technologist, ct technologist, mri technologist

Healthcare Cyber Attack Survival Guide

By

Change Healthcare 2024 data breach affected over 100 million people, as confirmed by the HHS in an October 2024 Cybersecurity Incident Update. This marks the largest confirmed healthcare cyber attack ever.

The worst part is that sensitive patient data and personally identifiable information of tens of millions of people was leaked and is now in the hands of unknown cybercriminals. This can include, but also not limited to names, drivers license, credit card information, email address, date of birth, street address, and even social security number.

What can happen if your healthcare data was leaked?

With your personal information, hackers can assume your identity to open accounts, open credit lines, file fraudulent tax returns, obtain a driver’s license (with their picture and your name), or even impersonate you during traffic stops.

  • Take out loans in your name.
  • Open fake bank accounts.
  • Open utility accounts. 
  • Apply for credit cards.
  • Obtain government benefits.
  • File fraudulent tax returns.
  • Use your health insurance to pay for medical care.
  • Obtain a driver’s license with your name but a different picture.
  • Pretending to be you when under police arrest.

The most immediate concern is that hackers can leverage your personal information to apply for credit lines under your name.

Even worse, they can possibly assume your identity to engage in account takeover attacks.

While healthcare organizations have made a commitment to work with cybersecurity experts to upgrade security protocols, it is equally important for all patients, healthcare professionals, or anyone who suspects they could be victim to future attacks to take a proactive approach to personal data security by implementing a few simple upgrades to your personal cybersecurity protocols.

Take a Proactive Approach to Protecting Your Data

In this article, I’m breaking down the most important steps to take if you suspect your data may have been compromised, or is at risk, as well as offer you helpful tips to keep your data and personal information safe from future cybersecurity attacks.

Table of Contents

What to do if you’ve been affected by a Healthcare Data Breach

Do you suspect your data has been leaked? The unfortunate reality is that all major organizations across every industry, from financial, to manufacturing and even healthcare are under a constant barrage of cyberattacks.

Disclaimer: I am not a professional advisor, and the information provided here is not to be construed as professional advice. I am not aware of your specific situations or circumstances. The tips shared are based solely on my professional experiences and personal practices. It’s essential to consult with relevant cybersecurity professionals or experts for advice tailored to your individual needs and situations.

1. Change Your Passwords

Changing your passwords is your first line of defense against unauthorized access to your accounts. When changing your passwords make sure to use a strong mix of uppercase letters, lowercase letters, and special symbols to increase your password strength.

This one might seem obvious but the first thing I did when I heard about the 2024 healthcare cyberattacks was change my passwords on all of my healthcare provider accounts, credit cards, bank accounts, and any related websites.

How to create a strong password you can remember

I know adding a strong password means that we’re probably never going to remember it , so here’s a quick tip that I learned to create strong passwords that are easy to remember.

  1. It all starts with one key letter, lets take the letter F for example. I’ll start my new password with shift + F for an uppercase letter, then start by pressing the letter above and work my way around, either clockwise or counterclockwise.
  2. Add a number to that and now you have a strong password where you only have to remember one letter.
    • For example: Frdcvgt5 (meets 8 digits, uppercase letters, lowercase letters, and contains number). All you really had to remember was the letter F
  3. You can easily add strength to your password by adding another key letter, lets take the letter U for example. I can now use the same pattern as before to incorporate numbers and symbols in my password. And I only have to remember two letters. Try mixing up patterns or using the shift key for even stronger passwords.
    • e.g. Frdcvgt5U&yhji8:)

2. Check Dark Web Databases

It’s no secret that hackers steal the personal information of millions of people so that they can turn around and sell the data on the dark web to other cyber criminals. Stay ahead of information leaks with dark web monitoring. One of the websites I always use to check if any of my information has been leaked is haveibeenpwned.com. It’s a free website that scrapes dark web databases and gives you background information if your email address is associated with any recent data leaks. Dark web monitoring is also available for free as part of many VPN services. These reports are usually a little bit more detailed however they typically only monitor the email address tied to that account.

If you found that your email was associated with a recent cyber attack, it might be best to just start a new email. I keep a separate email address that’s purely dedicated to all things healthcare related. So luckily, this data leak shouldn’t affect any other account but since that email may have been compromised with the healthcare data leak, I created another free Gmail account with google and updated all of my healthcare profiles, so I can essentially scrap the last email.

3. Enable two-factor authentication, or multi-factor authentication

Two-factor authentication takes only minutes to set up on your accounts and can save you a lifetime of headaches. 2FA adds another layer of security by requiring verification using 2 or more different login methods. The main benefit is It notifies you in real-time when someone is attempting to access your accounts and helps you take immediate action to prevent the unauthorized access. Consider 2FA authentication for your credit card accounts, bank accounts and Healthcare accounts with sensitive information.

4. Setup Banking Alerts

Take an extra step by setting up transaction alerts on your credit cards and bank accounts. In the months following a cybersecurity attack, it’s important to pay close attention to any suspicious activity on any associated credit cards or bank accounts

5. Setup Credit Monitoring Alerts or Credit Freeze

You can also create a free account with the three major credit bureaus (Equifax, Transunion, ) and set up credit monitoring alerts to receive a notification when there are any inquiries on your credit account or changes to your credit score. For an added layer of security, you can also turn on the credit freeze option to lock your credit accounts and automatically prevent any new credit lines from being opened under your name.

Now that we’ve explored the five most impactful steps to take if you suspect your data has been leaked, let’s shift our focus to steps you can take to protect your personal information from future cyberattacks. Here are some simple, but effective steps you can take to help minimize your exposure to cyber attacks or data leaks going forward

6. Update Your Devices Before Leaving On Your Trip

If its possible, update all of your devices on a secure network before leaving for your trip. This ensures your systems are equipped with the latest security patches. After you’ve updated your devices, make sure to download all media files or apps that you’re going to be needing for your business trip or vacation. As a good rule of thumb, you want to avoid downloading files when you are on unknown networks.

7. Avoid Unsecure Network Connections

Unsecure wifi networks, like the hotel wifi, are particularly vulnerable to man in the middle attacks. This is where hackers hijack a network connection and intercept all of the data going across that network.

Overall, its best to avoid logging into any wifi hotspot, but if you absolutely have to use the wifi, always make sure to use a VPN to encrypt your connection.

This is one of the most effective tools to protect your online privacy when traveling. But to be honest, I’m on a VPN encrypted connection almost 24 hours a day, not just when I travel.

I use NordVPN, so I get reliable, military-grade encryption for all my data without experiencing any noticeable drop in connection speeds. It also comes with some great features that I use when I’m traveling, like a VPN kill switch, to stop all data connections if an unsecure connection is detected, real time malware protection, as a second layer of defense if you accidentally click on a malicious link, and dark web monitoring to provide live updates if any of your data is leaked.

You can also use one account to protect multiple devices. A solid reliable VPN service like Nord VPN costs as little as 13 cents a day and is one of the best investments you can make to protect your personal and financial information, especially when traveling.

Also, a lot of times phones will automatically login to networks or accept data connections without your knowledge. So, make sure to disable auto connect for Bluetooth and Wi-Fi, and make sure to set airdrop to contacts only. 

8. Practice data minimization and compartmentalization

One of the best ways to minimize the risk of your personal information being exposed is by limiting the information you give out. Data is the new currency and every large company out there wants as much of it. It’s important to draw that line in the sand and make it a practice to only give out the minimum information required. Remember that their goal is to gather as much data about you, so they will always ask, but know that it is always ok to draw boundaries to what information you will give out.

9. Cash or Credit, Never Debit.

With the rise of card skimmers everywhere, its best to buy only from trusted vendors, with cash whenever possible. If they don’t accept cash, use a credit card but never ever, ever use a debit card. Ultimately it’s up to you to balance the credit card exposure vs the risk of future data breaches.

10. Utilize RFID wallets

Did you know that your credit cards, hotel room keys, company badges and any other card with an RFID chip is constantly putting out RF signals? This same RF signal that helps speed up checkout times also makes it possible for hackers to steal your credit card information by just walking past you. This hacking technique is called RFID skimming and it’s frequently used to target large, crowded areas.

The best way to keep your credit card information safe is by leaving all non-essential cards in a secure area at home, or hotel room safe, if traveling.

For the essential items like room keys, and the one or two credit cards that I have to carry with me, I always use an RFID-blocking wallet. These wallets are specially designed with a metal lining that blocks all RFID signals. You can also try wrapping your credit cards in aluminum foil to get some RFID blocking effect, but it won’t be as effective. It is recommended to always do your research and independent testing, if possible, to ensure your RFID wallet is blocking all signals. You can find RFID wallets on Amazon (Free 30-day Amazon Prime Offer), or consider checking the travel section of your local Ross, Marshalls, TJ Maxx, if you need one immediately.

11. Limit All Web Activity

When I’m traveling, or outside of a secured network, I try to limit all web activity, especially purchases online or any activity where I’m entering my personal information. Hackers use a technique called Phishing attack to create perfect replicas of websites or emails from reputable companies, with the goal of getting you to click a malicious link so they can then intercept all of your information.

As a good cybersecurity practice, avoid clicking on any unsecure URLs from websites or emails, this includes the unsubscribe buttons that you see in the bottom of every spam email. Instead of clicking the unsubscribe link, you can try blocking the email address with google, marking it as spam, or consider adding filters to your email server.

As a good rule of thumb, avoid opening links, downloads, pdfs, images, or attachments from unsecure websites or unsolicited emails.

If you’re browsing the internet, always check the URL before entering any payment information to websites. Look for the https at the beginning of the web address and verify the parent URL directory to make sure you weren’t redirected.

Key Takeaways

By implementing the simple cybersecurity measures above, you limit your exposure to data breaches. Quick and effective changes such as changing your passwords, enabling multi-factor authentication, activating fraud alerts on your credit profile, and checking your information against known dark web databases helps to stay ahead of healthcare cybersecurity threats.

  • Check your email against any dark web databases.
  • Report the event to your credit card company and banks, then setup transaction alerts on your credit cards. Pay particular attention to any cards you had on file with any healthcare providers.
  • If you believe that your personally identifiable information, such as full name, date of birth, and social security number was leaked in the data breach, you may want to consider placing a credit freeze with all three credit bureaus.
  • If you suffered financial loss, it may be time to seek legal counsel
  • Practice data minimization. Never give your social security number, if you can help it.
  • Use IP masking and web encryption.
  • Use a separate email for all healthcare updates.
  • Limit all web activities, especially purchases online or anything where you’re exchanging personal information.
  • Buy only from trusted vendors and always use a credit card. Pick one to consolidate all transactions and avoid using your debit card.
  • Use cash when possible.
  • Avoid clicking on any URL from an email, this includes the unsubscribe buttons. You can try blocking and it gets separated into a separate folder, also consider adding filters. Avoid opening links, downloads, pdfs, images, or attachments from unsolicited email.
  • Always check the URL before entering any payment information to websites. Look for the https at the beginning of the web address and verify the parent directory to make sure you weren’t redirected.
  • Update your devices regularly to include the latest patches.
  • Use an RFID wallet.
  • Avoid logging into any unsecured WIFI, includes hospital wifi. Search from trusted wifi hotspots with your provider. Even these secured wifi networks can be exploited by man in the middle attacks. Always use an encrypted web connection (VPN).
  • Set airdrops to contacts only.
  • Avoid auto Wifi login (Enable VPN kill switch to avoid unsecure connections).

I hope this article was a helpful resource. You can find additional links to related resources below.

  • https://www.hipaajournal.com/january-2024-healthcare-data-breach-report/
  • https://www.hhs.gov/about/news/2024/02/21/hhs-office-civil-rights-settles-second-ever-ransomware-cyber-attack.html

Helpful Resources

The information provided by MRIPETCTSOURCE (“we,” “us,” or “our”) on https://www.medicalimagingsource.com (the “Site”) is for general informational purposes only. All information on the Site is provided in good faith, however we make no representation or warranty of any kind, express or implied, regarding the accuracy, adequacy, validity, reliability, availability, or completeness of any information on the Site. UNDER NO CIRCUMSTANCE SHALL WE HAVE ANY LABILITY TO YOU FOR ANY LOSS OR DAMAGE OF ANY KIND INCURRED AS A RESULT OF THE USE OF THE SITE OR RELIANCE ON ANY INFORMATION PROVIDED ON THE SITE. YOUR USE OF THE SITE AND YOUR RELIANCE ON ANY INFORMATION ON THE SITE IS SOLELY AT YOUR OWN RISK.

Related Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Scroll to Top