The Good, the Bad, and the Reality
Let’s start with the good news – for the first six months of 2021, despite increased cyberattacks, data theft impacted 186 million people, according to the Identity Theft Resource Center (ITRC). That’s down from a high of 2.5 billion victims in 2016.
Now the bad news – data theft is cumulative. Your stolen data doesn’t just stay in a data silo or get sold as-is on the dark web. Your stolen data gets purchased by data aggregators who combine your info with other data sets that have been collected from public resources or stolen in the past. The net result is a data profile that can contain hundreds, if not thousands, of data points on every one of us. Want proof? In 2018 a data aggregation company named Exactis exposed 340 million records on individuals, the breached data included 300 data points on almost every single American. Are you a smoker? Do you have kids? Do you have a pet? What kind of car do you drive? It’s all available on the dark web. The really bad news is most of these personal “data points” don’t change over time. Consider your health information, for example. Once your medical history is exposed, it’s in the wild – forever. Oh, and for everyone who paid to have their DNA lineage tracked (23 and me, ancestry.com), the Chinese own the labs that processed your DNA information. Several years ago the FBI began warning us that this information, in the hands of a malicious state, could be used to engineer viruses or diseases that target specific DNA, while leaving others untouched. Imagine living in a world where we have engineered viruses designed to target our specific genome!
Here is the reality punch. We’ve lost the privacy battle. Whether the information was stolen from government agencies, as happened last week to the Department of Health and Human Services in Alaska, or the hundreds of companies who’ve retained data on us, the truth is our information is out there, and it’s available to anyone who knows their way around the dark web and is willing to pay for it. A sobering reality, I know, but a reality nonetheless.
Where does that leave us? The only play we have is to identify the assets we have that we want to protect. For most of us, that means our banking information, our credit card information, our investment portfolios, our common shopping websites, and to the extent we can, our health information. All of this should be behind multi-factor authentication and complex, unique passwords.
We may not be able to get the data genie back in the bottle, but we can protect access to the things that are critical to us. Even that isn’t fool-proof, but it’s the best we can do. Just ask anyone you know who has had their identity stolen, recovering from that is a nightmare. Add the layers of security that are available to you today.
If you have questions, just give us a call and we can get into more detail on ways you can protect yourself at home and at work.
If you have any questions or if you are concerned about your organization’s cybersecurity, give us a call at (800) 970-0402. We’ll be happy to help.
For more HIPAA information, download our ebook – The Ultimate HIPAA Compliance Handbook.
The HIPAA Security Rule requires the implementation of a security awareness and training program for all members of its workforce (including management). Have your team sign up for a weekly HIPAA Security Reminder to help stay compliant.