Privacy & Security

How passwords are losing clout as a top-line defense against data hacking

As health organizations work to stay ahead of cybercriminals, approaches are moving beyond passwords to secure systems.
By Wendy Almeida
September 15, 2017
08:55 AM

Many studies and experts have all come to the same conclusion, passwords aren't very effective in securing data. Complicated passwords are hard to remember and with the uptick in keylogging and phishing attacks, many stolen passwords end up on the dark web anyway.

Here are what pros are doing to keep data safe.

Advance to the next slide to begin the gallery

NIST guidance changes

The National Institute of Standards and Technology published new guidance in August on how to strengthen passwords. Research shows that the de facto standard practice of requiring users to include a mix of uppercase and lowercase letters, numbers and at least one symbol, is more trouble than it’s worth.

Read the full story

Aetna's machine learning replaces passwords

Instead of a password or fingerprint being the only barrier to entry, Aetna’s new behavior-based security system monitors user devices and how and where a consumer uses that machine. “Binary authentication controls work well when the assumption is that only the consumer has the password and remembers it. That assumption, however, is no longer valid,” said Jim Routh, chief security officer at Aetna.

In 2016, more than three billion passwords were harvested from breaches by criminals in the U.S., according to Shape Security.

Read the full story

Beware of misconfiguration errors

It might not be the lack of the latest security technologies that cause a data breach but, instead, a simple misconfiguration in a software system or cloud service. Something as simple as the use of a default setting can potentially provide access to an unrecognized third party or expose sensitive data such as passwords.

Read the full story

Ransomware highlights need for two-factor authentication

Two-factor authentication, by its very nature, is a stronger way of safeguarding networks. In addition to “something you know,” which would be a username and password, a user would be required to provide “something you are,” a biometric measure like a fingerprint or “something you have,” like a token.

Hospitals not already using modern tools for two-factor authentication, such as facial recognition and push notifications, should take note of how they can block malware and other common cyberthreats.

Read the full article

Cybercriminals strong-arming their way in

"Brute force" attacks are on the rise. The trial-and-error strategy is when programs attempt to decode encrypted information such as passwords or data encryption standard keys through tremendous effort (i.e. brute force) rather than using more specific strategies. The problem is that remote desktop protocol services do not typically have robust security, instead relying on unsophisticated log-ins and passwords. 

Read the full story

Passwords are on the dark web

Hackers gain access through phishing and keylogging attacks. In March, an Evolve IP report found that more than 76 percent of stolen passwords can be found on the dark web.

Read the full story

More regional news

A doctor looking for patient data on a desktop computer

First LG CNS AI cooperation in South Korea and more briefs

By
Adam Ang
December 22, 2023
Nurse on tablet

AI value-based care platform buys division of data analytics company Arcadia

By
Jessica Hagen
December 21, 2023
computer code on a screen

How to implement healthcare cyber insurance

By
Andrea Fox
December 21, 2023
Want to get more stories like this one? Get daily news updates from Healthcare IT News.
Your subscription has been saved.
Something went wrong. Please try again.

Top Story

Geisinger and healthcare at home
Remote patient monitoring
At Geisinger, DME ordering automation pays off with big dividends

Most Read

WebMD Ignite collaborates on data privacy in omnichannel outreach
Observing tomorrow’s cyber criminals with the global standard for centralized log management
CISA, HHS and HSCC release healthcare cybersecurity toolkit
The current state of Dubai’s healthcare digital transformation journey
There is no escaping making investments in cybersecurity technology
President Biden's executive order on AI directs HHS to establish safety program

Research

White Papers

More Whitepapers

Artificial Intelligence
Analytics
Precision Medicine

Webinars

More Webinars

Analytics
Analytics
Privacy & Security

Video

Anne Snowdon at HIMSS_ Doctor looking at brain scan on table Photo: katleho Seisa/Getty Images
Perspective: Scaling AI projects from pilot inspiration to lasting success
Steven Ullman at the University of Miami_ Telehealth on laptop photo: David Espejo/Getty Images
Telehealth sees a dip as patients pull back on virtual care
Robert Havasy at HIMSS_Doctor looking at brain scan on table Photo: katleho Seisa/Getty Images
Looking back at the HIMSS AI in Healthcare Forum
Naomi Fried at PharmStars_Business colleagues at a table by LaylaBird/Vetta/Getty Images
A new cohort graduates from PharmStars

More Stories

Maxime Vermeir of ABBYY on AI
2024 outlook: AI focus will shift to specialized machine learning
HIPAA Breach Notification Rule
How far will FTC expand Health Breach Notification Rule enforcement?
Naomi Fried at PharmStars_Business colleagues at a table by LaylaBird/Vetta/Getty Images
A new cohort graduates from PharmStars
A doctor relaying a patient's heart X-ray findings via teleconsultation
Japanese demand for digital hospital tech starting to...
Christophe Morvan and Lawrence Giesen of Drake Star on telemedicine
Telemedicine M&A trends moving into 2024
Panelists at the HIMSS AI in Healthcare Forum in San Diego
AI scaling and sustainability – tips for success from providers, payers and vendors
Dr. Jesse Ehrenfeld, president of AMA Background-katleho Seisa/Getty Images
AI liabilities and regulations concern physicians
A nurse checking a patient's file on a laptop in the hospital corridor
Data privacy still a top concern for digitalisation in...