LastPass Security Breach

A bit of egg on my face.

Well, this is a little embarrassing...

Last week one of our promoted products, password manager LastPass, announced they had suffered a breach through a third-party cloud storage solution. They disclosed an unknown actor gained access to certain customer information, but they didn't elaborate. They did emphasize that no customer passwords were exposed since those are all stored using high levels of encryption that even they don't have access to.

Yes, anytime a password manager gets hacked, even one we recommend, it's concerning and a bit embarrassing. Password managers, after all, are the equivalent of digital banks, the holders of the keys to the castle. However, with properly developed code and architecture, today's high-grade password management products are highly unlikely to experience a breach that exposes your critical passwords.

Does the risk justify the benefits? In our humble opinion, absolutely. The ability to use random, 16 to 24-character passwords throughout your internet activity makes the likelihood of your password being hacked directly virtually non-existent. Similar to an unlocked door, a thief will move on to the next user on their list. Sadly, complex passwords don't make you bulletproof. The site you're accessing or your computer can get hacked, so you still have risks. But virtually eliminating a weak password from your list of vulnerabilities is one of the best things you can do to enhance your cybersecurity, and a password manager makes that an almost effortless endeavor.

With cybercrime on the rise and our increasing dependence on the internet for everything from our food and our transportation to our healthcare, it's more critical than ever that we do all we can to protect ourselves.

This holiday season, stay vigilant. Don't open email attachments, and don't click on links in emails unless you're sure the sender is who they claim to be. Better still, go to the website directly.

Safe shopping, everyone.

Jeff Mongelli

HIPAA Security Reminders

 

HIPAA Security Suite has developed a weekly HIPAA Security Reminder series that’s FREE for all of us who are responsible for, or engaged in, the use and protection of PHI.

Pursuant to Section 164.308(a)(5) of the HIPAA Security Rule, the Standard states: Implement a security awareness and training program for all members of its workforce (including management).

This standard is part of our Best Practices Recommendations for HIPAA Security Suite users, but it’s available for FREE to anyone who wants to comply with HIPAA using the easiest, best tools available.

Sign Up