In a technology-driven world, safeguarding healthcare data is a responsibility shared by businesses and individuals alike.
Now, I get it, cybersecurity can be a total conversation killer. In this article, we’ll dive into practical steps you can take today to secure your personal healthcare data through strong authentication practices.
Crafting Unbreakable Passwords
In healthcare data security, whether as an employee or a patient, strong passwords are your first layer of protection. The good news? Guidance from the National Institute of Standards and Technology (NIST) changed recently, emphasizing the use of long, memorable passwords over short, complex ones.
For example, a password like Sull!vanCty1 (12 characters) is less secure than a much longer password like i-love-sullivan-county-spring-time (over 30 characters). In fact, the 30-character password would take 58 billion times longer to crack than the 12-character password.
Looking for inspiration? Try using a favorite song or album title. The Tortured Poets Department by Taylor Swift could serve as the foundation for a long, memorable password.
Want to test yours? Visit security.org/how-secure-is-my-password/ to see how strong your primary passwords are.
How Successful Are Dictionary Attacks on Passwords?
Dictionary attacks are highly effective against weak passwords, especially those based on common words, phrases, or predictable substitutions. However, long, random, and unique passwords, especially those using passphrases or stored in a password manager, can render dictionary attacks ineffective.
More Examples of Secure Passwords
Passphrase-Based (Recommended)
- CorrectHorseBatteryStaple (Easy to remember, hard to guess)
- VelvetSkyRainsGolden (Random words, no predictable pattern)
- Coffee$Runs@Midnight23 (Mix of words with some symbols and numbers)
Long, Random, and Unique Passwords
- Gp7#Xj4lR8zF!mNv (Randomly generated, highly secure)
- Jungle-Pencil-Truck-82 (Random words with separators)
- mellow.green.clock.$47 (Random words, spaces, special characters)
What to AvoiD – Short or Predictable Passwords
- P@ssw0rd123 (Easily cracked)
- Qwerty!2024 (Common pattern)
- 12345Abcd (Too simple)
The Myth of Frequent Password Changes
Here’s some more good news: the revised NIST guidelines discourage unnecessary password changes. Unless there’s evidence of a compromise, you don’t need to change a strong, unique password regularly.
However, with security breaches occurring frequently, it’s good practice to change your password if a service you use has been compromised. And if you’ve reused that password elsewhere, change it everywhere—bad actors often attempt password stuffing attacks, where stolen credentials are used to gain access to other accounts.
A password manager like 1Password or Bitwarden can help. These tools generate and store complex passwords securely, making updates easy. Multi-factor authentication (MFA) is a must for your password manager and any account storing sensitive information, like your phone or browser.
The Benefits of Multi-Factor Authentication (MFA)
NIST strongly recommends pairing passwords with multi-factor authentication (MFA) rather than relying on passwords alone. MFA is the requirement for two or more means of authentication:
- Something you know (your password)
- Something you have (a phone or security key)
- Something you are (fingerprint or facial recognition)
By requiring at least two of these factors, MFA makes it exponentially harder for hackers to gain access. As a best practice, MFA should be enabled anywhere you store sensitive data, including:
- Healthcare accounts and patient portals
- Banking and financial platforms
- Social media accounts
- Business accounts and email
- AI accounts if you’re analyzing sensitive data
Overcoming MFA Challenges
Let’s be honest—MFA can feel like a hassle. But with the right mindset, it’s more of a speed bump than a roadblock.
Think of it this way: typing a password and entering a code is like unlocking your front door and then disarming your alarm system. Is it inconvenient? Maybe. But does it protect your home? Absolutely. Would a jeweler leave their store without an alarm set? Probably not.
Proactive Strategies for Data Safety
Being proactive about data security is like maintaining a healthy lifestyle, it’s all about good habits and consistency.
Avoiding Password Reuse
Remember password stuffing attacks? Cybercriminals take stolen usernames and passwords and try them elsewhere. The easiest way to defend against this? Never reuse passwords to your sensitive data.
Of course, remembering unique passwords for every account is impossible—unless you use a password manager like 1Password or Bitwarden. These tools create and store strong, unique passwords for each of your accounts, keeping your data safe in an encrypted vault.
If you must remember multiple passwords, try a passphrase system:
- ilovesullivancountyinthespring → Healthcare login
- ilovesullivancountyatthebank → Banking password
- ilovesullivancountyinthespringnotreadingemail → Email password
If your bank or email still requires complexity, just add a simple number at the end.
Educating Your Team
A chain is only as strong as its weakest link, and in cybersecurity, human error is often that weak link. Here’s how to strengthen your team:
- Host regular training sessions. Make them engaging, try a “Spot the Phishing Email” contest or a “Password Strength Challenge.”
- Use professional training resources. Online courses are great, but in-person training sessions by Salt Peak often command more attention and engagement.
- Foster a security-aware culture. Encourage employees to report suspicious activity without fear of reprimand. Lead by example—when leadership takes security seriously, the rest of the team follows.
About Salt Peak
Salt Peak makes technology simple for service-based businesses like law firms and private medical practices. We help streamline operations, optimize costs, and connect businesses with the right experts. Our business-first approach focuses on security and cost optimization—without the complexity.
Learn more at saltpeak.net.
Leave a Reply