The best (and worst) password strategies for healthcare.
By Tod Ferran, CISSP, QSA
Passwords. It’s strange that such a teeny line of text is sometimes the only thing that stands between a hacker and a boatload of valuable PHI.
Watch this video to learn how to create secure and HIPAA worthy passwords.
SEE ALSO: Vendor-Supplied Default Passwords Are a Serious Threat.
Remember, random but non-complex passwords are easily broken by hackers utilizing simplistic password cracking software.
Here are some tips for strong (and HIPAA compliant) passwords![]()
•8 characters (at least)
•Uppercase letters
•Lowercase letters
•Numbers
•Special characters
Let’s see what you’ve learned with a password quiz! Decide if the following passwords deserve a security high five, or a hackable thumbs down.
Password Quiz!
1.nurse2.Dr77we$t
3.PaSsWoRd
4.@sTer955!
5.drmichellewalkeroffice123
6.frontdesk1
7.Utn*9f1U
Let’s see how you did.
2, 4, and 7 all have special characters, numbers, and uppercase letters. Woot! The rest, even if they look secure, probably won’t guard your PHI very well.
Here is alink to the Kaspersky Labs Password Checker where you can test different passwords to see just how strong they really are. (Please don’t enter your real password! Even though we might trust Kaspersky, there are bad guys between them and us!)
Speaking of horrible passwords…
Group passwords are not cool.
As per HIPAA regulations, each nurse, doctor, office manager, surgeon, staff member, janitor, etc. should have his or her own password. That’s right guys, no more group or department passwords.Have a HIPAA security question? Leave a comment and you may see your question answered on the next HIPAA Snippets video.
Tod Ferran (CISSP, QSA) is a Security Analyst for SecurityMetrics with 25 years of IT security experience. He provides security consulting, risk analysis assistance, risk management plan support, and performs HIPAA and PCI compliance audits.