SPRINGFIELD, Ill. (WCIA) — The FBI Internet Crime Complaint Center received around 900,000 cyber attack reports last year, according to David Nanz, the Special Agent in Charge of the Springfield field office.

Monetary loss from those attacks reached $7 billion dollars, Nanz said, adding that half of the incidents were reported in the U.S., and Illinois ranks fifth in the nation for the most victims of cyber attacks.

That account is limited to the known, reported attacks on government entities, businesses and everyday citizens.

The data came out of a roundtable discussion at the FBI’s Springfield headquarters. Nanz was joined by cyber unit supervisory agent Regina Burris and Peoria-based IT company Pearl Technology president Dave Johnson. The two, sitting on either side of Nanz, are leaders at non-profit InfraGard, a nationwide network of tens of thousands of private sector members and FBI agents who have teamed up as cyber threat informants for the federal agency.

The private-public partnership strategy greatly expanded the pool of people with access to FBI intelligence, so reporters asked: How much access to private citizens’ personal information are InfraGard members entrusted with?

“We have zero access to that,” Johnson said. “It’s much more, ‘This ransomware that you’re fighting, Dave, we think this is coming from an advanced persistent threat out of China. This is the name of the organization. These are the indications that it is that group.’…”So it’s intelligence. It’s not private personal information.”

Applicants pass a limited FBI background check, according to Burris who said members are typically people who have worked in cybersecurity or in critical infrastructure fields, like healthcare, banking or data-related professions.

“The only safe computer is one that you’ve hit with a sledgehammer, unplugged it, and buried it in your backyard,” Johnson joked.

The industry hardest hit by hackers in the last year was health care, Johnson said.

The reason, according to the IT president, is that stolen medical records are worth a lot more than someone’s credit card information on the ‘dark web,’ or the more untraceable underbelly of the internet that is often used as a marketplace for illegal items, including personal information.

A stolen credit card is worth about $5 on the dark web, Johnson says. Whereas medical records could sell for up to $1,000 because they often include birthdays, addresses and social security numbers.

Hospitals are becoming increasingly vigilant, but the best protection remains to give out personal information only when it’s necessary.

“At some point time, we do have to give up our personal information, right, if you want to get a loan or open a checking account. But you know, always just be suspicious,” Burris said. “And challenge, if you don’t have to give up a social security number if they’re just collecting your date of birth because they want to send you, you know, a coupon on your birthday or something. Just be extra vigilant about who you share your personal information with.”

“I think everyone has been in a health care room and you’re asked to fill out the new patient form, and there’s a spot for social security number,” Nanz elaborated.

“There is never a reason to give your social security number to a medical facility or hospital, they should not have that even on their form. And what’s interesting, if you ask them, like why you need it, they’re never gonna be able to give you an answer.”

Medical facilities often use social security numbers as a means of internal patient tracking, which is not enough reason given the risk, Nanz said.

Cyber attacks can come from within the U.S., sometimes even created by teenagers operating out of a basement. But for the most part, Nanz said these bad actors are foreign, primarily from Russia, Iran, and the lion’s share of attacks are out of China.

The pandemic changed the cyber security landscape altogether, Johnson said.

Businesses moved employees home and there was a shift from one, more secure network at work to dozens, hundreds or thousands of home networks, each a potential target for a cyber attack.

There are a number of varied reasons behind the attacks and it’s not always about stealing money, Johnson said. They often want to gain access to your computer to use it for something illegal. That way the crime isn’t linked back to the criminal’s computer.

However, the money could be a bonus because the infiltrators could pick up your credit card information along the way.

The best at-home protections everyone can do are to keep up with computer software updates, use different and complex passwords, and opt-in on that multifactor authentification. Although they’re not everyone’s favorite addition to the cybersecurity world, Johnson said they protect against 90% of attacks when paired with strong passwords.