Advertisement

For those of you who excelled in grade school English; that is not a glaring typographical error in the title of this post. Once upon a time, hackers had to rely on a personalized approach to get into your ePHI (electronic Protected Health Information) repository. It meant hours of poking and probing; looking for vulnerabilities that could be exploited. Like all technology-based endeavors, hacking is becoming increasingly automated and impersonal. There is an entire collection of differing types of “ware” that will quickly, efficiently, and mercilessly attack your systems and the golden nuggets of healthcare information that lie within. Although by no means exhaustive, the following is a synopsis of the more common malicious “wares” in the arsenal of today’s sophisticated hacker community. Malware, short for malicious software, is any software used to disrupt computer operation, gather sensitive information, or gain access to private computer systems. Malware is defined by its malicious intent, acting against the requirements of the computer user, and does not include software that causes unintentional harm due to some deficiency. The term badware is sometimes used, and applied to both true (malicious) malware and unintentionally harmful software.
Problem of Healthcare Data Security
For those of you who excelled in grade school English; that is not a glaring typographical error in the title of this post.  Once upon a time, hackers had to rely on a personalized approach to get into your ePHI (electronic Protected Health Information) repository.  It meant hours of poking and probing; looking for vulnerabilities that could be exploited.

Like all technology-based endeavors, hacking is becoming increasingly automated and impersonal.  There is an entire collection of differing types of “ware” that will quickly, efficiently, and mercilessly attack your systems and the golden nuggets of healthcare information that lie within.  Although by no means exhaustive, the following is a synopsis of the more common malicious “wares” in the arsenal of today’s sophisticated hacker community.

Malware, short for malicious software, is any software used to disrupt computer operation, gather sensitive information, or gain access to private computer systems.  Malware is defined by its malicious intent, acting against the requirements of the computer user, and does not include software that causes unintentional harm due to some deficiency. The term badware is sometimes used, and applied to both true (malicious) malware and unintentionally harmful software.

Spyware is software that aims to gather information about a person or organization without their knowledge and that may send such information to another entity without the consumer's consent, or that asserts control over a computer without the consumer's knowledge.  "Spyware" is mostly classified into four types: system monitors, trojans, adware, and tracking cookies.

Ransomware is a type of malware which restricts access to the computer system that it infects, and demands a ransom paid to the creator(s) of the malware in order for the restriction to be removed. Some forms of ransomware encrypt files on the system's hard drive (cryptoviral extortion), while some may simply lock the system and display messages intended to coax the user into paying.

Phishing is the attempt to acquire sensitive information such as usernames, passwords, and credit card details (and sometimes, indirectly, money), often for malicious reasons, by masquerading as a trustworthy entity in an electronic communication.   Communications purporting to be from popular social web sites, auction sites, banks, online payment processors or IT administrators are commonly used to lure unsuspecting public.

In-session phishing is a form of phishing attack which relies on one web browsing session being able to detect the presence of another session (such as a visit to an online banking website) on the same web browser, and to then launch a pop-up window that pretends to have been opened from the targeted session. This pop-up window, which the user now believes to be part of the targeted session, is then used to steal user data in the same way as with other phishing attacks.

Spy-phishing is defined as "crimeware" (a kind of threat that results in fraudulent financial gains).  Spy-phishing capitalizes on the trend of "blended threats", it borrows techniques from both phishing and spyware.  The downloaded applications sit silently on the user's system until the targeted URL is visited wherein it activates, sending information to the malicious third party. Through the use of spyware and other trojans, spy-phishing attempts to prolong the initial phishing attacks beyond the point at which the phishing site is available.

Advanced Persistent Threat (APT) usually refers to a group, such as a government, with both the capability and the intent to target, persistently and effectively, a specific entity. The term is commonly used to refer to cyber threats, in particular that of Internet-enabled espionage using a variety of intelligence gathering techniques to access sensitive information, but applies equally to other threats such as that of traditional espionage or attacks.

Typosquatting, also called URL hijacking or fake URL, is a form of cybersquatting, and possibly brandjacking which relies on mistakes such as typographical errors made by Internet users when inputting a website address into a web browser. Should a user accidentally enter an incorrect website address, they may be led to any URL (including an alternative website owned by a cybersquatter).

Clickjacking is a malicious technique of tricking a Web user into clicking on something different from what the user perceives they are clicking on, thus potentially revealing confidential information or taking control of their computer while clicking on seemingly innocuous web pages.

Are you ready to fight those hackers and their armory of automated ware-based tools?  Are you ready for answers in a simple, automated, and affordable fashion?  HIPAA One is a simple interface that allows information capture, project oversight, updates, and automated documentation.  Learn more at: www.HIPAAOne.com
iTech Dunya

iTech Dunya

iTech Dunya is a technology blog that specializes in guides, reviews, how-to's, and tips about a broad range of tech-related topics..

Post A Comment:

0 comments: