Is your password 123456? Tips for password management

John Deutsch

John Deutsch

Posted on August 21, 2011

A realistic approach to internet security for medical practices – Part 3: Password Management

Do you use bad passwords?

Using “123456” as your password for your YouTube account isn’t a security risk to your patients, but passwords such as these are a huge risk to them when used in applications related to your practice. According to a study done by ZoneAlarm, 79% of passwords were found to use risky password construction. They also found that passwords containing “12345”, “QWERTY”, “PASSWORD” and first names are the most widely used passwords and therefore known by all hackers/bots as commonly used passwords. Adding an “A” to your “123456” password isn’t tricking anyone either.

Focus on your highest risks

Your primary email account is your single highest risk account. This is because many systems online with a forgot password function authenticate users through email account verification. Therefore, someone with access to your email account could easily gain access to many of your online accounts, such as your bank account.

Best practices for better password security

  • Change your important passwords frequently, such as your primary email addresses, Electronic Medical Record system, bank account and CRM.
  • Don’t use “12345”, “QWERTY”, “PASSWORD”, first names, animals and variations of these in your passwords.
  • Use at least one upper case, lower case, number and special character in all your passwords.
  • Protect your primary email account password – give it to no one.

HIPAA – All bark and no bite?

HIPAA is a highly complicated law (400 pages worth), even challenging for someone with both an IT and law background. Since its creation, there has been a lot of bark and no bite when it comes to enforcement – but this is all changing. In the past 2 years, we at Medical Web Experts have seen a significant increase in citations for HIPAA violations and medical practices being contacted with warnings from HIPAA governing organizations. Therefore, its important to have a plan to meet HIPAA guidelines in your practice, focusing on the highest risk issues to meet both HIPAA guidelines and to protect your business from real issues that can severely affect your business, such as data loss, lawsuits and website downtime.

About the Author

John Deutsch is the founder of Medical Web Experts and has spent the last 10 years working the healthcare IT industry, specializing in Electronic Medical Records, Network Administration and Software Development. To learn more about Medical Web Experts and their services, please visit www.medicalwebexperts.com

Read the other articles in this 3 post series:


John Deutsch

John Deutsch

Founder and CCO of MWE, and business owner of 19 years with extensive experience in Healthcare IT. John is a Judge for the 2020 eHealthcare Leadership Awards and has appeared on multiple podcasts, including the Outcomes Rocket Podcast and the Hospital Finance Podcast.

Related Posts

Illustration of four people in a healthcare organization discuss ideas and the roadmap for their softare development project.

Posted on December 03, 2021 by Paul Galbraith

When embarking on a software development project, there are often many unknowns: How should legacy software integrate with new solutions? What compliance issues need to be solved? How can technologies…Read more


Illustration. Middle: computer screen. Right: girl holding a key. Left, boy holding a cell phone.

Posted on November 09, 2021 by Pablo Bullian

PHI Leaked Due to Fresno’s Health Network Hack A group of health clinics in the Fresno area that belongs to United Health Centers were hit by a ransomware attack. Not…Read more


Newsletter
Subscribe to Our Newsletter

Get promotions and current business tips. Sign up for our newsletter today.