Home »

Password Managers can Help Protect your Hospital Network from Cyber Attacks

Andrew Duyvestyn, Information Technology Analyst
Ontario Regional Blood Coordinating Network

Cyber security in healthcare networks is increasingly important; the recent cyberattack on the Newfoundland and Labrador (N.L.) healthcare system is being referred to as the worst in Canadian history [1], and hospital networks in Ontario such as Humber River Hospital [2], Listowel, and Wingham [3] have also been victims of recent attacks. The cyberattack in N.L. alone resulted in thousands of medical procedures being cancelled [4]. While vulnerability exploitation was the largest cause of cyberattacks in 2021 at 47%, phishing was the second at 40%, according to the IBM X-Force Threat Intelligence Index 2022 [5]. 

The first step in an effective ransomware campaign starts with initial access, which is often done using a phishing campaign with the intent of gathering login credentials [5]. According to Tessa Anaya from GetApp, 55% of Canadians reuse passwords across accounts [6]. That means if one account is breached, all accounts are. Employees with access to hospital networks, systems, and applications are perfect targets for phishing campaigns, and are one of the most important lines of defence to keeping hospital networks secure as a result.

What can I do to help protect my hospital network?

  1. Be vigilant against phishing attacks.
    According to the Canadian Centre for Cyber Security [7], something may be “phishy” in an electronic communication if:
    • You don’t recognize the sender’s name, email address, or phone number (e.g. very common for spear phishing)
    • You notice a lot of spelling and grammar errors
    • The sender requests your personal or confidential information
    • The sender makes an urgent request with a deadline
    • The offer sounds too good to be true
  2. Use of a password manager.
    What is a password manager? A password manager is an application that stores all your passwords; it encrypts your login information and stores it securely on a server. That means if hackers gain access to the password manager’s system, the data the hackers access is unusable – they still won’t be able to access your accounts.

I remember my password, why should I use a password manager? 

Password managers allow you to store complex passwords without having to remember them. According to Hive Systems, an 18-character password made up of random numbers, uppercase and lowercase symbols, and symbols will take up to 438 trillion years for a hacker to crack with current available computing power, compared to only less than four minutes for a 10-character password made up of only lowercase letters. It is also important to note that if the password you are using has been previously cracked, hackers will be able to access your account immediately [8].

If your place of work is not yet using a password manager, we suggest you reach out to your IT team to request access to one. 1Password, for example, is a Toronto-based password manager that is HIPAA compliant and is the password manager of choice at the Ontario Regional Blood Coordinating Network.  

If you can remember your password, you need to change it! Set it and forget it with a password manager and protect your hospital network.

References:

[1] N.L. health-care cyberattack is worst in Canadian history, says cybersecurity expert (2021, November 04). CBC News. https://www.cbc.ca/news/canada/newfoundland-labrador/nl-cyber-attack-worst-canada-1.6236210

[2] Toronto hospital working to restore systems after being struck by cyber attack (2021, June 15). CTV News Toronto. https://toronto.ctvnews.ca/toronto-hospital-working-to-restore-systems-after-being-struck-by-cyber-attack-1.5471742

[3] Hospitals in Listowel and Wingham regain access to computer systems after ransomware attack (2019, October 28). CBC News. https://www.cbc.ca/news/canada/kitchener-waterloo/listowel-wingham-hospital-cyberattack-systems-back-online-1.5337910

[4] Cyberattack confirmed as cause of health-care disruptions in N.L.. (2021, November 03). CBC News. https://www.cbc.ca/news/canada/newfoundland-labrador/health-care-disruptions-day-5-1.6235229

[5] Singleton, C. et al. (2022, February). X-Force Threat Intelligence Index 2022. IBM Security. https://www.ibm.com/security/data-breach/threat-intelligence/

[6] Anaya, T. (2021, June 30). User authentication: 55% of Canadians reuse passwords across accounts. GetApp. https://www.getapp.ca/blog/2062/user-authentication-reuse-passwords

[7] Canadian Centre for Cyber Security. (2020, April). Don’t take the bait: Recognize and avoid phishing attacks. Government of Canada. https://cyber.gc.ca/en/guidance/dont-take-bait-recognize-and-avoid-phishing-attacks

[8] Neskey, C. (2022, March 02). Are Your Passwords in the Green?. Hive Systems. https://www.hivesystems.io/blog/are-your-passwords-in-the-green

Celebrating National Nursing Week

ORBCoN celebrates National Nursing Week, many thanks to every nurse for your compassion and dedication

See you at CSTM 2022

Hope to see you at the 2022 CSTM Conference and be sure to visit ORBCoN at our booth #114 !
Friendly members of our team will be available at the booth to network and answer any transfusion medicine questions you may have.

Register: CSTM 2022 Annual Conference

Featured Resource: Bug-free Platelets video