How to detect a hacker

A commonly heard statement on the topic of cybersecurity is “it’s not about if a cyberattack happens, but when it happens”. This is because every organisation that collects, processes, stores and transmits data is a potential target for cybercriminals. Healthcare organisations deal with valuable personal data, so it is not surprising that hackers try to obtain data from healthcare organisations.

What are hackers

Hackers, specifically those with bad intentions, exploit vulnerabilities on the internet or devices to gain access in order to spy on people, steal money or files, or to hijack a device to use for their own goals (Kaspersky, n.d.; Verlaan, 2018).

One of the methods hackers use are phishing attempts. Phishing / Spear phishing serves to persuade potential victims into divulging sensitive information such as login information, including usernames and passwords, and/or bank and credit card details. Spear phishing refers to targeted attacks against a specific person or organisation (ENISA, n.d.).

Another method is malicious software. Malicious software, or malware in short, is software that was created to purposefully damage hardware, steal data, or other harmful goals (Regan, 2019). These forms of software alter the original or intended purposes of the software programmes towards harmful ends.

How hackers work

Hackers usually try to gain access to systems or accounts by attempting to steal passwords. They often do this through exploiting security vulnerabilities of networks or websites. They then try to use the obtained account information to gain access to other websites and accounts. Sometimes hackers lure someone to a fake website (through phishing attempts) or they can physically see someone type their login information (Verlaan, 2018).

On the website “Have I Been Pwned” (Hunt, n.d.), people are able to check whether their login information has been obtained as the result of a data breach. This way, they can assess whether they and their accounts are at risk online. Visit and check it here: https://haveibeenpwned.com/.

How to tell whether a computer has been hacked

Kaspersky (n.d.) gives the following ways on how to check whether a computer has been hacked:

• Is there high outgoing network traffic?
• Is there increased disk activity or suspicious files?
• Are large number of packets from a single address being stopped by a personal firewall?
• Has the antivirus started to report on backdoors or trojans are detected, even with normal use of the computer?

For further information, see Kaspersky’s IT Encyclopedia for detecting hacker attacks: https://encyclopedia.kaspersky.com/knowledge/how-to-detect-a-hacker-attack/

Signs that a mobile device may have been hacked

Stokes (2019) gives six signs that may indicate that a smartphone has been hacked:

• Noticeable (and significant) decrease in battery life
• Sluggish performance
• High data usage (not explained by own use)
• Outgoing calls or texts (not explained by own use)
• Constant pop-ups
• Accounts linked to the device show unusual activity

Further information about how to address these issues is explained by Stokes in her blog on Techlicious: https://www.techlicious.com/tip/how-to-tell-if-your-phone-has-been-hacked/.

How to recognise phishing attempts

Some phishing attempts are easier to recognise than others. Phishing emails used to be obviously fake in the past, due to spelling errors and grammatical mistakes, but they have become more believable in recent years. According to Verlaan (2018), the following list can help indicate whether something is a phishing attempt:

• Is the email address of the sender correct?
• Is the language strange or incorrect?
• Does the message sound too good to be true? (you won a prize in a lottery you did not enter)
• Or, does the message try to scare you? (Your bank account is blocked!)
• Does the message contain and ask you to click on a hyperlink?
• Is the language overly formal and/or does it contain many spelling mistakes?
• Is the message sent outside of standard office hours?

On the website watchyourhack.com (EN) you can find more tips to prevent a hacker from being successful in his or her attempts.

How to prevent hackers from being successful

The following tips can help prevent a wide range of threats from becoming realised or these may help to diminish their impact (Business Matters, 2018; Health Informatics, 2019):

• Install updates and patches when they become available
• Use threat detection services
• Use a decoy, or honeypot
• Train all employees in necessary security elements
• Monitor traffic and security alerts
• Establish a security culture
• Use a password manager
• Protect mobile devices
• Use firewalls
• Make regular backups
• Control physical access
• Use and maintain antivirus software

What to do when a hacker was successful

Even if the most robust cybersecure (counter) measures are implemented, hackers may still be successful in their attempts to breach system databases. Hackers are experts in exploiting vulnerabilities and tricking people. There is no shame in being the victim of a hacker. The following list will be helpful after a hacker gained access to a network, device, or account:

• Reinstall the Operating System, such as Windows
• Revise settings on a device
• Revise network settings
• Upload a previously made backup
• Update account information
• Block access
• Unlink accounts to devices
• Contact IT services
• If applicable, report a data breach with the corresponding authorities

Resources such as Get Safe Online

Further reading

For further information on these topics, in addition to the referenced texts, these sites provide further means of support around hacking and related topics.

• ENISA Glossary: https://www.enisa.europa.eu/topics/csirts-in-europe/glossary
• Kaspersky IT Encyclopedia: https://encyclopedia.kaspersky.com/
• Verlaan: “Laat je niet hack maken” / “Watch your hack”: https://laatjeniethackmaken.nl/ / https://watchyourhack.com/
• Andreoni, Perego and Frumento (eds.) (2019). M_Health Current and Future Applications. Springer
• National cybersecurity campaign websites, such as Get Safe Online (UK), https://getsafeonline.org, and Alert Online (NL), https://www.alertonline.nl

Literature

Alert Online. (2019, August 18). Alert Online stimuleert cybersecurity in Nederland [Text/html]. Retrieved 19 August 2019, from Alert Online website: https://www.alertonline.nl

Business Matters. (2018, October 31). How companies can detect cyber attacks early to minimise damage. Retrieved 16 August 2019, from Business Matters website: https://www.bmmagazine.co.uk/in-business/advice/how-companies-can-detect-cyber-attacks-early-to-minimise-damage/

ENISA. (n.d.). Phishing/Spear phishing [Page]. Retrieved 16 August 2019, from Glossary – Phishing website: https://www.enisa.europa.eu/topics/csirts-in-europe/glossary/phishing-spear-phishing

Get Safe Online. (n.d.). Get Safe Online. Retrieved 19 August 2019, from getting Safe Online website: https://getsafeonline.org/

Health Informatics. (2019). Cybersecurity: How can it be improved in health care? Retrieved from https://healthinformatics.uic.edu/blog/cybersecurity-how-can-it-be-improved-in-health-care/

Hunt, T. (n.d.). Have I Been Pwned: Check if your email has been compromised in a data breach. Retrieved 19 August 2019, from https://haveibeenpwned.com/

Kaspersky. (n.d.). Hacker. Retrieved 16 August 2019, from IT Encyclopedia website: https://encyclopedia.kaspersky.com/glossary/hacker/

Regan, J. (2019, July 11). What is Malware? How Malware Works & How to Remove It. Retrieved 16 August 2019, from https://www.avg.com/en/signal/what-is-malware

Stokes, N. (2019, May 1). How to Tell if Your Phone Has Been Hacked. Retrieved 19 August 2019, from Techlicious website: https://www.techlicious.com/tip/how-to-tell-if-your-phone-has-been-hacked/

Verlaan, D. (2018). Watch Your Hack. Retrieved 19 August 2019, from Watch Your Hack website: https://watchyourhack.com