by Larry Stofko

How are the Deep Web and Dark Web affecting healthcare today?

Sep 27, 2017

Healthcare CIOs and leaders must be proactive and aware of the potential danger the Deep Web and Dark Web present.

isolation threat dark web
Credit: Thinkstock

Did you know that only 4% of the Internet is visible to the general public? Yes,  the Clear Web is where we do daily things like check email, Facebook, and Twitter and buy things from Amazon, etc. These are all the web sites and web pages that a search engine like Google can find. The other 96% is made up of the Deep Web, a subset of the Internet that cannot be found by search engines like Google. This includes all web pages that are behind membership logins, all company and organization web pages used internally and other data like medical records, financial records, and academic databases.

Most of the Deep Web does not have anything unlawful on it. However, if you go deeper to the Dark Web, you will find items of an illegal nature, perhaps like what you would find on the black market.

If one can imagine, with healthcare as tangled as it is, there may be those who are willing to take the risk and go to the dark side, and there are surely those unscrupulous types standing by ready to capitalize on the vulnerable and desperate who turn to the strange and unconventional as cures and solutions to their ailments.

According to Dark Web News, the Dark Web or Dark Net is a subset of the Deep Web where sites exist that sell hacking software, counterfeit money, and illegal prescriptions, including opioids, cannabis, and more. The Dark Web is accessible only by using special software like Tor (The Onion Router), or I2P (Invisible Internet Project).

Technology and the Internet have helped healthcare immensely, and it stands to do much more in the coming years. However, CIOs must be proactive and aware of the potential danger the Deep Web and Dark Web can present in healthcare in terms of security and safety.

What can CIOs do to protect private data within the Deep Web?

In healthcare, as in the financial sector, privacy is crucial, especially when it comes to protecting patient data stored within the Deep Web. This is where your cybersecurity professionals are invaluable, especially if they are up on the latest scanning tools and techniques available, which are essential to ensuring data protection. Their implementation of integrated security programs, including simulators of external cyber attackers that can expose high risk must be unremitting.

What can be done to protect patients from the Dark Web?

For healthcare, I think that education programs that promote the access and availability of affordable care treatments in the mainstream market could help deter people from going to the Dark Web. Also, publicly available information on the dangers and legal ramifications of buying and selling on the sinister Dark Web (as opposed to the tactical Dark Web used for U.S. military and government) would be helpful.

As we’ve read in the news, healthcare providers have had medical records stolen, only to end up on the Dark Web. One hacker claims to have obtained more than 10 million health records that were up for sale to the highest bidder.

We must be vigilant in protecting our organizations from cybercriminals who are ready and waiting to exploit healthcare organizations, especially vulnerable networks that are perfect targets for installing undetectable malware. The National Health Information Sharing and Analysis Center (NH-ISAC) states, “As the nation’s healthcare community continues to expand the integration of technology to support healthcare innovation, service delivery and HITECH Act implementation, unprecedented cybersecurity and privacy challenges continue to increase at a rapid pace.”

NH-ISAC concludes that “moving from a ‘REACTIVE’ to a ‘PROACTIVE’ security stance requires trusted national critical infrastructure (sector and cross-sector) public and private security situational awareness intelligence and nationwide information sharing.”