How to detect a hacker
A commonly heard statement on the topic of cybersecurity is “it’s not about if a cyberattack happens, but when it happens”. This is because every organisation that collects, processes, stores and transmits data is a potential target for cybercriminals. Healthcare organisations deal with valuable personal data, so it is not surprising that hackers try to obtain data from healthcare organisations.
What are hackers
Hackers, specifically those with bad intentions, exploit vulnerabilities on the internet or devices to gain access in order to spy on people, steal money or files, or to hijack a device to use for their own goals (Kaspersky, n.d.; Verlaan, 2018).
One of the methods hackers use are phishing attempts. Phishing / Spear phishing serves to persuade potential victims into divulging sensitive information such as login information, including usernames and passwords, and/or bank and credit card details. Spear phishing refers to targeted attacks against a specific person or organisation (ENISA, n.d.).
Another method is malicious software. Malicious software, or malware in short, is software that was created to purposefully damage hardware, steal data, or other harmful goals (Regan, 2019). These forms of software alter the original or intended purposes of the software programmes towards harmful ends.
How hackers work
Hackers usually try to gain access to systems or accounts by attempting to steal passwords. They often do this through exploiting security vulnerabilities of networks or websites. They then try to use the obtained account information to gain access to other websites and accounts. Sometimes hackers lure someone to a fake website (through phishing attempts) or they can physically see someone type their login information (Verlaan, 2018).
On the website “Have I Been Pwned” (Hunt, n.d.), people are able to check whether their login information has been obtained as the result of a data breach. This way, they can assess whether they and their accounts are at risk online. Visit and check it here: https://haveibeenpwned.com/.
How to tell whether a computer has been hacked
Kaspersky (n.d.) gives the following ways on how to check whether a computer has been hacked:
- Is there high outgoing network traffic?
- Is there increased disk activity or suspicious files?
- Are large number of packets from a single address being stopped by a personal firewall?
- Has the antivirus started to report on backdoors or trojans are detected, even with normal use of the computer?
For further information, see Kaspersky’s IT Encyclopedia for detecting hacker attacks: https://encyclopedia.kaspersky.com/knowledge/how-to-detect-a-hacker-attack/
Signs that a mobile device may have been hacked
Stokes (2019) gives six signs that may indicate that a smartphone has been hacked:
- Noticeable (and significant) decrease in battery life
- Sluggish performance
- High data usage (not explained by own use)
- Outgoing calls or texts (not explained by own use)
- Constant pop-ups
- Accounts linked to the device show unusual activity
Further information about how to address these issues is explained by Stokes in her blog on Techlicious: https://www.techlicious.com/tip/how-to-tell-if-your-phone-has-been-hacked/.
How to recognise phishing attempts
Some phishing attempts are easier to recognise than others. Phishing emails used to be obviously fake in the past, due to spelling errors and grammatical mistakes, but they have become more believable in recent years. According to Verlaan (2018), the following list can help indicate whether something is a phishing attempt:
- Is the email address of the sender correct?
- Is the language strange or incorrect?
- Does the message sound too good to be true? (you won a prize in a lottery you did not enter)
- Or, does the message try to scare you? (Your bank account is blocked!)
- Does the message contain and ask you to click on a hyperlink?
- Is the language overly formal and/or does it contain many spelling mistakes?
- Is the message sent outside of standard office hours?
On the website watchyourhack.com (EN) you can find more tips to prevent a hacker from being successful in his or her attempts.
How to prevent hackers from being successful
The following tips can help prevent a wide range of threats from becoming realised or these may help to diminish their impact (Business Matters, 2018; Health Informatics, 2019):
- Install updates and patches when they become available
- Use threat detection services
- Use a decoy, or honeypot
- Train all employees in necessary security elements
- Monitor traffic and security alerts
- Establish a security culture
- Use a password manager
- Protect mobile devices
- Use firewalls
- Make regular backups
- Control physical access
- Use and maintain antivirus software
What to do when a hacker was successful
Even if the most robust cybersecure (counter) measures are implemented, hackers may still be successful in their attempts to breach system databases. Hackers are experts in exploiting vulnerabilities and tricking people. There is no shame in being the victim of a hacker. The following list will be helpful after a hacker gained access to a network, device, or account:
- Reinstall the Operating System, such as Windows
- Revise settings on a device
- Revise network settings
- Upload a previously made backup
- Update account information
- Block access
- Unlink accounts to devices
- Contact IT services
- If applicable, report a data breach with the corresponding authorities
Resources such as Get Safe Online
For further information on these topics, in addition to the referenced texts, these sites provide further means of support around hacking and related topics.
- ENISA Glossary: https://www.enisa.europa.eu/topics/csirts-in-europe/glossary
- Kaspersky IT Encyclopedia: https://encyclopedia.kaspersky.com/
- Verlaan: “Laat je niet hack maken” / “Watch your hack”: https://laatjeniethackmaken.nl/ / https://watchyourhack.com/
- Andreoni, Perego and Frumento (eds.) (2019). M_Health Current and Future Applications. Springer
- National cybersecurity campaign websites, such as Get Safe Online (UK), https://getsafeonline.org, and Alert Online (NL), https://www.alertonline.nl
Business Matters. (2018, October 31). How companies can detect cyber attacks early to minimise damage. Retrieved 16 August 2019, from Business Matters website: https://www.bmmagazine.co.uk/in-business/advice/how-companies-can-detect-cyber-attacks-early-to-minimise-damage/