Recommended reading

Millions of patients possibly at risk due to poor passwords at healthcare orgs - here's how to stay safe

News
By published

Cyber-hygiene in healthcare is poor, researchers are saying

A person in a medical practice typing on a laptop.
(Image credit: Pixabay)
  • NordPass and NordStellar reviewed terabytes of data
  • The analysis uncovered poor password practices in the healthcare industry
  • Organizations are lacking staff training and strong policies

Hygiene in hospitals and clinics is essential, but cyber-hygiene - despite being equally important - is constantly being neglected, experts have warned.

A report from NordPass and NordStellar has claimed weak password practices are “dangerously common” in the healthcare industry.

Based on a review of 2.5TB of data extracted from various publicly available sources (including the dark web), the two organizations found that different medical institutions, including private clinics and hospital networks, all rely on “predictable, recycled, or default passwords” to protect critical systems. As a result, sensitive patient data, and possibly their health, is placed at immense risk.

Carelessness

“When the systems protecting patient data are guarded by passwords like ‘123456’ or ‘P@ssw0rd,’ that’s a critical failure in cybersecurity hygiene. In a sector where both privacy and uptime are vital, this kind of carelessness can have real consequences,” said Karolis Arbaciauskas, head of business product at NordPass.

The report also lists the most frequently used passwords identified in the healthcare sector. If you’re using any of these (or a variant), make sure to change them for something tougher to crack:

  • fabrizio19
  • 123456
  • Melu3@12345
  • @Vow2017
  • Mercury9.Venus8
  • password
  • Marty1508!
  • Carlton@1988
  • 12345678
  • @Vowcomm2018
  • papa
  • 12345
  • Durson@123
  • P@ssw0rd
  • Simetrica
  • Raffin2209!
  • Asspain28#
  • Smith
  • neuro
  • default

Policies and training

The teams warn passwords that reflect personal names, simple number patterns, or default configurations, are all prime targets for brute-force and dictionary attacks, in which cybercriminals automate the process, and try out countless combinations until they break in.

To make matters even worse - one break-in is more than enough to wreak havoc, as lateral movement can compromise entire networks, expose sensitive data, and result in different malware and ransomware infections.

The report stresses that healthcare institutions “lack clear password management policies or staff training,” which is why they are recommended to enforce strong password policies, eliminate the use of default or role-specific passwords, use a business-grade password manager, train the staff, and introduce 2FA wherever possible.

You might also like

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.