From “123456” to “neuro” – common credentials could be putting lives and data at risk

Hospitals and clinics are entrusted with our most sensitive data – from diagnoses and prescriptions to personal identity information. But a new study from NordPass, in collaboration with NordStellar, reveals that weak password practices are dangerously common in the healthcare industry.

The analysis uncovered that medical institutions, from private clinics to hospital networks, continue to rely on predictable, recycled, or default passwords to protect critical systems – leaving them highly vulnerable to data breaches.

“When the systems protecting patient data are guarded by passwords like ‘123456’ or ‘P@ssw0rd,’ that’s a critical failure in cybersecurity hygiene. In a sector where both privacy and uptime are vital, this kind of carelessness can have real consequences,” says Karolis Arbaciauskas, head of business product at NordPass.

Top 20 not-so-secret passwords in healthcare

Here are the most frequently used passwords identified in the healthcare sector – exposing a concerning pattern of weak and easily guessed credentials:

1. fabrizio19

2. 123456

3. Melu3@12345

4. @Vow2017

5. Mercury9.Venus8

6. password

7. Marty1508!

8. Carlton@1988

9. 12345678

10. @Vowcomm2018

11. papa

12. 12345

13. Durson@123

14. P@ssw0rd

15. Simetrica

16. Raffin2209!

17. Asspain28#

18. Smith

19. neuro

20. default

These passwords often reflect personal names, simple number patterns, or default configurations – all of which are prime targets for brute-force or dictionary attacks.

Why this matters for healthcare providers

According to the report, many healthcare institutions lack clear password management policies or staff training. Weak passwords put not only patient data at risk but also impact operational continuity – a breach could take down appointment systems, medical equipment interfaces, or billing tools.

NordPass recommends healthcare organizations take the following steps immediately:

• Enforce strong password policies and eliminate the use of default or role-specific passwords.
  

• Use a business-grade password manager to ensure staff generate and store secure, unique credentials.
  

• Educate medical and administrative staff on cybersecurity basics — especially in fast-paced environments.
  

• Implement multi-factor authentication (MFA) wherever possible to add a vital layer of protection.

“Healthcare professionals are under immense pressure – cybersecurity shouldn’t be another burden. The right tools and policies make good security automatic,” adds Arbaciauskas.

ABOUT PRODUCT

NordPass is a password manager for both business and consumer clients. It’s powered by the latest technology for the utmost security. Developed with affordability, simplicity, and ease of use in mind, NordPass allows users to access passwords securely on desktop, mobile, and browsers. All passwords are encrypted on the device, so only the user can access them. NordPass was created by the experts behind NordVPN — the advanced security and privacy app. For more information: nordpass.com.