Cyber Security Today – Hospital email hacked, and more on two-factor authentication

Hospital email hacked, and more on two-factor authentication

Welcome to Cyber Security Today. It’s Friday October 11th, I’m Howard Solomon, contributing reporter on cyber security for ITWorldCanada.com.

Cyb er Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts

 

Methodist Hospitals of Gary, Indiana has admitted that personal and medical information of as many as 68,000 individuals may have been copied by a hacker between March and July. How? Two hospital employees were suckered by an email phishing scam. Presumably they gave out their passwords, because the hospital says the hacker got into their email accounts. What these employees had in their email was patient information that included people’s names, addresses, social security numbers, drivers licence numbers, credit or debit card numbers, dates of birth as well as medical information. In some cases there were passport numbers.

The odds of this kind of data getting out can be lowered in several ways: First, organizations whose staff handle sensitive information have to make sure all personal data is encrypted. That includes messages and files employees send to each other. If the data gets out it’s encrypted, so it’s useless. Second, the organization has to use two-factor authentication for all logins. For those who don’t know, 2FA as its called, is an extra step that requires users to enter a four- or six-digit code when logging in, in addition to a username and password. The code gets sent to you by text or email. Used properly it can’t be stolen like a password. It probably would have stopped the Methodist Hospital hacker.

I’m sure I sound like a broken record on the importance of using two-factor authentication. Well, it’s not only me that talks about this. This week John Sawers, the former head of the British spy agency MI6 told a conference in London that two-factor authentication is one of the prime ways you can improve security. So, listeners, if the apps or websites you use offer 2FA, enroll in it. Microsoft Office offers it, Google and Yahoo offer it. Companies, if you don’t offer it to your users, you should. And quickly.

These podcasts are brief, so if I haven’t made two-factor authentication clear, do a web search.

During Cyber Security Awareness Month I’m passing on tips on how to stay safer online. There’s no shortage of mobile apps for smartphones, but they can be a privacy and security risk. The National Cyber Security Alliance, a business association, offers this advice: Delete apps you don’t need or no longer use. Go into your settings and look at the permissions each app wants. Say “No” to any that don’t make sense. Does a fashion app need to access your contacts? Does a texting app need to access your location? Does a game need to access your photo album? Lastly, only download apps from trusted sources.

That’s it for Cyber Security Today. Links to details about these stories can be found in the text version of each podcast at ITWorldCanada.com. That’s where you’ll also find my news stories aimed at businesses and cyber security professionals. Cyber Security Today can be heard on Mondays, Wednesdays and Fridays. Subscribe on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker. Thanks for listening. I’m Howard Solomon

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now