My Password is Password! The Importance of Data Security in Healthcare
In today’s age of “Cybersecurity”, “Cyber-Attacks”, and “Cyber INSERT ANY WORD HERE”, many companies find themselves struggling to keep up with the cutting edge techniques used to safeguard breaches. Malware, spyware, adware, rootkits, and the list goes on and on. Your IT staff has been tasked with the impossible task of staying ahead of the “bad guys” by preventing attacks from every angle. Countless hours researching techniques and discovering new ways that the hackers might get in. However, the most dangerous person to your company’s valuable information might just be sitting in front of your computer screen right now! Simply put, the importance of healthcare data security standards is to ensure the safety and security of patient information including electronic health records.
Privacy and Security Standards in Healthcare
It is estimated that 75-80% of the 40+ million cyber-attacks in 2014 involved weak passwords, with the average “cyber” incident costing $720,000, most companies just can’t afford a loss of that magnitude. In the medical industry the costs can grow exponentially with patient privacy at risk. As we saw with the Target in 2013, just one data breach can throw a $145 million wrench in the cogs. By ensuring that employees have a strong password, a company can all but eliminate the 75-80% of cyber-attacks that prey on weak passwords and I’ll prove it!
In 2014, the top two passwords were 123456 and password, which would be determined within the first second of a brute force attack. Below, I’ll give you some sample passwords, and the maximum amount of time that it would take to figure it out with today’s technology.
dog – .000004394 seconds
sparky – Instantly (Top 100 most used passwords)
barks - Instantly (Top 10,000 most used passwords)
There are three passwords above that are highly logical for a person that has a dog named Sparky who barks. If you were to put them together while adding a number and special character, the time required to crack the password changes drastically:
Myd0gSp@rkyBarKs – 12 trillion years
Healthcare Data Security Standards
At ImagineSoftware, we have a password policy that requires 14 characters with an uppercase, lowercase, special character, and number to be changed every 30 days.
With just a little bit of consideration about your password, YOU can be your company’s most valuable asset in the fight against cyber-attacks. With the medical industry constantly having to be diligent with HIPPA standards, this is a no-brainer. So next time you change your password, make sure to remember that you could be the deciding factor on whether your data is breached or remains safe, as well as that of your patients.
As a tip: Choose a password that is reasonably long and is not made up of simple words. Do not use things that are obvious such as your name, children or pets names and stay away from easily found dates like birthdays and anniversaries. Make sure to mix it up and use symbols, punctuation and numbers to help. Above all else, don't write it down where it can be found, and don't give it out. YOU are the first and biggest line of defense!