How to Inoculate Your Passwords to Protect Patients
Think about the last time you changed your password to access something online, whether it was your Netflix account or your online banking.
Was it last month, over the past year or even longer than that? If you’re dwelling on the answer, chances are it has been too long.
Now consider your own hospital or healthcare facility and ask yourself the same question. How many steps and solid passwords stand between confidential patient information and a hacker? The fact is that when it comes to cybersecurity, the modern-day risks are simply too high for healthcare organizations not to do everything in their power to secure their health IT environment. Because nowadays, unfortunately, it’s not so much a matter of if a hospital or healthcare facility will come under threat, but when.
In 2018, the healthcare sector saw 15 million patient records compromised, totaling three times the amount seen in 2017, according to the Protenus Breach Barometer. And now, just over halfway through 2019, those numbers have exploded with more than 25 million patient records potentially breached.
In addition, the problem with passwords originates from the user. Many people rotate the same 4 to 5 passwords, meaning if one account is hacked they are susceptible to having their other accounts hacked. The most obvious passwords, such as “password” or “1234” are another reason many hackers are able to get into people’s accounts. Generic passwords are your enemy! Just because you have created a password does not mean you are secure. You might as well invite any hackers to access your accounts!
One way to lessen attacks at your facility is to bring more education or social awareness about not only the severity of attacks, but to implement best practices for password protection. Patient security is just as important as patient health. It should be treated in the same vein as one would immunize, vaccinate, or inoculate their patients, protecting them against the viruses of cybercriminals.
As a result of the increase of cybersecurity attacks in healthcare, facilities and hospitals across the industry are turning toward multi-factor authentication (MFA), a process which relies on several factors to prove one’s identity. For example, a common two-factor authentication combination would be a username and password from the user, as well as a code generated by the user’s smartphone. However, many solutions now also rely on biometric tools, which sense unique physical characteristics like fingerprint or retina scanners.
Security specialists across the industry believe that as data breaches persist, implementing MFA measures could close gaps in a hospital’s security to help prevent breaches, threats to patient safety, and the risk of harming the hospital’s reputation.
In fact, according to the Annual Report to Congress on the Federal Information Security Management Act, up to 65 percent of cybersecurity incidents could have been prevented with strong MFA.
How Secure Is Your Password?
As cybercriminals become smarter, so too must the healthcare industry. Passwords alone aren’t secure enough anymore, which is why hospitals and healthcare organizations owe it to their patients to do more to protect their privacy and ensure their safety.
In addition to working with healthcare IT security specialists and your EHR provider, healthcare organizations must also do the following:
- Optimize password construction for all employees
- Avoid password reuse
- Implement MFA tools to reduce the risk of cybersecurity threats and hackers
- Randomize passwords across all logins
In a recent article, a former hacker-turned-security-advocate, Kyle Milliken, offered this advice: “It only takes one employee to reuse the same password to have potential access to hack everything that you’re looking for.”
“The reuse of login credentials in my opinion is the greatest security flaw that we have today,” Milliken noted. “When I was hacking I had my own personal collection of databases that I could easily search for a company’s email and parse all of the data.”
To learn how MEDHOST can enhance the security of your hospital or healthcare organization, email us at firstname.lastname@example.org or call 1.800.383.6278 to speak with one of our specialists.