Why healthcare providers need a password manager.
A healthcare providers’ primary goal is patient care, which involves spending ample time with patients and protecting sensitive information.
When it comes to technology, medical care is rapidly advancing and patient data has become heavily digitized. Especially since the start of the pandemic, both patients and providers have relied more on online systems. Electronic health records (EHRs) open up security vulnerabilities, as do connected devices and apps that providers and administrators use daily.
Passwords are at the core of any organization’s security, though many providers still use outdated password solutions. At Mercy Medical Cedar Rapids, a group of clinics and hospitals in Iowa, providers once attached sticky notes with passwords to computer monitors in what their Chief Information Security Officer later called a “HIPAA nightmare.”
Luckily, they’ve since adopted a password manager, which helped them incorporate HIPAA-compliant security measures without slowing down the workday.
Read on to learn why a password manager is essential for hospitals, clinics, medical practices, and insurance companies.
The Internet of Medical Things (IoMT)
Today, electronic healthcare records can be accessed online. This is due in part to government mandates, like the Hightech Act in the U.S. requiring EHR, and the 21st Century Cures Act, which enforces interoperability. But electronic access is also driven by patient demand. Telehealth platforms and technological capabilities like remote patient monitoring make patients’ lives simpler.
The downside is that hackers are likely to target healthcare records, as personal health information (PHI) is highly valued on the dark web. In the last year, 70% of healthcare providers surveyed in this report by the Healthcare Information and Management Systems Society (HIMSS) experienced a significant security incident.
If threat actors infiltrate health systems, they can wreak more havoc than just stealing information; they also threaten the health and safety of patients with the ability to halt operations. Top safety issues experienced by healthcare providers include disruption to emergency medical care and patient injury or harm.
Breaches and hacks to the healthcare industry are also costly. According to IBM, the cost of security incidents for healthcare providers is the highest it’s been in over a decade, costing on average $9.23 million globally.
- Thirty-four percent of healthcare organizations experienced a ransomware attack in 2020.
- Ransomware was the cause of nearly half of data breaches in the healthcare industry.
- Fifty-seven percent of respondents to the HIMSS survey were victims of a phishing attack in the past 12 months.
- The healthcare industry had the highest number of publicly disclosed data breaches of any industry in 2020.
The right tools can help healthcare providers target these risks and ensure security for their patients.
Passwords by the numbers
Over 75% of healthcare providers surveyed as part of this report had more than 500 accounts with passwords that have never been changed, as well as over 1,000 users who no longer work for the company. Unmanaged passwords and unfinished off-boarding greatly increases the likelihood of those passwords being compromised. Additionally, many of these passwords need to be accessed not just by staff, but contractors, consultants, and vendors.
Employees alone have access to 11 million healthcare files on average, half of which contain highly sensitive patient data. Despite these vulnerabilities, some healthcare providers spend little to nothing on cybersecurity.
Manually managing passwords is unrealistic
With all the devices and cloud-based services that fall under the IoMT, managing passwords manually—in spreadsheets or on sticky notes—is taxing at best, and a security disaster at worst. With the substantial number of individuals, accounts, and patient records, keeping track of logins without the proper tools is nearly impossible.
As noted above, when employees leave their healthcare practice, they may still have account passwords and therefore have access to those accounts. Conversely, it can be impossible for employees to memorize logins for 500-plus accounts, meaning that they’ll spend time in their workday tracking down passwords or resetting them, rather than spending time with patients.
None of these situations are ideal, but all of them can be solved by using a password manager.
Learn more about the benefits of a password manager in our guide for healthcare providers, and see how one healthcare organization solved their password woes and increased productivity with Dashlane.