5 Signs That Your Healthcare Website is Being Hacked (And What to Do About It)
Data breaches and other cybersecurity incidents are becoming a major problem for healthcare.
HealthIT Security found that 78% of healthcare providers experienced a ransomware or malware attack in 2017. According to a recent survey from Ponemon Institute, 67% of CISOs believe that cybersecurity attacks will happen to their organization in 2018.
Hackers will do their best to cover their tracks, which can make it difficult to determine whether or not you’re being hacked.
But research from Imperva shows that only 17% will successfully hide what they’re doing, meaning that there will usually be signs that your site has come under attack.
With that in mind, here are a few important signs of a data breach happening to your website.
Sign #1: You Can’t Log Into Your Accounts
Hackers that want unhindered access to your website data may attempt to prevent you from logging in while they’re at work.
One of the first signs that this has happened is the inability to login, despite inputting the proper login credentials, or being notified that your password has changed (without you actually having changed it).
There are legitimate reasons why you might not be able to log in, of course, so it’s important to double check before panicking and follow best practices (see below) before assuming that you’re under attack.
But if you notice the issue happening more often than usual or you’re unable to login to other accounts in addition to your website, then it could be a sign that your website has been breached.
What to Do If You Suspect a Hack:
First, make sure that you entered your credentials correctly and that usernames and passwords are properly capitalized and caps lock is not on. Then check to see that passwords were not changed by someone within your organization (with permission).
Then, contact the site administrator or hosting provider to make sure that nothing has happened to the site that would have temporarily prevented you from logging in.
If the issue is still not resolved, contact your website host’s customer support and submit a ticket. Make sure that your firewalls are working and temporarily change your passwords to other accounts if necessary.
Sign #2: You’re Sending Spam Email (Unknowingly)
Sometimes hackers will access your website in order to gain email information from your patients.
Not all sites store patient emails online (it’s good practice not to), but if you’re using online forms or otherwise have email sign-ups on your website for things like newsletters or email notifications, it’s possible that your online database contains emails that are enticing to hackers.
If you notice that spam is coming from your account — patients, vendors or staff members alert you of spam or complain of strange emails coming from your email account — it could be a red flag.
Other signs might include emails being marked read that you haven’t read or other suspicious activity in your email account, like messages being deleted or appearing at random, or receiving a large number of bounceback or “undelivered” messages.
What to Do If You Suspect a Hack:
Spam emails often look legitimate, so they can be hard to spot. Make sure to double check your “sent” folder every so often to see that emails are being sent to recognized addresses and that you know who sent them.
If you suspect an attack, change your passwords immediately and contact your email provider as well as your website provider or hosting service to notify them of a suspected breach.
Then run your antivirus and malware software to ensure that nothing was downloaded on your computer from an email account.
Sign #3: You Find New Programs Installed On Your Computer
If hackers aren’t attempting to steal information directly from your website, they may try to monitor your system by installing spyware programs in order to access your Electronic Healthcare files.
Or they may simply be trying to shut down your system by installing programs that will cause your computers to slow down or otherwise malfunction.
The same is true if you notice new applications, plugins or files on your website’s administrative dashboard. If things are being installed without your knowledge, it could be a sign that someone or something is causing problems.
What to Do If You Suspect a Hack:
If you don’t recognize a program, don’t open it until you’ve verified that it’s a legitimate program and/or one installed by someone from your team.
Ask your IT person or other staff if they downloaded the software (and if so, why) and be sure to run your antivirus and malware scans and change all of your computer passwords.
Unfamiliar programs that request access to your WiFi or Internet network should be particularly concerning, so make sure your firewall and Internet software is up to date.
Sign #4: You’re Finding Issues With Your Antivirus Software
Normally, your computer’s firewall, antivirus and malware software (as well as your website’s antivirus software) are your first line of defense against cyber attacks.
But your security software may be vulnerable if it’s not kept up to date.
Some hackers will also create their own “security” programs that are downloaded by unsuspecting users who think it will protect their system, only to find that they’ve downloaded a virus or spy program instead (or installed a virus instead of a website plugin).
If your antivirus or firewall software is acting strangely, don’t wait to take action.
What to Do If You Suspect a Hack:
Delete and reinstall any suspicious security programs and make sure that all antivirus, firewall and malware programs are up to date.
If you suspect that your security programs are compromised, contact your website host and IT security leader to notify them of a breach. You can also reboot your system in Safe Mode to ensure that the Internet is temporarily disabled while the issue is being resolved.
Sign #5: Site Visitors Are Being Redirected Elsewhere
Normally, hackers will access your website as a means to an end, whether it’s to steal information from your database or get you to download their software onto your computer.
But some hackers will also seek to create chaos on your website, either trying to shut it down completely or preventing patients from accessing your site.
As an admin, you might not be aware that patients can’t access your site until someone complains, which may take some time if your site doesn’t receive a lot of traffic.
If you do notice that patients are being redirected away from your site, it’s a red flag that something’s wrong. Anything that sends them away from your site that you didn’t authorize is most likely the result of a hack.
In these situations, it’s common for an internet search for your site to result in error messages that warn the searcher that malware has been detected. This warning means that hackers have certainly uploaded some sort of malicious software to your system.
What to Do If You Suspect a Hack:
If you’re working with website developers, confirm with them that the issue isn’t the result of a website change.
Be sure to alert patients who may be accessing their patient portal via your website to the breach so they know to stay off the site temporarily. Remind them not to give out personal information to untrusted sites and to report suspicious behavior to your team.
Download our checklist to ensure your website is secure.
Final Thoughts
It may not always be possible to prevent an attack, but being able to recognize the signs is part of the battle.
If you notice any suspicious activity, be sure to report it to your website hosting provider and anyone else who works on your website, such as your IT team, your Electronic Healthcare providers, your office staff and your patients.
Be vigilant about potential hacks by keeping your security software up to date, monitoring any new installations of programs (either online or on your computer) and checking your email inbox for potential spam.
And don’t forget to update your passwords if you suspect a breach.