Information Systems for Health: Health Informatics in Low- and Middle-Income Countries Short Course for Health Information System Professionals Information Systems for Health: Privacy, Security, and Confidentiality Lecture B
Privacy, Security, and Confidentiality Learning Objectives Explain some of the common methods of attack Describe common types of malware Explain social engineering methods used by cybercriminals The objectives for this unit—Privacy, Security, and Confidentiality—are to: Define cybercrime and cybersecurity List common information technology, or IT, security and privacy concerns List the hardware components that are usually attacked by hackers Explain some of the common methods of attack
Cybercrime “Crime that involves a computer and a network. The computer may have been used in the commission of a crime, or it may be the target.” —Wikipedia, n.d. In this lecture we’ll define computer crime, or cybercrime, and its nemesis, computer security, also known as cybersecurity or IT security. We will identify common security and privacy threats and concerns, and describe which devices are commonly attacked by hackers. According to Wikipedia, “cybercrime is crime that involves a computer and a network. The computer may have been used in the commission of a crime, or it may be the target. “
Cybercrime Debarati Halder and Karuppannan Jaishankar (2011): “Offences that are committed against individuals or groups of individuals with a criminal motive to intentionally harm the reputation of the victim or cause physical or mental harm, or loss, to the victim directly or indirectly, using modern telecommunication networks such as Internet (Chat rooms, emails, notice boards and groups) and mobile phones (SMS/MMS).” —Wikipedia, n.d. According to Dr. Halder and Dr. Jaishankar, cybercrimes are: "Offences that are committed against individuals or groups of individuals with a criminal motive to intentionally harm the reputation of the victim or cause physical or mental harm, or loss, to the victim directly or indirectly, using modern telecommunication networks such as Internet - chat rooms, emails, notice boards, and groups - and mobile phones".
Cybersecurity “Computer security, also known as cybersecurity or IT security, is the protection of information systems from theft or damage to the hardware, the software, and to the information on them, as well as from disruption or misdirection of the services they provide.” —Wikipedia, n.d. Again, according to Wikipedia, “Computer security, also known as cybersecurity or IT security, is the protection of information systems from theft or damage to the hardware, the software, and to the information on them, as well as from disruption or misdirection of the services they provide.”
Cybersecurity Cybersecurity “includes controlling physical access to the hardware, as well as protecting against harm that may come via network access, data and code injection, and due to malpractice by operators, whether intentional, accidental, or due to them being tricked into deviating from secure procedures.” —Wikipedia, n.d. It goes on to clarify: “It includes controlling physical access to the hardware, as well as protecting against harm that may come via network access, data and code injection, and due to malpractice by operators, whether intentional, accidental, or due to them being tricked into deviating from secure procedures.”
Common Cybercrimes Compromised sensitive information Checking and credit card account numbers, etc. Corporate secrets may be stolen and sold to competitors Identity theft and impersonation Social security number, date of birth, etc. Blackmail Threat to disclose medical information, etc. So what are common cybercrimes and how do they hurt us? The potential for lost, stolen, or compromised data is a real concern. It could be personal data, such as checking and credit card account numbers, or corporate data, such as specifications for a new high tech product. Corporate secrets may be stolen and sold to competitors, putting a company out of business and causing the loss of jobs. When your name, social security number, and date of birth are compromised, it can lead to identity theft and impersonation. Usually this type of theft results in opening multiple credit lines in the victim’s name, with subsequent money withdrawal by a criminal. Another common consequence of personal data being compromised is blackmail: for example, a threat to disclose medical information unless certain actions are taken, such as paying large sums of money to the person who wrongly accessed the data.
Common Cybercrimes Loss of computer functionality Downtime for website or network Computer may become too slow or not functional at all Last, but not least, a compromised computer system may lose some or all of its functionality. Network security and data security breaches can cause business downtime. If a company such as Google, Amazon, or eBay, were not secure, think of the ramifications of a shutdown of their websites for part or all of a business day. Consider the financial repercussions for those businesses, their employees, and their customers.
Which devices are usually attacked? Routers Network traffic can be intercepted and viewed. Web servers If attacked successfully, the web server may lose its functionality. Sensitive information can be stolen. In considering security, it is important to ask: Which devices are usually attacked? Routers are particularly vulnerable, and routers are everywhere. Routers send traffic from private networks to the Internet and from the Internet to private networks. Individuals have routers in their home networks, most businesses use routers, and Internet service providers, or ISPs, use routers. If a hacker can successfully attack a router, all network traffic going through that router can be intercepted and viewed. Another device that is commonly attacked is the web server, which is a device that hosts websites. A website is made up of all of the web pages, images, and files that are stored on or can be downloaded from that site. If a hacker can successfully attack a web server, the server may lose some or all of its functionality and sensitive information can be stolen.
Which devices are usually attacked? Computers Confidential personal and corporate data can be stolen. A hacker may acquire total control of the computer and use it for illegal activity. Attacks are also made on computers, which, of course, store confidential personal and corporate data. As we already discussed, if a hacker can gain access to this type of information, they may use it for personal gain. Alternatively, through a successful attack, a hacker may acquire total control of the computer and use it for illegal activity, such as staging attacks on other computers.
Privacy, Security, and Confidentiality Summary Defined cybercrime and cybersecurity Listed common information technology security and privacy concerns Listed hardware components attacked by hackers This concludes Lecture B of Privacy, Security, and Confidentiality. In summary, this lecture Defined cybercrime and cybersecurity Listed common IT security and privacy concerns And listed hardware components that are usually attacked by hackers
Privacy, Security, and Confidentiality References Wikipedia. (n.d.). Cybercrime. Retrieved from https://en.wikipedia.org/wiki/Cybercrime References slide. No audio.
This material was developed by Oregon Health & Science University, funded by the Department of Health and Human Services, Office of the National Coordinator for Health Information Technology under Award Number 90WT0001. This presentation was produced with the support of the United States Agency for International Development (USAID) under the terms of MEASURE Evaluation cooperative agreement AID-OAA-L-14-00004. MEASURE Evaluation is implemented by the Carolina Population Center, University of North Carolina at Chapel Hill in partnership with ICF International; John Snow, Inc.; Management Sciences for Health; Palladium; and Tulane University. Views expressed are not necessarily those of USAID or the United States government. www.measureevaluation.org No audio.