Data breaches have become common in the past few years, resulting in billions of stolen records. Unfortunately, in most of these data breaches, media coverage focuses on how the data breach was carried out, how many records were stolen, and the legal and financial implications. However, we rarely hear about what cybercriminals intend to do with the stolen data from these incidents.
When broken down by industries, most of the stolen data comes from government organizations, financial institutions, and healthcare providers. Part of the reason for this is these institutions hold so much personal information in a single user’s records that, in most cases, can fetch more money than entire databases from other kinds of companies and organizations.
However, despite not being a top target for most cybercriminals, personal data from veterinary practices’ customers is also valuable to most cybercriminals due to the data mirroring most healthcare data. Therefore, cybercriminals targeting veterinary practices are mostly sure that their customers’ data will have valuable information they can use to advance their activities. To understand why a cybercriminal may be more interested in your costumes’ data as a veterinary practice, we have compiled a list of some of the ways the data is used once it falls into Cybercrminals hands:
1. Double Extortion
During a ransomware attack, a cybercriminal may opt to first compromise your data, steal it, and then encrypt your entire computer system. Victims are then threatened with the data being released to the public if they do not pay for the decryption key.
In a more sophisticated form of attack, known as triple extortion, cybercriminals exfiltrate their victim’s sensitive data, encrypt it, threaten to release it to the public, and in some instances, contact the clients whose data have been compromised and notify them of the attack and why they need to compel the victims to pay if they do not want their personal data leaked.
Therefore, practice owners should be prepared for cybercriminals willing to compromise their customers’ personal data and use them as leverage against them. They should also have a plan on how to address the leakage of customer data. Veterinary practices should also know the best way to protect themselves against such attacks is by training their staff, running updated software, ensuring malware and firewalls are running, and having a backup in case their data is exfiltrated.
2. Selling Data
As stated above, some personal data are more valuable than entire databases. Therefore, when a veterinary practice is compromised and their customers’ data stolen, cybercriminals will look to sell their data on black markets and the dark web.
The data sold can include financial information, social security numbers, names, emails and passwords, various account information, e.t.c. When placed in the wrong hands, such data can be used in criminal activities such as identity theft. In fact, a significant number of identity theft in the past few years has been due to criminals buying their victims’ data from cybercriminals who have illegally accessed them.
3. Account Compromises
It is a well-known fact that most users do not personalize their emails and passwords for every account they open. Therefore, when cybercriminals gain access to their accounts, including emails and passwords, they are able to log in to their other accounts, including emails and financial services web applications.
Therefore, veterinary users who have not implemented two-factor authentication in their other accounts are targeted beyond the initial compromise, which can result in far-reaching losses. Data stolen and used this way can also be a problem for practice owners because they can get sued for failing to keep their client’s data safe.
4. Targeted Phishing Attacks
There is also a high likelihood that users’ data obtained by hacking veterinary practices may be used for targeted phishing attacks. This can happen in two ways: cybercriminals can opt to use the data to target other victims related to your customer, or they can use the data to target your customer.
5. Blackmail
Finally, the client’s data stolen from your veterinary practice can be used for blackmail in a number of ways. The most common method used by cybercriminals is contacting your customers and notifying them their data has been compromised. To avoid their personal data getting leaked, they need to pay or compel your practice to pay the ransom being requested in the attack.
Another method that is commonly used is extorting money from your hacked customers or their sensitive data, such as social security numbers, get used to commit crimes such as identity theft. Unfortunately, in most cases, even when payment is made, the victims’ data is still sold on the dark web.
Need help protecting your veterinary hospital from cyber crime?
Start by downloading our FREE ebook “5 Simple Steps to Protect Your Practice“. It give you 5 FREE or low cost solutions you can implement yourself to help bolster your cyber defenses.
Clint Latham