- NordPass and Nordstellar reviewed data terabytes
- The analysis discovered bad password practices in the health industry
- Organizations lack the training of solid personnel and policies
Hygiene in hospitals and clinics is essential, but cyber -Higiene, despite being equally important, is constantly neglected, experts have warned.
A NordPass and Nordstellar report has affirmed that weak password practices are “dangerously common” in the health industry.
Based on a 2.5TB review of data extracted from several publicly available sources (including the dark website), the two organizations found that different medical institutions, including private clinics and hospital networks, all depend on “predictable, recycled or predetermined passwords” to protect critical systems. As a result, the patient’s confidential data, and possibly their health, are put at an immense risk.
Neglect
“When the systems that protect the patient data are protected by passwords such as ‘123456’ or ‘P@SSW0rd,’ That is a critical failure in cyber security hygiene. In a sector where privacy and activity time are vital, this type of carelessness can have real consequences,” said Karolis Arbaciauskas, head of business products in NordPass.
The report also lists the most used passwords identified in the health sector. If you are using any of these (or a variant), be sure to change them for something more difficult to break:
- Fabrizio19
- 123456
- Melu3@12345
- @Vow2017
- Mercury9.Venus8
- password
- Marty1508!
- Carlton@1988
- 12345678
- @Vowcomm2018
- dad
- 12345
- Durson@123
- P@SSW0rd
- Symmetric
- Raffin2209!
- Asspain28#
- Blacksmith
- neuro
- default
Policies and training
The teams warn passwords that reflect personal names, simple numbers patterns or default configurations, are all main objectives for gross and dictionary force attacks, in which cybercriminals automate the process, and prove innumerable combinations until they enter.
To make things worse: a robbery is more than enough to wreak havoc, since the lateral movement can compromise entire networks, expose confidential data and result in different infections by malware and ransomware.
The report emphasizes that health institutions “lack clear password management or staff management policies”, so it is recommended to enforce safe password policies, eliminate the use of predetermined or specific passwords of roles, use a business degree password administrator, train staff and introduce 2FA where possible.
