe how they relate to HIPAA. Review these 5 tricks hackers use to access your PHI so you can avoid becoming an easy target.

  1. Personalized phishing emails.

Hackers use phishing emails to trick people into clicking links that often lead to the installation of malware or ransomware on your computer. These emails used to be a lot more obvious. For example, an email from a Nigerian prince or an email saying you have have a distant wealthy relative who just died. These emails have become a lot more sophisticated and include information that matches your online activities. This leads you to believe the email is legitimate. If you are not careful, you could fall into the trap.

Phishing is the cause of many PHI breaches. In fact, in 2013, University of Washington Medicine experienced a breach that affected over 90,000 patients. This breach was due to malware installed through a phishing scam. It was recently reported that University of Washington Medicine paid a settlement of $750,000 in penalties for this breach of PHI. ¹

Avoid phishing scams by being cautious of each email you open. Avoid clicking links or downloading files from emails with which you are unfamiliar. Phishing emails often ask for your personal information in order to claim gifts or recover/verify an account you have. This is an alert to STOP. Do not enter any personal information (passwords, social security numbers, etc) if prompted.

  1. Typosquatting

“Typosquatting” is when hackers purchase domain names similar to names of real websites.² For example: a hacker may buy the domain name microsfot.com. The success of typosquatting depends on you incorrectly typing in the URL. Once you enter the site, hackers can install malware on your computer or they try to convince you to share personal information. Make sure you check the web address before visiting the website. Web pages that require you to enter personal information like Social Security Number or credit card info should have “https” in the address bar, and a lock. If the site does not have both of these items, this page is not secure and you should not enter your information.

Screen Shot 2016-08-02 at 11.37.01 AM

  1. Brute Force Attacks

Hackers use a method called “brute force attack” to crack your password. Brute force attack is a trial-and-error process that uses logic to try many different combinations of characters and guess your password. This is why easy passwords like “letmein” or “qwertyuiop” can easily be cracked. The longer and more complex the password, the harder it is for the software to guess your password. This malware can run in the background trying to determine your passwords while you are using the computer. It takes basically no effort on the part of the hacker. They just have to launch the program, which can be done remotely. Hackers are relentless.

It was revealed that the 2012 LinkedIn breach included millions of accounts that contained very easily cracked login credentials. At the top of the list was “123456” (appearing over 1 million times) followed by other equally simple passwords like “linkedin” and “password”.³ These passwords are easy targets for brute force attacks. A random assortment of characters is a lot harder to crack than a simple password or one that contains words in the dictionary. It is important to change passwords frequently in case your computer is a target.

Password management tools, such as LastPass, OnePass, or Dashline help you manage your passwords. Not only do they generate strong passwords for you, but they save each password in their encrypted database so you don’t have to remember them. You do need to remember the master password to the management site. This option is a lot safer than saving your passwords in your browser’s password management feature or on an electronic note on your desktop. Make sure you keep these programs up-to-date, and change your master password frequently.

  1. Wi-Fi Software

One major security flaw is that people do not select a new administrator’s username and password when they install a router. Make sure to change both the username and administrator’s password to avoid easily being hacked. With a simple internet search of the router and model number, anyone can access the administrator password the router came with and then gain access to your network. Be sure that you are also keeping your router’s software updated as it helps to protect against vulnerabilities in the firewall.

It is also important to check that your router uses WPA2 encryption. WEP encryption can easily be exploited. Software to crack WEP encryption is widely available. It is best to go with the newer WPA2 which uses more secure AES algorithms.

  1. Vulnerability of Public Wi-Fi Networks

It’s best not to log into a public network if you plan to use a credit card as public networks are often do not have protection. Many hackers target public Wi-Fi networks like those in coffee shops. They use man-in-the-middle attacks allowing hackers to put themselves between you and the information you want to access through the network. This means that when you request information like a webpage from the server, that information would first go to the hacker. The hacker can then take what they want from it, or alter it in some way, before then sending it on to you. This tactic is beneficial to hackers when you access your bank accounts. Many people think the only risk of taking home PHI is leaving a storage device behind in a public place or having your laptop or iPad stolen. However, doing work in a coffee shop through their public Wi-Fi can cause a breach. It is best to avoid emailing PHI or accessing any important accounts through public Wi-Fi.

Unfortunately, even if we take all the right security measures, we will never be invincible. However, taking the right steps like creating strong passwords, activating a firewall and following HIPAA security recommended policies and procedures can help protect your data and can lessen the chance of an embarrassing and expensive breach.

  1. (http://www.databreachtoday.com/phishing-breach-results-in-750000-hipaa-penalty-a-8747)
  2. (http://www.usatoday.com/story/money/personalfinance/2016/03/20/typo-can-get-you-hacked/81977012/)
  3. (http://www.theregister.co.uk/2016/05/24/linkedin_password_leak_hack_crack/)

Sharing is caring!


Looking for a Business Associate Agreement?

Download our free template to get started on your path toward HIPAA compliance.

Download Now

Let's keep in touch

Stay up to date on the latest HIPAA news, plus receive tons of free tools and info.

Navigating HIPAA Compliance in 2023

Watch the recording of this webinar to learn more about how you can become and stay HIPAA compliant!


Related Posts

What is Access Control in terms of HIPAA?

What is Access Control in terms of HIPAA?

Access control, in terms of cybersecurity, refers to the practice of managing and regulating who can access specific resources, systems, or data within an organization's network or information...

Comparing HIPAA and NIST

Comparing HIPAA and NIST

In the ever-evolving landscape of data security and privacy, two key frameworks have emerged as significant players: HIPAA and NIST. Both emphasize the importance of safeguarding sensitive...

Save & Share Cart
Your Shopping Cart will be saved and you'll be given a link. You, or anyone with the link, can use it to retrieve your Cart at any time.
Back Save & Share Cart
Your Shopping Cart will be saved with Product pictures and information, and Cart Totals. Then send it to yourself, or a friend, with a link to retrieve it at any time.
Your cart email sent successfully :)