HIPAA TIP: Passwords

I’d like this to sound like a broken record if it weren’t true:

A recent study showed that 20% of passwords are compromised and 51% of passwords are reused. These statistics shed light on some dangerous cybersecurity issues. Password reuse exposes multiple accounts in case of a breach and makes and organization vulnerable to common hacker tactics.

Adding an additional number or letter to an existing password does NOT constitute a new or additional compliant password.

Other password “facts” to know:

  • Simple passwords are effortless for attackers to crack.
  • Per cybersecurity experts a 7-character password can be cracked in a matter of seconds, versus a 12 or 15 complex character password.
  • Uniqueness with passwords, i.e., passphrases, can increase security effectiveness for accounts.
  • Software systems and applications containing sensitive data or ePHI need to have an account lockout enabled – user is locked out of the account after 3-4 failed login attempts. If this is not in place a hacker can brute force their way into a system by trial and error, over and over and over again.
  • Educate staff to always question emails asking a user to sign into an account containing ePHI or sensitive data, i.e., “time to reset your password for the EMR right away, or you will get locked out of the system in 5 minutes.” “Time to update your payment details.”

Stay ever vigilant both at home with personal data and with business devices and information.

HIPAA compliance isn’t a one-time checklist. It’s ongoing, programmatic in nature, and requires demonstrated reasonable diligence to stay in good standing with the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR). Anatomy IT can provide you peace of mind with our expert HIPAA compliance services. To learn more, contact us here.