Hospitals have discovered that digital technology is a double-edged sword for their businesses. IT has made it a lot easier for them to streamline the delivery of services, lower operating costs and improve relationships with other healthcare partners.
Unfortunately, digital technology has also created a number of other risks. Data breaches are a common problem for healthcare companies. In 2019, over 41 million patient records were exposed.
A lot of these problems could be solved by ensuring that passwords were managed properly. Proper password management is a facet of security that healthcare organizations can’t possibly overlook.
Password Management Security Practices for Healthcare
Whether you’re using a password manager for your healthcare business or personal credentials, you want to be sure you’re getting the most value for your money. Password managers come in different varieties, each with its own unique features and integration capabilities. However, all password managers serve the same function: to generate, store, and manage secure passwords. Healthcare companies must be aware of these benefits.
Passwords are any healthcare organization’s most important asset in the fight against data breaches. Millions of passwords are breached every year, causing billions of dollars in personal and corporate damages and legal fees. These costs can be a lot worse for healthcare companies, because they have to deal with HIPAA violation issues.
Don’t let your hospital or medical practice become a victim of a cyber-attack. Ask these five questions about your business password management system to ensure you’re getting the right protection.
1. Are My Employees Using It?
Even if you have the best business password management solution on the market, it means pretty much nothing if no one uses it. Are you certain that employees are using the software you’re paying for? Who do you give access to?
Unfortunately, many healthcare workers aren’t the most technically astute people. Healthcare businesses need to pay close attention to their employees when it comes to cybersecurity. One bad or mismanaged password can spell disaster for an entire network, putting everyone’s security and even their jobs at risk. It can also threaten the health of patients that might have their medical records altered or exposed. It’s that serious!
If the technology is new to your employees, make time to properly train them on how to use it. The time you invest now will be worth triple when it comes to future cybersecurity. It’s always better to have a well-informed, well-trained workforce than an ignorant one—especially when it comes to cybersecurity.
2. Does It Notify Me About Outdated Passwords and Other Problems?
Password managers are excellent for storing passwords, but one of their most underrated functions is the ability to send push notifications when passwords are recycled or outdated. This can be an important tool when you’re creating company passwords, as older passwords and recycled passwords are easier to crack. Does your password manager send you notifications when things need to be updated? If not, it’s time to find a new one.
No healthcare IT manager can possibly keep track of every single password on the company network without some help. Keeping a spreadsheet or even a sticky note is the worst way to store passwords. Plus, you’ll never know which ones are outdated, and recycled ones may get lost in the huge list of passwords you’ve put together.
The bottom line? Your password manager should be sending your notifications to let you know when passwords and credentials need to be updated. It’s pretty much a standard feature nowadays!
3. Am I Getting Value Out Of It?
Have you noticed a decrease in suspicious cyber activity on your network? Have you successfully avoided cyber-attacks for the last year since you got your password manager? It’s important to measure the value that your password management system brings to the business. If you feel like you’re paying for something that doesn’t provide you with the protection you need, you’re wasting money.
Of course, every business will measure the value of their software differently. The bottom line is that you should feel like you’re getting at least what you’re paying for. Most password managers aren’t expensive, and even premium plans only cost a few extra dollars per month. Some are even totally free. Even so, it should still be a valuable asset to the company.
4. Am I Using the Password Generator Feature?
Bad passwords are the bane of any organization. Whether your employees are using commonly-used or obvious passwords, or recycling passwords across different apps/accounts, bad password habits can ruin a business. That’s why password managers usually come with a password generator feature; and you should be using it.
If you leave password generation up to the average person, they’ll likely pick something that’s easy to remember. How many of your passwords contain a birthday, address, or name that’s meaningful to you? You picked it so that you can remember it, but that doesn’t mean it’s a good password.
Passwords should never have anything in them that links the password to a company or individual. With password generators, you can easily generate a complex, secure password with the click of a button. Anyone can use it, making it one of the simplest and yet effective tools you have access to.
Be sure to teach your employees good password habits, too. Without their efforts, even the best software is useless.
5. Is It Secure?
Are your passwords secure? Are you writing them down, storing them in a spreadsheet, or using a browser password manager? If so, the answer is no. Passwords should never be stored in spreadsheets or written down on a piece of paper. Paper gets lost, trashed, or smudged, and spreadsheets can be easily hacked and stolen. The same goes for Word documents, Google Docs, and any other word processor document. Don’t use them!
Your password management system needs to be as secure as possible, which is why it’s a good idea to try out a proprietary password manager like Keeper or LastPass. Everything is stored within a web app, which requires a master password to access. You can also set up multi-factor authentication for further security.
It’s A Serious Matter for Healthcare Companies
IT security is critical for healthcare companies. They are required to live up to HIPAA guidelines, which means that they must make password management a priority.
Your password storage is no joke. The way you store passwords can literally mean the difference between security and disaster at your business. Use a proprietary password manager, teach your employees better password practices, and remember to ask the right questions about your cybersecurity efforts. The livelihood of the healthcare providers under your purview and your patients depend on it.