Password Policy for
Reach your HITRUST Password Compliance
Human behavior is the weakest layer of cybersecurity for healthcare providers.
Hospitals, medical research organizations, and other healthcare providers struggle to enforce password hygiene. This inevitably opens the door for bad actors to exfiltrate ePHI and install ransomware. HIPAA’s Privacy Rule requires standards for adequate protection. Follow best practices defined by HITRUST and NIST to screen and prevent the use of compromised passwords.
The US Cybersecurity and Infrastructure Security Agency (CISA) and UK’s National Cyber Security Centre (NCSC) have seen large-scale ‘password spraying’ campaigns against healthcare bodies and medical research organizations.