The computers in your office are veritable treasure chests of information cyber pirates would love to get their hands on. Only authorized personnel in a practice should have the keys to unlock what’s inside. Passwords as those keys. They play an important role in protecting Electronic Health Records (EHR) and the vital information those records hold.
The HIPAA Security Rule says that “reasonable and appropriate . . . procedures for creating, changing, and safeguarding passwords” must be in place. But the rule doesn’t stop there. It goes on to say that “In addition to providing passwords for access, entities must ensure that workforce members are trained on how to safeguard information. Covered entities must train all users and establish guidelines for creating passwords and changing them during periodic change cycles.”
Regardless of the type of computers or operating system your office uses, a password should be required to log in and do any work. Today’s blog will focus on how to create strong passwords — the kind that aren’t easily guessed. And since attackers often use automated methods to try to guess a password, it is important to choose one that doesn’t have any of the characteristics that make passwords vulnerable.
How to stay ahead of the hackers
They’re a clever bunch, those hackers. And they seem to know a lot about human nature, too. They’ve figured out the methods most people use when choosing a password. And they’ve turned that knowledge to their advantage.
To outsmart them, create a password that’s:
- NOT a word found in any dictionary, even foreign ones
- NOT a word any language — including its slang, dialects, and jargon
- NOT a word spelled backwards
- NOT based on recognizable personal information — like names of family and friends
- NOT a birthdate
- NOT an address or phone number
- NOT a word or number pattern on the keyboard — for instance, asdfgh or 987654
A strong password should:
- Be at least 8 characters in length
- Include a combination of upper and lower case letters, at least on number and at least one special character, like an exclamation mark
Examples of strong passwords
With their weird combinations of letters, numbers, and special characters, passwords can be a challenge to remember. Starting with an easy-to-remember phrase and then tweaking it to fit the guidelines for strong passwords is one way around that problem.
For instance:
1h8mond@ys! (I hate Mondays!)
5ayBye4n@w (Say bye for now)
Safety first
The importance of having strong passwords — the longer, the better — and changing them on a regular basis can’t be overstated. And it goes without saying that writing a password on a Post-It note and attaching it to a computer monitor should never be done. Do everything you can to make your passwords strong, and store them somewhere safe. These steps will help ensure the security of your PHI and give those hackers fits.