HIMSS is a champion of World Password Day 2017.
World Password Day is an annual awareness initiative celebrated on the first Thursday of each May. This year’s theme is multi-factor authentication (#LayerUp). Multi-factor authentication adds another layer of protection for user accounts. Multi-factor authentication may involve the use of biometrics (e.g., a fingerprint reader), device identification (e.g., a specific computer or mobile device), and geo-location information. Multi-factor authentication also provides a greater level of assurance that a user is who he or she claims to be.
Passwords Are Alive and Well in Healthcare
In the healthcare and public health sector, the password is still alive and well. While more healthcare providers have adopted multi-factor authentication, many have not due to barriers, such as cost. Accordingly, it is critical that everyone learn about good password security and practices. (After all, we want to keep our systems secure and keep the bad guys out.)
Tools You Can Use: Tip Sheets, Presentation, and Infographic
In this vein, HIMSS created two tip sheets: one for organizations and the other for workforce members. HIMSS also created an infographic and a presentation for organizations and workforce members.
At the organizational level, individuals who are in leadership roles need to understand and appreciate the importance of password security and good password practices. Good security is everyone’s responsibility—including those who are at the top of an organization’s hierarchy. Good security is not just the responsibility of the chief information security officer and members of the information technology (IT) department.
Security Is Everyone’s Responsibility (Not Just the Technical Folks)
Those who craft organizational policies and enforce them must be responsible as well (e.g., legal counsel, human resources personnel, and others). In other words, holistic security must be achieved throughout the organization and a top-down approach is recommended. Holistic security necessarily includes ensuring that user accounts are secure (and the credentials that are used to access them).
Workforce members, too, must be educated on good password security and practices. No one wants a user account to be hijacked by an attacker who may then access sensitive patient information, proprietary company information, or information about employees (e.g., W2 information that may be used for tax fraud). For these reasons, workforce members must do their part. With greater awareness and understanding about password security and good password practices, workforce members will, in turn, help to improve the security posture of the organization.
Other privacy and security awareness resources are available on the HIMSS Privacy and Security Awareness Initiatives page. Please check out the resources for Data Privacy Day, National Cyber Security Awareness Month, and Stay Safe Online.