- NordPass and NordStellar reviewed terabytes of data
- The analysis uncovered poor password practices in the healthcare industry
- Organizations are lacking staff training and strong policies
Hygiene in hospitals and clinics is essential, but cyber-hygiene – despite being equally important – is constantly being neglected, experts have warned.
A report from NordPass and NordStellar has claimed weak password practices are “dangerously common” in the healthcare industry.
Based on a review of 2.5TB of data extracted from various publicly available sources (including the dark web), the two organizations found that different medical institutions, including private clinics and hospital networks, all rely on “predictable, recycled, or default passwords” to protect critical systems. As a result, sensitive patient data, and possibly their health, is placed at immense risk.
You may like
Carelessness
“When the systems protecting patient data are guarded by passwords like ‘123456’ or ‘P@ssw0rd,’ that’s a critical failure in cybersecurity hygiene. In a sector where both privacy and uptime are vital, this kind of carelessness can have real consequences,” said Karolis Arbaciauskas, head of business product at NordPass.
The report also lists the most frequently used passwords identified in the healthcare sector. If you’re using any of these (or a variant), make sure to change them for something tougher to crack:
- fabrizio19
- 123456
- Melu3@12345
- @Vow2017
- Mercury9.Venus8
- password
- Marty1508!
- Carlton@1988
- 12345678
- @Vowcomm2018
- papa
- 12345
- Durson@123
- P@ssw0rd
- Simetrica
- Raffin2209!
- Asspain28#
- Smith
- neuro
- default
Policies and training
The teams warn passwords that reflect personal names, simple number patterns, or default configurations, are all prime targets for brute-force and dictionary attacks, in which cybercriminals automate the process, and try out countless combinations until they break in.
To make matters even worse – one break-in is more than enough to wreak havoc, as lateral movement can compromise entire networks, expose sensitive data, and result in different malware and ransomware infections.
The report stresses that healthcare institutions “lack clear password management policies or staff training,” which is why they are recommended to enforce strong password policies, eliminate the use of default or role-specific passwords, use a business-grade password manager, train the staff, and introduce 2FA wherever possible.
