By Joseph E. Fishel, CBET, MBA
Here is a questionnaire to take you down memory lane. I thought you might enjoy it.
Did you enjoy going down memory lane? Having some feelings of “Auld Lang Syne?” Have you filled one of these out on a social media site such as Facebook in the past? When you finished, you probably pressed reply as well as sent it to your friends. This is just among friends right? You’ve known most of your Facebook friends for eons right? There was nothing really new here as most of your friends grew up with you. They had the same experiences that you had and the same teachers. Guess what? This didn’t come from the friend that you thought it did. Your friends were hacked and someone is sending out emails in their name.
What did you just give the hacker? Here are the top 10 security questions that companies use to have an individual verify their ID to be able to create an account or recover your password.
If you have a Facebook account I can see where you live, where you are from and your relationship status. I can also see your friends. I may IM you to email me directly so we can catch up. I give you an email address and ask that you send your email address and phone number too. I now have your email address and phone number and you don’t suspect a thing. From this little bit of information, I can determine where you graduated from high school with a phone call to the school. I can find out what year you graduated. I then subtract 17 or 18 years from that and I know, within two years, when you were born. I can search for you through many ancestry applications. When I find you on the application it will give me your exact birth information including the date, location and parents’ full names (both middle names and maiden names).
I now have enough information to start creating havoc with your finances.
For existing accounts, I can click “forgot password” and go through the process to get a new one. Websites usually ask for the email address affiliated with the account and that a security question be answered. By answering it correctly I can change the password and, bingo, I have access to the account.
A more guaranteed way of obtaining account numbers is also the most common way and that is to go through a homeowner’s trash looking for financial correspondence that has not been shredded. If I have your Social Security number, I’m golden.
What else is in the trash? All of those junk mail credit card offers. Are you shredding them? These can be used to create new credit card accounts in your name. With the above information, I contact the company impersonating you and there is a 90% chance that I will be able to open an account or create a credit card account in your name. You won’t know it until the bills start to arrive or a collection agency starts contacting you because payments haven’t been received.
These are reasons why cybersecurity in health care is so important. Much of the patients’ personal information (such as name, address, phone number, age, birthdate, gender, marital status, etc.) are found or reside in files on a health care provider’s network whether in medical or financial files. We have a responsibility to protect them.
Joseph E. Fishel, CBET, MBA, is a Healthcare Technology Systems Manager for Sutter Health eQuip Services.
*By entering your email address, you agree to receive emails regarding TechNation Magazine, Webinars, and Exclusive Promos.
© 2020, TechNation Magazine. Site designed by MD Publishing, Inc.