Weak Passwords, Poor Cyber Hygiene Invite Healthcare Data Breaches

December 13, 2021 - Poor cyber hygiene and weak passwords leave organizations vulnerable to healthcare data breaches. Almost a third of surveyed IT professionals from a variety of industries reported weak password management as a key contributor to security breaches, a report from GoodFirms revealed.

The survey revealed that 63 percent of online users change their passwords only when prompted, and almost half of users keep the same password for multiple sites or applications. Over half of users also reported sharing their login and password credentials with colleagues, family members, and friends.

Almost a third of online users reported being victims of security breaches caused by weak passwords in the past, although 88 percent of respondents said that they use two-factor authentication.

“Password security is a pressing concern for businesses of all verticals. Whether it is through brute force, misconfiguration, pretexting, ransomware, backdoor release, privilege abuse, or other hacking methods, password stealing is a nuisance that organizations, employees, and even cybersecurity experts deal with every day,” the report stated.

“While passwords can protect the data to a certain extent, complete security of data and confidential information still rests on how well the passwords are managed. In most cases, password vulnerabilities stem from not following the best password practices suggested by cybersecurity experts.”

There are a variety of ways a threat actor can take advantage of password vulnerabilities to gain network access. Phishing is one of the most common tactics used by threat actors. Employees may receive an email asking them to reset their password by entering their credentials, which tricks them into handing their passwords and user IDs over to the hackers.

In a spearphishing attack, hackers target users with emails that appear to be from friends in order to get the victim to click a link, subsequently allowing hackers access to credentials. A brute-force attack occurs when hackers use trial and error to guess passwords until they can crack the code. Users who choose passwords with no real words have a better chance of being protected from brute-force attacks.

Password vulnerabilities are often blamed on employees, but organizations have an obligation to educate and provide cyber hygiene resources to prevent employees from falling for common phishing techniques. In addition, organizations should ensure network security and patch systems in order to maintain a strong cybersecurity posture.

Surveyed IT professionals recommended that users create accounts with trusted companies only, use secure VPN sessions, and avoid dictionary terms when creating passwords.

Organizations should implement multi-factor authentication, hire ethical hackers to find vulnerabilities before real hackers can, and adopt a system lockout policy to prevent hackers who are trying to guess passwords from accessing the network.

The report also suggested that strengthening Remote Desktop Protocol (RDP) logins is essential for any organization to stay ahead of cyber threats. Experts recommended creating long and complex passwords for RDPs to prevent hackers from accessing critical data.