The best (and worst) password strategies for healthcare.

Tod Ferran, CISSP, QSA
By: Tod Ferran
Passwords. It’s strange that such a teeny line of text is sometimes the only thing that stands between a hacker and a boatload of valuable PHI.

Watch this video to learn how to create secure and HIPAA worthy passwords.



SEE ALSO: Vendor-Supplied Default Passwords Are a Serious Threat.

Remember, random but non-complex passwords are easily broken by hackers utilizing simplistic password cracking software.


Here are some tips for strong (and HIPAA compliant) passwords

  • 8 characters (at least
  • Uppercase letters
  • Lowercase letters
  • Numbers
  • Special characters
Let’s see what you’ve learned with a password quiz! Decide if the following passwords deserve a security high five, or a hackable thumbs down.

Password Quiz!

  1. nurse
  2. Dr77we$t
  3. PaSsWoRd
  4. @sTer955!
  5. drmichellewalkeroffice123
  6. frontdesk1
  7. Utn*9f1U

Let’s see how you did.

2, 4, and 7 all have special characters, numbers, and uppercase letters. Woot! The rest, even if they look secure, probably won’t guard your PHI very well.

Here is a link to the Kaspersky Labs Password Checker where you can test different passwords to see just how strong they really are. (Please don’t enter your real password! Even though we might trust Kaspersky, there are bad guys between them and us!)

SEE ALSO: How to Do Passwords Right: Password Management Best Practices

Speaking of horrible passwords…


Don't use group passwords

Group passwords are not cool.

As per HIPAA regulations, each nurse, doctor, office manager, surgeon, staff member, janitor, etc. should have his or her own password. That’s right guys, no more group or department passwords.

Have a HIPAA security question? Leave a comment and you may see your question answered on the next HIPAA Snippets video.


Tod Ferran (CISSP, QSA) is a Mensa aficionado, Cancun expert, and Security Analyst for SecurityMetrics with over 25 years of IT security experience. In addition to his many speaking engagements and webinars, he provides security consulting, risk analysis assistance, risk management plan support, and performs security, HIPAA, and PCI compliance audits. Connect with him for recommendations on excellent places to stay, activities, and restaurants in Cancun, or check out his other blog posts here.

1 comment: