Whether for online banking, paying bills and more, using digital passwords is a common method for keeping our private information secure. Similarly, you likely use one or several passwords when accessing your data and scheduling systems in your practice too. Unfortunately, that doesn’t mean your patient data is always safe, as password hacking continues to be a problem.
In 2019, 41.4 million patient records were breached from a 49% increase in hacking. 2020 was even worse. In 2020, healthcare data breaches of 500 or more records occurred at a rate of more than 1.76 per day. And last year, 642 large data breaches were reported by healthcare providers, health plans and business associates of those entities – 25% more than 2019, which was also a record-breaking year.
Despite the threat of hacking, passwords continue to be a main source of protection. That being the case, there are steps you can take in your practice to help keep your patient data more secure.
Increasing Password Strength
It’s a common belief that mixing different characters and numbers in your passwords will make them stronger. This is true to an extent, but it still may not protect you from the sophisticated breach techniques being used today. It seems like a good idea to switch out your password every now and then, but this can also help cyber criminals better detect your patterns. Also when changing passwords, many people only change a portion of their current password or use something similar, like adding a number or an exclamation point, dollar sign, etc. to the original. Or if people radically change their passwords, they often write them down and don’t keep them secure.
Increasing the complexity of your passwords and changing your passwords can be helpful if done right, there are ways to take this security even further. The passwords research group from Carnegie Mellon’s CyLab Security and Privacy Institute has created a password policy that balances both security and usability. Using these guidelines, passwords need to be at least 12 characters and pass a specific test developed by the research team. This test, powered by an artificial neural network, evaluates a password, gives a strength score and offers suggestions in real-time. So instead of relying on a certain length or set of characters, users can still create strong passwords that are also more usable and easier to remember. You can view a demo of the password strength test here.
Using Password Managers
If using several different passwords for your systems, keeping track of them all can be challenging. But there are many helpful tools available designed to help you store passwords and automatically fill them in on websites and apps, using browser plugins and integration with Android and iOS. These password managers only require one master password to log in. Password managers can also help you fill in online forms with names, addresses and other data easily. This is quicker and safer than allowing e-commerce sites to store information. These manager apps usually sync across all your devices, so you can keep track of your passwords from your phone, computer, tablet, etc. Rather than writing passwords down all your passwords, consider downloading a password manager to store and keep them secure.
Protecting Patient Portals
In addition to your in-office systems, if your practice uses a patient portal, it can also be vulnerable. Without proper encryption methods and detection tools, portals can be just as easily accessible to hackers as they are to authorized patients and users. As portal usage grows, that security vulnerability will become a growing threat to PHI and sensitive data. Here are some things to consider when protecting a patient portal.
Incorporating a multilayer verification, for example – a two-factor authentication can help create added protection. In addition to a password or PIN, your users can provide something personal such as a cell phone number, ZIP code, security question and answer, etc. If the user’s device, account ID, and/or password are compromised, multi-factor authentication can ensure your portal remains safe. Up-to-date anti-virus software can be beneficial as well. Email is a common way hackers deploy malware, and these attacks continually improve to slip past conventional security measures. If anti-virus software is outdated, it can be vulnerable to every new form of attacking malware. Most new software allows for automatic opt-ins, so updates are downloaded and installed as soon as they’re available.
Hacking isn’t going away any time soon, so take the necessary steps to keep your passwords and digital security as strong as possible. If IT security is one of the areas you would like support or alleviation with, we’d love to talk. Schedule a consultation with one of our practice management experts today.