Manufacturing and Healthcare Share Struggles with Passwords

CYBER RISK Cybersecurity In-Depth: Feature articles on security strategy, latest trends, and people to know. Manufacturing and Healthcare Share Struggles with Passwords The two key economic sectors struggle with security for a reason: Many insiders view access management as a roadblock, while attackers see it as a way in. Arielle Waldman,Features Writer,Dark Reading March 30, 2026 4 Min Read SOURCE: PRIME STOCK PHOTO VIA ALAMY Two disparate industries, manufacturing and healthcare, share several weaknesses that lead to significant security gaps, especially in password hygiene. To address in the short term will require shifting security culture mindsets. The industries are two of the biggest ransomware targets. Black Kite's "2025 Manufacturing Research Report" found that manufacturing was the No. 1 target for ransomware groups four years in a row.  Both have environments full of legacy technology, can't afford downtime, and yet they use poor password management practices. Experts say plant operators and physicians sharing credentials or using no passwords at all are common risky practices observed across both industries.  In the throes of keeping an assembly line running or administering patient care, strong password hygiene is understandably the last thing on people's minds. Every second counts. But using simple, reused, or comprised passwords makes it easier for attackers to steal credentials, gain access, and cause prolonged disruptions.  Related:Wartime Usage of Compromised IP Cameras Highlight Their Danger 'You're Slowing Me Down' Hygiene consistency is missing from hospitals, reveals Mick Coady, field CTO of Elisity Cybersecurity and former head of cybersecurity for hospitals. He blames a combination of culture and usability. Many medical professionals "choose to be willy nilly," he says. "They don't want to make the effort, and there's also a level of pomposity that goes along with who they are," he tells Dark Reading. "Their excuse will be: 'You're slowing me down.' Really, for a six-letter password?" Physicians should at least be open to chief security officer hygiene recommendations because they are "opening a vector of risks," he urges.  Identity management poses a substantial challenge for manufacturing as well. Operators share tons of IDs to keep production up and running, explains Lisa Caldwell, commercial U.S. manufacturing and automotive industry practice leader at Marsh.   "It's funny, I know situations, even recently, when I was in the plant and someone says: 'Hey, you're logging as me over there. I can't log in.' It's because our mindset is different," Caldwell tells Dark Reading.  Unsurprisingly, operators have a production mindset versus a security mindset, which "creates a big gap", she explains. A plant manager doesn’t get the significance of a hard-to-crack password if the line is running smoothly.  Can Security Mindsets Be Instilled? It's vital to improve password hygiene as systems become increasingly connected. This  can lead to supply chain risks, particularly when it comes to manufacturing processes.  Related:Intermediaries Driving Global Spyware Market Expansion Caldwell has spent her career in manufacturing and observed plenty of changes,  particularly related to operational technology (OT) expanding the attack surface. Manufacturing plants are bringing in more automation and new ways to drive efficiency, increase visibility, and boost performance, she explains. These upgrades are important, but they may also be why manufacturing remains a wildly popular ransomware target.  "When I started in the plant, it was a pretty isolated world," she explains. "Operational technology, which is what I did, was within the four walls of the plant." The use of legacy technology across factory floors and hospital corridors can make it more difficult to implement strong password hygiene because they rely on outdated or end-of-life software that lack modern authentication protocols. But ironically, the reason for the outmoded systems is because those functions are too important to stand down for upgrading.  "Even the plant I started in, which actually still exists today, they have some of the same technology that I put in when I was in the plant," Caldwell reveals. "The reason we have decades old technology is because we strive to get consistency and then really leverage it. We don't like downtime of any kind."  Related:At RSAC, the EU Leads While US Officials Are Sidelined Similar thought processes exist in healthcare – speed and consistency are key. Both factory floors and hospital corridors are full of high-stakes situations where operator and patient safety could be compromised by any lags. Where to Start   Awareness is growing as risks balloon across both industries but instilling security mindsets that work alongside production or healthcare services will take more work. Manufacturers can start by improving monitoring capabilities for suspicious login activity. While more monitoring tools continue to emerge, many manufacturers do not use them, explains Caldwell.  Operators monitor productivity constantly, but visibility lacks if someone accesses something or reroutes something they shouldn't.  "If someone accesses a piece of equipment and they shouldn't, we aren't monitoring it with that mindset, and we don't have the history to say something funny is happening, and shutting it down quickly," she says.  Overexplaining the dangers associated with insufficient password hygiene is one way to shift security mindsets. Ensure that operators and physicians understand they may be opening a risk vector, and asking, 'is this something you want to do?', poses Coady.  "I think physicians have come a long way over the last 10 years but if you were to default back to no password, they would absolutely do it in a minute."  About the Author Arielle Waldman Features Writer, Dark Reading Arielle spent the last decade working as a reporter, transitioning from human interest stories to covering all things cybersecurity related in 2020. Now, as a features writer for Dark Reading, she delves into the security problems enterprises face daily, hoping to provide context and actionable steps. She looks for stories that go past the initial news to understand where the industry is going. She previously lived in Florida where she wrote for the Tampa Bay Times before returning to Boston where her cybersecurity career took off at SearchSecurity. When she's not writing about cybersecurity, she pursues personal projects that include a mystery novel and poetry collection.     Want more Dark Reading stories in your Google search results? ADD US NOW More Insights Industry Reports Frost Radar™: Non-human Identity Solutions 2026 CISO AI Risk Report Cybersecurity Forecast 2026 The ROI of AI in Security ThreatLabz 2025 Ransomware Report Access More Research Webinars Building a Robust SOC in a Post-AI World Retail Security: Protecting Customer Data and Payment Systems Rethinking SSE: When Unified SASE Delivers the Flexibility Enterprises Need Securing Remote and Hybrid Work Forecast: Beyond the VPN AI-Powered Threat Detection: Beyond Traditional Security Models More Webinars You May Also Like CYBER RISK Switching to Offense: US Makes Cyber Strategy Changes by Robert Lemos, Contributing Writer NOV 21, 2025 CYBER RISK Microsoft Exchange 'Under Imminent Threat,' Act Now by Arielle Waldman NOV 12, 2025 CYBERATTACKS & DATA BREACHES DeepSeek Breach Opens Floodgates to Dark Web by Emma Zaballos APR 22, 2025 CYBER RISK Why Data Privacy Isn't the Same as Data Security by Chris Borkenhagen APR 10, 2025 Edge Picks APPLICATION SECURITY AI Agents in Browsers Light on Cybersecurity, Bypass Controls CYBER RISK Browser Extensions Pose Heightened, but Manageable, Security Risks CYBERSECURITY OPERATIONS Video Convos: Agentic AI, Apple, EV Chargers; Cybersecurity Peril Abounds ENDPOINT SECURITY Extension Poisoning Campaign Highlights Gaps in Browser Security Latest Articles in The Edge VULNERABILITIES & THREATS Automotive Cybersecurity Threats Grow in Era of Connected, Autonomous Vehicles MAR 26, 2026 CYBERSECURITY OPERATIONS How Organizations Can Use Mistakes to Level Up Their Security Programs MAR 26, 2026 CYBER RISK Why a 'Near-Miss' Database Is Key to Improving Information Sharing MAR 25, 2026 СLOUD SECURITY CSA Launches CSAI Foundation for AI Security MAR 24, 2026 Read More The Edge