Cybersecurity Awareness: Password Management

Share on facebook
Share on twitter
Share on pinterest

The U.S. Department of Health and Human Services (HHS) Office for Civil Rights has made October the National Cybersecurity Awareness Month (NCSAM).  Why? Healthcare companies are falling prey to hackers, resulting in huge privacy breaches, and the problem is only getting worse. Therefore, HHS wants healthcare organizations to go back to the basics of privacy and security. It’s more critical now than ever for you, as a covered entity or business associate, to secure your electronic protected health information (ePHI). The easiest security step you can take is to put a good password management system in place.

What is Password Management?

Passwords are the keys to the kingdom. They allow users to log in to your information systems. When passwords are managed well, only authorized users can log in. If you want a strong password management system, you need to follow rules that help you create strong passwords and set up automatic password management events. Here are some tips:

  1. Password defaults. Have users change the default passwords that allow them to initially log in to a system.
  2. Password makeup. Use at least 10 characters with a combination of uppercase and lowercase letters, numbers, and symbols (ex. $, !, or &). You can use passphrases (ex. I love to golf on Saturdays and Sundays) or reduce the passphrase to a password (ex. Iltg0sas). However, passphrases are more secure because they’re harder to crack than passwords.
  3. Password protection. You should never write passwords on sticky notes, leave them by the computer, or share them with others. Commit your password to memory or use a password vault.
  4. Password expiration. Users shouldn’t have the same password forever. Set dates for passwords to expire and for users to create a new password (ex. Every 180 days or once a year).
  5. Password history. Users shouldn’t be able to reuse the same password when prompted to create a new one. Set how many times users must create a different password before they can reuse one.

Making passwords feels like a nuisance sometimes. However, password management is the first step towards securing your ePHI, so don’t skip this step! To make security easier, HIPAAtrek software sends automatic reminders to your entire team about login monitoring, password management, and malicious software. Learn more about how HIPAAtrek can help you simplify your HIPAA compliance program.

Please share to your communities

Request A HIPAAtrek Demo

Compliance is complicated. Your compliance software doesn’t have to be. Schedule your demo today!
Learn about Hipaa

Join the HIPAA Huddle

The HIPAA Huddle is a monthly meeting for compliance officers and others with HIPAA oversight responsibility to meet LIVE in a collaborative  environment to work through a single issue or discuss best practices.