The introduction of new technologies in the healthcare sector is leading to the adoption of innovative ways in the treatments of patients. These innovations bring new opportunities and benefits: Telemedicine, Electronic Health Records (EHR), wearables that monitor biometrics, are just some of the contributions to enhance the health and well-being of patients.
However, because of this, new risks are introduced, increasing the vulnerability of patient data. Indeed, Health data are considered fifty times more valuable than financial information on the black market [1], and therefore among the most targeted kind of data [2].
In this scenario, similar to other intangible assets [3], cybersecurity awareness is value relevant.
Recently it has been reported that at least 15 billion compromised credentials and passwords are for sale on the dark web [4].
Moreover, in recent years there have been numerous cases where bad password management has created serious problems to organizations. Let’s take for example the case of France TV5 Monde. They accidentally showed their password during an interview, exposing the company to unauthorized access of sensitive information [5]. Or the case of Hawaii Emergency Agency, which raised a false missile alarm after showing a picture where a post-it with a password was visible [6]. Or again, the case of RT, the US agency in which the management of the nuclear arsenal was protected by a password of eight zeros [7].
Password are the basic mechanism used to protect data. Good password hygiene is the practice of making the account passwords more difficult to guess and harder to crack [8]. Here are reported some useful suggestions on how to correctly manage the passwords [9]:
- Don’t use a single password for every account. Once an attacker discovers the password, they could easily access all your accounts and use them.
- Don’t share your passwords with anyone. Sharing password with colleagues, family members and friends may not seem like a problem but notice that if they are the ones to be attacked, your passwords could also be compromised.
- Choose nontrivial passwords. When a service provides guidelines on how to create a password, take them seriously instead of finding a lazy shortcut to comply with them. For example, if symbols are recommended, don’t just add one at the end of the password.
- Favor longer passwords over complex ones. The number of possible combinations is described by an exponential function. For this reason, the resulting number of combinations grows more by increasing the power, rather than the base. This is a mathematical argument for the new NIST Digital Identity Guidelines for the United States federal government.
- Use a password manager to manage all your passwords. There are lots of password managers that can help you remember strong password and autofill it in web browsers.
- Change your passwords regularly. By changing your password consistently, you reduce the risk that other people will have frequent access to your accounts.
- If a data breach occurs, immediately change your passwords.
References and Internet Links
- https://cybersecurityventures.com/cybersecurity-almanac-2019/
- Available: https://www.symantec.com/content/dam/symantec/docs/infographics/symantec-healthcare-it-security-risk-management-study-en.pdf
- 2018.
- Available: https://bit.ly/2PpEckF
- Available: https://www.bbc.com/news/world-europe-32248779
- Available: https://www.businessinsider.com/hawaii-emergency-agency-password-discovered-in-photo-sparks-security-criticism-2018-1?IR=T
- “Launch code for US nukes was 00000000 for 20 years” [Website]. Available: https://arstechnica.com/tech-policy/2013/12/launch-code-for-us-nukes-was-00000000-for-20-years/
- “Keep Your Passwords Squeaky-Clean: 5 Tips for Good Password Hygiene” [Website]. Available: https://bit.ly/3v0kRHk
- “ESET CYBERSECURITY AWARENESS TRAINING” [Website]. Available: https://www.eset.com/us/cybertraining/
This blog post was written for the ProTego project by Pietro Vismara (OSR).
