We Bring the Cloud to Healthcare
Careers Contact Us Portal
Careers Contact Us Portal
Careers Contact Us Portal

Cybersecurity Awareness Month: Passwords, Multi-factor Authentication, and Healthcare Cybersecurity Strategies

October 16, 2023

Cybersecurity Awareness Month: Passwords, Multi-factor Authentication, and Healthcare Cybersecurity Strategies

To continue with education around Cybersecurity Awareness Month, this blog post will dive deeper into two main CISA themes: Using unique passwords and Multifactor authentication. We will also share additional guidelines from CISA and HHS specific to healthcare.

The following would be good information to share with your teams for them to implement in their daily jobs and at home.

Passwords and Password Managers:

CISA reports that only 33% of individuals create unique passwords for all accounts. And most passwords are easily hacked. They also report that only 18% of individuals have downloaded a password manager.

Reminders about how to create strong passwords:

  • Long – at least 16 characters
  • Unique – NEVER reuse passwords
  • Complex:
    • Upper and lower case
    • Numbers
    • Special Characters
    • Spaces
    • Use a passphrase

Why Use a Password Manager:

Using a password manager makes using unique passwords easier and more manageable. It allows users to meet all the strong password requirements without keeping track of each password. Making it easy for your end users to implement a password manager is the best way to ensure it happens.

Have your IT team identify one password manager to implement across your organization. Train your teams on how to implement it. Make it fun. Have contests or rewards for those that are implemented by a certain date.

Training opportunity:

  • Share the reminders about how to create strong passwords – put a timeframe in place for encouraging everyone to update their passwords
  • Identify a password manager that you recommend to your organization and have a plan for rolling it out

Refer your teams to our Cybersecurity Awareness Toolkit for Healthcare for more training and resources.

Multi-Factor Authentication (MFA)

In the not-so-distant past, some people pushed back about using multi-factor authentication. The perception was that it slowed down access; it sometimes didn’t work or wasn’t understood. However, now, most people have at least heard about MFA or are using MFA in their personal lives and might be more open to implementing it at work.

According to a CISA study, out of the 57% of people who had heard of MFA, 79% have applied it at least once, and 94% of them reported that they were still using MFA.

Training Opportunity:

  • Identify the critical applications that need MFA and train your teams on how to enable it.
  • Identify a timeframe for implementation and reward those that comply.

Refer your teams to our Cybersecurity Awareness Toolkit for Healthcare for more training and resources.

CISA and HHS Resources Specific for Healthcare Cybersecurity

While the above information is useful for your end-user teams, did you know that CISA and HHS have resources and information specifically geared toward the healthcare sector and protecting your organization from a cyberattack?

Several resources are available to advance your cybersecurity readiness as part of the HHS 405(d) program, aimed at providing healthcare with resources and tools to strengthen the sector’s cybersecurity posture against cyber threats. CISAs Health Industry Cybersecurity Practices (HICP) document outlines the top 5 threats facing healthcare and mitigation practices.

CISA also has other resources like presentations and videos that you can use to train your teams, specifically around topics like ransomware, social engineering, and even attacks against medical devices. You can check out their Knowledge On Demand page and a video from HHS and CISA about utilizing the HCIP and CPG together.

Training Opportunity:

  • Assign a team leader to identify the top training areas for your IT, applications, or security teams.
  • Review the HHS 405(d) content and schedule training sessions to share the information with your teams. As mentioned above, make it fun and interactive – maybe feed them lunch!

To find these resources and more in one place, visit our Cybersecurity Awareness Toolkit for Healthcare to start planning how you will provide ongoing information and training for your staff.

To learn more about these key strategies and resources, join our Cybersecurity Insider Program and attend a live webinar on October 26th at 2 p.m. ET: Cybersecurity Awareness + Four Cybersecurity Strategies for Healthcare.

Laura Pursley, marketing director, CloudWave