- Nordpass and Nordesteller reviewed the terabytes of data
- Analysis highlighted poor password practices in healthcare industry
- Organizations lack training of employees and strong policies
Cleanliness is necessary in hospitals and clinics, but cyber -hygiene – despite being equally important – is constantly being neglected, experts have warned.
A report by the Nordpass and Nordstaler claimed that weak password practices are “dangerous common” in the healthcare industry.
Based on a review of 2.5TB of data extracted from various publicly available sources (including dark web), two organizations found that various medical institutions including private clinics and hospital networks rely on “forecasting, recycling or default passwords” for the protection of all important systems. As a result, sensitive patient data, and possibly their health, is kept at immense risk.
Negligence
“When the patient is protected by a password like ‘123456’ or ‘P@SSW0RD’, it is an important failure in cyber security hygiene. In an area where both privacy and uptime are important, such negligence may have real consequences,” said the prominent of the vocational products of Karolis Arabi Kas, Nordpas.
The report also lists the most used passwords identified in the healthcare sector. If you are using any of these (or a version), be sure to change them for some difficult to crack them:
- fabrizio19
- 123456
- Melu3@12345
- @VOW2017
- Mercury 9.venus8
- Password
- Marty1508!
- Carlton@1988
- 12345678
- @VOWComm2018
- Father
- 12345
- Durson@123
- P@ssw0rd
- Camatric
- Raffin2209!
- Asspain28#
- Blacksmith
- Neuro
- default
Policies and training
Teams have warned passwords that reflect individual names, simple number patterns or default configurations, all major goals for brut-forces and dictionary attacks, which automate the cyber criminal process, and try countless combinations until they break.
To make cases even worse – a break -in is more than enough to wreak havoc, as the lateral movement can compromise the entire network, highlight sensitive data, and result in various malware and ranges and ranges and ranges and ranges.
The report emphasizes that healthcare institutions “clear password management policies or lack of staff training, which is why they are recommended to apply strong password policies, abolish the use of default or role-specific passwords, to use business-grade password manager, train employees and introduce 2FA where possible.
