The problem is, that while this is the door, the gateway to the internet, it is a two way door. Much like the door on your office or building, if it is not properly secured anyone can walk in. What makes this such an issue is the Internet Service Providers (ISP) that generally setup the router / gateway for your organization. Larger organizations may or may not take care of this themselves, but small and medium organizations rely on the ISP to do the install and setup.
Here comes the major problem!!
The ISP will generally leave the default username and password for the router / gateway. This means that anyone that gets on your network can simply connect to the router and use the commonly known list of default usernames and passwords to quickly access your router and change the settings to allow them to access your network from anywhere and steal data.
How to fix this
You have two options to correct this.
- Most ISP’s have instructions on how to access and change the router’s username and password. You can login and change it yourself.
- If you are unsure, contact the ISP and they can walk you through the process.
This is a critical issue that is extremely prevalent in many organizations, not just healthcare.