Clearwater Compliance’s newest CyberIntelligence Insight Bulletin concludes that the top three cybersecurity risks for the health care industry, which accounts for 36.8% of reported critical risk incidents include: 1) user authentication deficiencies, including storing passwords in obvious places where others can find them such as on the computer monitor or under the keyboard, using generic user IDs and passwords that can be compromised and emailing user credentials unencrypted; 2) endpoint leakage; and 3) excessive user permissions.

According to the Bulletin, “certain media types are frequently associated with User Authentication Deficiencies and warrant attention by healthcare executives.” Simple cybersecurity measures are recommended in the Bulletin to mitigate these risks, including password strength requirements, single sign on and locking accounts after too many failed logins. These are basic cybersecurity measures that apparently many health care organizations are not effectively implementing, which is causing serious incidents.