May 2, 2024 Happy World Password Day! To celebrate, let’s refresh your password etiquette. With the most recent updates on the Change Healthcare breach, you don’t want to miss this opportunity to do some compliance housekeeping! Let’s dive into how to ensure your passwords are HIPAA-compliant, keeping Protected Health Information (PHI) secure. Best Practices First, let’s say ‘sayonara’ to ‘Password123!’. When it comes to creating a secure password, length is crucial. Forget complex passwords with limited characters. Aim for at least 8 characters, using a mix of uppercase and lowercase letters, numbers, and symbols. This creates a longer and more challenging code to crack. Next, create passphrases instead of passwords. Consider using easy-to-remember passphrases instead. A good example would be including your favorite book or restaurant in a sentence. For example: “MyFavoritePlaceToE@tIsThaiGardenOn46thSt!” Lastly, make your passwords unique across different accounts. Beyond the Password Two is Better than One Now that’s settled, let’s dig into the additional security steps to keep your practice safe. Don’t shy away from Multi-Factor Authentication (MFA); it’s your friend. Enable MFA wherever possible, adding an extra layer of security by requiring a second verification step, like a code from your phone, to access accounts. Imagine MFA as a second line of defense in password security. When not used properly, it can leave an open door for cyber attacks. We’ve seen this play out in the news recently. On May 1st, Andrew Witty–Chief Executive Officer of UnitedHealth Group–testified in front of Congress regarding the Change Healthcare breach. Witty stated that the attackers successfully compromised a stolen user ID and passwords due to a lack of multi-factor authentication. This attack has cost Change Healthcare a whopping $870 million… and counting! To think, this whole issue could have been avoided if they took 5 minutes out of their day to implement practical password protocols… Password Powerhouse Consider ‘hiring’ a password manager! Using a password manager can provide peace of mind, knowing your passwords are secure. These tools generate strong, unique passwords and securely store them, eliminating the need to remember countless complex combinations. Just remember to use a strong master password for the manager itself! Finally, don’t forget to update your passwords at least three times a year and immediately if you suspect a security breach or phishing attempt. What’s Next? Think of password etiquette like flossing your teeth – not the most fun activity, but neglecting it can lead to painful consequences. That’s where Abyde can help simplify your practice’s everyday compliance needs. Abyde’s software offers an all-in-one suite of compliance resources with password and multi-factor authentication best practices training, on-call compliance experts, and much more. To learn more about compliance for your practice, schedule an educational consultation with one of our experts today!