Cybersecurity, Data Breaches, passwords, Healthcare data breaches

Passwords & Endpoint Security 101: Basic Cybersecurity to Prevent Healthcare Data Breaches


As remote work and digital connectivity continue to grow, so do the chances for healthcare data breaches carried out by cybercriminals. According to a report from Kaspersky, a multinational cybersecurity and anti-virus provider, 73% of frontline healthcare workers use equipment that runs the risk of creating security breaches. Almost 30% of survey respondents agreed that patient data was compromised during telehealth sessions in 2021. Goodfirm, recently published another report identifying that weak passwords and poor cyber hygiene are the primary causes of for weakening healthcare cybersecurity,


“While passwords can protect the data to a certain extent, complete security of data and confidential information still rests on how well the passwords are managed. In most cases, password vulnerabilities stem from not following the best password practices suggested by cybersecurity experts.” the report stated.  

According to the study, 52% of people share their passwords with friends, family members, and colleagues. Almost 35% of users still write their passwords on sticky notes or paper. 

Endpoint Security

Although much of the healthcare industry utilizes network security, which involves firewalls and anti-virus software, it is often not sufficient for healthcare cybersecurity since they can be unaccountable for many cyber threats. Endpoint security is also one of the most critical components of healthcare cybersecurity. Endpoints include any end-user device connected to an organization’s IT network. 

  • BYOD, otherwise known as bring-your-own-device, is a relatively new term in the healthcare sector. As a result of COVID, many remote workers were instructed to use their own devices, such as laptops or mobile phones.
  • The Cybersecurity and Infrastructure Security Agency listed sudden shift to remote work and BYOD use as one of the most significant causes of healthcare data breaches since workers did not receive adequate cybersecurity training. 
  • A study published in JMIR Mhealth and Uhealth reiterates and expands upon this notion of BYOD healthcare data beaches. 
  • HHS’s Office of the Assistant Secretary for Preparedness and Response published a guide for explained endpoint security solutions and identified them as valuable tools in protecting health data.
  • Having a Remote Desktop Protocol (RDP) for logins can prevent data breaches and strengthen cybersecurity so a hacker cannot gain access to sensitive data. These protocols allow network administrators to remotely diagnose problems that individual users encounter by giving those administrators remote access to an individual’s physical work desktop computers. The reader may have experienced remote access to their computer when working with technical support from a large vendor. The support desk sends an email, which, when clicked, allows the support staff to see the user’s desktop.
  • Endpoint security protects all connected endpoints. As a result, having both endpoints and network security is the ideal solution to prevent healthcare data breaches.

Endpoint Security Tools to Protect Against Data Breaches with Healthcare Cybersecurity Systems

Endpoint security has three types of tools to prevent healthcare data breaches:

  • Endpoint detection and remediation (EDR) continues to monitor the files even beyond entrance into the network.
  • Endpoint protection platform (EPP) works by looking into files entering the network, much like anti-virus software.
  • Extended detection and response (XDR). All three tools work in unison to strengthen healthcare cybersecurity.

To implement strong healthcare cybersecurity, it is also imperative to educate employees. Topics to be covered by such training include how to initiate a response plan and how to create strong passwords. In addition to strong password implementation, organizations should toggle multi-factor authentication, pinpoint vulnerabilities within the system, and execute a lockout policy so hackers cannot continue to access the network system. If an anonymous VPN is trying to get into a network, it should be addressed promptly.

Suppose an independent practitioner is hoping to improve the security within their systems between a brick-and-mortar office and a home office. In that case, a clinician can implement many of the suggestions above. Learning how to optimize password protection, user authentication, and other systems will improve security given hackers’ currently increased sophistication.

HIPAA Compliant Cybersecurity: Practical Implementation Tips

Must-know information about how to protect your telehealth practice from a ransomware attack. Operate w/ EYES WIDE OPEN.

Disclaimer: offers information as educational material designed to inform you of issues, products, or services potentially of interest. We cannot and do not accept liability for your decisions regarding any information offered. Please conduct your due diligence before taking action. Also, the views and opinions expressed are not intended to malign any organization, company, or individual. Product names, logos, brands, and other trademarks or images are the property of their respective trademark holders. There is no affiliation, sponsorship, or partnership suggested by using these brands unless contained in an ad. We do not and cannot offer legal, ethical, billing technical, medical, or therapeutic advice. Use of this site constitutes your agreement to TBHI Privacy Policy and Terms and Conditions.

Notify of
1 Comment
Oldest Most Voted
Inline Feedbacks
View all comments
Hank Cecil
Hank Cecil
11 months ago

When you are working outside the healthcare facility, e.g., remote work, do not connect to public WiFI and use a VPN approved and installed by IT at the healthcare facility. You should also use a strong password on your router at home. Passwords do not have to be overly complex but they need to be long (12 or more characters). Passwords can be an easy phrase for you to remember (with one word purposely misspelled) but not one that someone else (including your best friend) can guess. Always watch out for social engineering scams via email, text, and phone no matter where you are.

Would love your thoughts, please comment.x