- Nordpass and Nordstellar review terabytes of data
- The analysis revealed bad password practice in the health industry
- Organizations lack staff training and strong policies
Hygiene in hospitals and clinics is important, but cyber hygiene – despite being equally important – being constantly neglected, experts have warned.
A report from Nordpass and Nordstellar has claimed that weak password practice is “dangerously common” in the health industry.
Based on a review of 2.5 TB of data extracted from different publicly available sources (including the Dark Web), the two organizations found that different medical institutions, including private clinics and hospital networks, all depend on “predictable, recycled or standard passwords” to protect critical systems. As a result, sensitive patient data and possibly their health are placed at enormous risk.
Indifference
“When the systems that protect patient data are protected by passwords such as ‘123456’ or ‘P@SSW0RD,’ it is a critical failure in cybersecurity -hygiene. In a sector where both privacy and uptime are crucial, this kind of carelessness can have real consequences,” Nordpass.
The report also shows the most commonly used passwords identified in the health sector. If you are using any of these (or a variant), make sure you change them for something harder to crack:
- Fabrizio19
- 123456
- Melu3@12345
- @Vow2017
- Mercury9.nvenus8
- password
- Marty1508!
- Carlton@1988
- 12345678
- @Vowcomm2018
- Papa
- 12345
- Durson@123
- P@SSW0RD
- Simetrica
- Raffin2209!
- Aspain28#
- Smith
- Neuro
- default
Policies and training
The teams warn passwords that reflect personal names, simple number of patterns or standard configurations, are all the most important goals of brute-force and dictionary attacks where cyber criminals automate the process and try countless combinations until they break in.
Making things even worse – a burglary is more than enough to create destruction, as lateral movement can compromise entire networks, postpone sensitive data and result in different malware and ransomware infections.
The report emphasizes that health institutions “lack clear password management policies or staff training” and therefore they are recommended to enforce strong password policies, eliminate the use of standard or role-specific passwords, use a business class access coding administrator, educate staff and introduce 2FA where possible.
