• Revenue Cycle Management
  • COVID-19
  • Reimbursement
  • Diabetes Awareness Month
  • Risk Management
  • Patient Retention
  • Staffing
  • Medical Economics® 100th Anniversary
  • Coding and documentation
  • Business of Endocrinology
  • Telehealth
  • Physicians Financial News
  • Cybersecurity
  • Cardiovascular Clinical Consult
  • Locum Tenens, brought to you by LocumLife®
  • Weight Management
  • Business of Women's Health
  • Practice Efficiency
  • Finance and Wealth
  • EHRs
  • Remote Patient Monitoring
  • Sponsored Webinars
  • Medical Technology
  • Billing and collections
  • Acute Pain Management
  • Exclusive Content
  • Value-based Care
  • Business of Pediatrics
  • Concierge Medicine 2.0 by Castle Connolly Private Health Partners
  • Practice Growth
  • Concierge Medicine
  • Business of Cardiology
  • Implementing the Topcon Ocular Telehealth Platform
  • Malpractice
  • Influenza
  • Sexual Health
  • Chronic Conditions
  • Technology
  • Legal and Policy
  • Money
  • Opinion
  • Vaccines
  • Practice Management
  • Patient Relations
  • Careers

Work in health care? Your password is 123456


Health care sector employees tend to have very poor passwords, study finds

When it comes to choosing strong passwords, health care sector employees don’t fare well, according to research from NordPass.

Passwords are important for cybersecurity: ©Zetha_Work -

Passwords are important for cybersecurity: ©Zetha_Work -

Cybersecurity experts urge businesses to take care of corporate accounts with strong passwords, but simple passwords like “12345” still rank high in health care settings.

Here are the 10 most-used passwords in health care:

1. 123456

2. password

3. part of a company’s name

4. 12345

5. aaron431

6. part of the company’s name2012

7. Part of the company’s name


9. company name2014

10. linkedin

“On one hand, it is a paradox that the wealthiest companies on the planet with financial resources to invest in cybersecurity fall into the poor password trap,” said Jonas Karklys, CEO of NordPass in a statement. “On the other hand, it is only natural because internet users have deep-rooted unhealthy password habits.

According to the study, “password” and “123456,” which shared the top two spots in last year’s list of the world’s most common passwords, are also popular among the largest companies’ employees. Across all 20 analyzed industries, both of these passwords were found to be among the seven most commonly used passwords.

Corporate health care employees often picked “Med” for their passwords. Other industries were also creative. The password “dummies” ranks 6th among consumer goods sector employees, “sexy4sho” – 16th among real estate employees, and “snowman” – 11th in the energy field.

Just like with regular internet users, dictionary words, names of people and countries, and simple combinations of numbers, letters, and symbols make up most passwords presented in the research.

The world’s wealthiest companies’ employees love passwords that directly reference or hint at the name of a specific company. The full company name, the company’s email domain, part of the company’s name, an abbreviation of the company name, and the company product or subsidiary name are common sources of inspiration. These passwords make up half of the health care sector’s list, according to the report.

“These types of passwords are both poor and dangerous to use. When breaking into company accounts, hackers try all the password combinations referencing a company because they are aware of how common they are. Employees often avoid creating complicated passwords, especially for shared accounts. Therefore, they end up choosing something as basic as the company’s name,” said Karklys.

Karklys said that by implementing a few cybersecurity measures, businesses could avoid many cybersecurity incidents. Here are tips for creating a strong password.

  1. Ensure company passwords are strong. They should consist of random combinations of at least 20 upper- and lower-case letters, numbers, and special characters.
  2. Enable multi-factor authentication or single sign-on. While the MFA set up on another device, connected with email or SMS codes guarantees an additional layer of security, single sign-on functionality helps reduce the number of passwords people have to manage.
  3. Critically evaluate whom to grant account credentials. Access privileges should be removed from people leaving the company and passed on only to those who are in need of certain access.
  4. Deploy a password manager. With a business solution, companies can safely store all their passwords in one place, share them within the organization, ensure their strength, and effectively manage access privileges.
Related Videos
Kyle Zebley headshot
Kyle Zebley headshot
Kyle Zebley headshot
Michael J. Barry, MD
Hadi Chaudhry, President and CEO, CareCloud
Claire Ernst, JD, gives expert advice
Arien Malec