What do cybercriminals do with stolen data?

What do cybercriminals do with stolen data?

You’ve likely heard the stories of major data breaches that expose the personal information of millions of people. Perhaps you’ve even been a victim of this. But what actually happens to exposed data? How do cybercriminals actually use the data?

They sell it on the dark web. Credit card numbers, national ID numbers, email addresses, and passwords all fetch certain prices on the underground economy.

They launch spear phishing campaigns. With enough information, cybercriminals increase their chances of successful phishing attacks because they’re able to target specific individuals or organizations while sounding legitimate.

They pretend to be you. Identity theft is a top concern. If attackers gain access to your personal info, they can open accounts in your name, attempt to claim tax refunds, and file insurance claims, etc.

They attack even more accounts. In the case of stolen usernames and passwords, criminals use “credential stuffing,” which is an automated attack using those same usernames and passwords to gain access to other accounts.

Accidental data breach by clicking ‘Send'

Merely having a HIPAA-compliant email service isn’t enough to keep a clinic or agency within the regulations. The organization still needs to train its employees to use the Health Insurance Portability and Accountability Act compliant service properly, as well as implement the necessary policy and administration measures to guard its Electronic Protected Health Information (ePHI) records. If these aspects aren’t addressed, an organization could easily find itself suffering from a significant breach, the resulting fines, penalties and possibly failure.

Data breaches have become one of a medical clinic or insurance agency’s greatest fears. If you study the reparations, penalties, recovery costs and the ensuing investment in new security measures, data breaches are unbelievably expensive. That is aside from accounting for the interruption to regular business or the long-term damage to their brand reputation. 60% of all organizations that experience a data breach fail within the next 120 days … 120 days!

A clinic in Michigan closed its doors on April 1^st, 2019 just months after a ransomware attack deleted EVERYTHING. http://www.startribune.com/all-of-records-erased-doctor-s-office-closes-after-ransomware-attack/508180992/

Only 3 weeks ago, Eye Care Associates in Ohio had a trojan virus attack that severely affected their ability to do business and as of today (8/16/19) they are still struggling to recover and keep doors open https://businessjournaldaily.com/eye-care-associates-hit-by-ransomware-attack/

In both of these examples the clinics did not lose any patient data but Where the attack succeeded was interrupting business operations, Loss of reputation, loss of company data, costing it patient bookings and eventually, for Dr. Scalf and Dr. Bizon, the closure of their clinic.

Analyzing all breaches over the past 5 years will tell you that encryption is the most suitable way to make data confidential both in transit and at rest.

When organizations evaluate their need for email security, they all come to the conclusion that they need better access control, encryption, measures to ensure data integrity, documentation that the email is secure and much more. Some will find that they need more advanced mechanisms than others, such as opt-out email encryption to reduce the chances of employees accidentally causing data breaches. Ultimately, some businesses may decide that they have the capabilities to make their emails HIPAA-compliant in-house.

Others will choose to go with a HIPAA-compliant provider, like 10D Tech, that understands how to mitigate the problem in this complex regulatory world. This approach is generally easier and helps to spread the risks onto the provider, as long as a Business Associates Agreement (BAA) is signed. When audited, a clinic or organization simply refers to their provider for the documentation and reports of compliance. The end result of either method will be more than just HIPAA compliance. If your company has been judiciously following HIPAA’s recommended path of performing security reviews and implementing mitigation strategies, then it will end up with a secure email system as well. With the right systems in place, an organization will reduce its chances of suffering a data breach.

Accidentally causing a data breach is as easy as clicking ‘Send.’ Are you prepared?

10 reason to use 10D Tech

Our partners have discovered the benefits of having 10D Tech maintain and support your work stations, your network and your staff. 

Our Standards, Process Alignment, Business Impact and IT strategy is the recipe for our great results.

Our results for owners and managers:

1. Lower costs mean Higher Profit Margins. Using 10D Tech is like having an employee that never goes on vacation, doesn't require health insurance, is never sick, needs no profit sharing, no further company-based training, no desk, no chair, no phone ... etc.  
2. Increased Functionality as the staff is not spending 22 minutes a day working on some tech issue. 22 minutes a day is over 7 hours a month, or 11.5 days every year.
3. More Productive Employees They are not messing with the newest application or scouring their social media pages.
4. Better Morale amongst the staff knowing they don’t have to stress the Blue Screen or that they are downloading a virus.
5. A Reduced Risk as we back up your work stations, servers and overall network on a regular schedule all but eliminate the scary RansomWare notice everybody is talking about.
6. Installing a firewall, securing work stations with endpoint protection, instigating the password manager rules Enhances Security.
7. A stable network and protected work stations allow you to be More Competitive in the market without the added wasted time.
8. Looking at your current network and building a 3-5 year plan will Lower your Overall Technology cost. Instead of replacing things as they break, we help you purchase, according to a plan when prices are lowest.
9. A better balance of your Work vs. Life focus.  Nobody needs to stay late trying to figure out why the printer doesn’t work.  We already have it taken care of.
10. In general, a Peace of Mind that we have you covered and you can focus on what you do best.

Call us if this sounds like the solution you've been looking for. 541.243.4103  www.10dtech.com