The words “dark web” have been thrown around a lot lately, and you’re probably wondering - is it even real? As a healthcare executive, what do you need to know to protect your organization.

In fact, the dark web is a very real marketplace for illicit goods. It runs on websites that don’t show up in search engine results, and that typically end in dot onion. Designed to allow you to search for nefarious items and information, these sites are difficult to track.

Perhaps the most dangerous “goods” for you as a healthcare provider to lose to the dark web, are passwords, account information, and breached data.

We’ve run hundreds of dark web scans for different organizations throughout the years, and they are often shocked by the number of account credentials we find for sale on the dark web.

Here’s how it works:

Through various methods, a hacker or group of hackers breaks into a data source and looks for anything you have worth selling. This includes user social security numbers, demographic information, etc. The hackers package up this information and give the dark web users a “sneak peek” at what they got. Once a buyer shows interest in purchasing the goods, the hackers will exchange your data for money.

An alternative to this, and something we’ve seen happen all too often in companies that don’t work with us, is that these cybercriminals will get ahold of usernames and passwords for employee accounts.

Some of these passwords are thrown onto the dark web free for anyone to use, while others are linked to a company and sold for a profit.

How do you know your password isn’t for sale on the dark web right now?

We have a tool that shows us based on a domain every user account that’s been compromised within an organization.

After we run the scan, the first question we often receive is “How do I get my information OUT of there?”

Once your data is on the dark web, it’s nearly impossible to get it out, and you’ll only waste time and resources trying.

Here’s what you should do:

1. Change your password immediately.

Always change the password on compromised accounts. You’ll often want to change the username too, so that it no longer matches the account listed on the dark web.

Your best bet to keep your information OUT of the dark web, is to make sure you and your employees are changing their passwords on a regular basis.

2. Set up multi-factor authentication.

This comes in many forms, but the goal is to have a second step as you’re logging in that will make it exponentially more difficult for a criminal to hack your account. You may put in your phone number so you can receive a code via text, or you may have an application that gets buzzed and requires you to click “approve.” Some situations may require a physical token that you must be carrying in order to be granted access.

Multi-factor authentication doesn’t have to be expensive. Healthcare providers should all have this is place, whether you’re a large hospital or a very small clinic. There is no such thing as “too much” security, and it’s always better to prevent a breach than to try and clean up after one.

3. Train your users.

Again, if you aren’t doing this already, it’s time to start. Training your staff is one of the least expensive and most effective ways to prevent cybercrime from crippling your organization.

Educate your users not to open attachments received from external emails. UPS and FedEx do NOT send PDFs with tracking numbers, so don’t open the document if you receive one.

Hover over links before you click on them to see where they’re really taking you. If the name of the apparent sender is misspelled, or the link is just a jumbled mix of letters and numbers, it’s likely a virus.

Remember that once a staff member clicks on a virus link in an email, all your expensive security could have just been bypassed and the hackers are now in your system.

You can install all kinds of alarms and cameras to keep people from breaking into your house, but all that means nothing once you hand them the keys.

Security breaches can be devastating, especially in healthcare. If you aren’t one of our clients already, you may not have adequate security protections in place.

The most important next step:

For a limited time, we are offering a FREE scan of the dark web exclusively to healthcare executives.

At worst, we’ll find several accounts that have been compromised, and you’ll be a hero for addressing them in time.

At best, you’ll gain peace of mind knowing that your information is safe and protected.

Only for healthcare executives: sign up for your free dark web scan here.