Mastering the Basics: Password Security FAQ’s

By Art Gross, President and CEO, HIPAA Secure Now!
LinkedIn: Art Gross
X: @HIPAASecureNow
Read other articles by this author

Remember our call to action for a Password Audit in our Healthcare Cybersecurity Resolutions blog a few weeks back? As this month draws to a close, now is the perfect time to tick off this achievable and cost-free goal. Dive into this week’s blog for an in-depth guide on crafting and sustaining robust passwords that fortify your healthcare organization!

Q: Why are passwords crucial in healthcare cybersecurity?

A: Passwords are the primary defense against unauthorized access to electronic protected health information (ePHI). They serve as a crucial barrier, ensuring patient confidentiality and compliance with healthcare regulations.

Q: What makes a password strong and secure?

A: Worry less about the type of characters and focus on creating long, unique passwords for each account. The National Institute of Standards and Technology (NIST) recommends these ‘passphrases’ – longer combinations of words that are easier to remember and harder to crack.

Q: How often should I change my password?

A: According to NIST guidelines, the frequency of changing passwords has evolved. Instead of enforcing arbitrary time-based intervals, NIST recommends focusing on the following principles:

  • Risk-Based Approach: Password changes should be prompted by specific risks, such as a security incident or suspicion of compromise. Regularly assess the security landscape and initiate password changes when there’s a credible threat.
  • Compromised Credentials: If there’s a known or suspected compromise of your credentials, change your password immediately. This is crucial to mitigate the risk of unauthorized access.
  • Multi-Factor Authentication (MFA): Implementing MFA is more effective than frequently changing passwords. MFA adds an extra layer of security, making it significantly harder for unauthorized users to gain access.

Q: What is a Password Manager and should I use one?

A: Password Managers streamline the management of credentials by generating and storing complex passwords securely. They also facilitate the use of unique passwords for each account, reducing the vulnerabilities associated with password reuse. Many reputable Password Managers and web browsers offer free versions with basic functionalities, though if your budget allows, we recommend paying for a premium version that includes advanced security measures and additional features.

Q: How do password policies align with HIPAA regulations?

A: Password policies must align with HIPAA regulations to safeguard patient information. Ensuring compliance involves crafting password protocols that meet regulatory standards and regularly updating them in response to evolving threats.

This article was originally published on HIPAA Secure Now! and is republished here with permission.