Every aspect of HealthIT plays a potential role in stemming attacks, and one area that needs to be improved, according to some healthcare professionals, is password security. Far too often, even important medical resources are saddled with lazy passwords that are easy for hackers to guess. This is more than just a matter of HIPAA violations within an insecure practice: it even applies on the national level.
The most obvious recent example comes in the discovery of malware on Healthcare.gov. The attempted breach, which was taken care of before any data could be compromised, reportedly got as far as it did because the test server involved was still using a basic password.
Password management is a persistent problem in IT security of all kinds, not just health. Some suggest using software to store different passwords in one place so users can switch between passwords securely. But a study from researchers at the University of California at Berkeley called "The Emperor's New Password Manager" recently found faults in some of the most commonly used password storing devices.
Looking at different aspects of each program, the study found multiple instances of flaws in authorization, user interface and "bookmarklet" use, among other areas.
"We found critical vulnerabilities in all of the password managers and in four password managers, an attacker could steal arbitrary credentials from a user's account," the study concludes. "Our work is a wake up call for developers of web-based password managers."
While the solution isn't clear yet, it is obvious that practices need to find a way to focus more on using safe passwords efficiently. At the same time, they need to make sure they have the legal support to help them implement changes.