More information on our mandatory password change

IT & Epic

Due to a substantial increase in phishing attempts against Ballad Health’s email system, all Ballad Health employees will be required to change their network password. Team members will receive a prompt on their device to change their password between today and April 30.

The forced password change will affect about 2,000 team members per day through the end of the month.

This password change is different from the routine password changes that are scheduled every six months. If you are also due for a maintenance password change, it is recommended that you complete your routine password change in addition to this special one.

A guide to creating a strong password

1. First and foremost, your Ballad Health password should NOT be the same as passwords you use for your personal accounts. Starting this week, it is Ballad Health policy to have unique and securely protected passwords that are different from the passwords you use for your personal accounts.

Sharing passwords between your work and personal accounts widens the opportunity for hackers to access your Ballad Health account. This would put patient safety and confidentiality at risk.

While Ballad Health will not require team members to disclose personal passwords, an investigation will be launched for any team members who experiences a breach of their account. If it is determined that the breach resulted from passwords that are the same as (or similar to) your personal accounts, that would be a serious violation of Ballad Health policy and would result in disciplinary action up to and including termination.

2. To create a strong password, it’s important to remember that a longer password is a more secure password. Currently, passwords must be at least eight characters long, but it is recommended that passwords be at least 10-16 characters long.

3. A combination of uppercase and lowercase letters, numbers and special characters (e.g. !, #, $, &, @, etc.) will further strengthen your password and make it harder for hackers to access your account. 


It’s important to be vigilant and report suspicious emails. Phishing attempts can be very obvious, but they can also look like an email from a coworker, manager or executive. If you are ever unsure, it’s always best to be cautious and report any suspicious-looking emails to IT using the “Phish Alert” button at the top of the email.

NEVER open a link included in an email from a sender you do not recognize, and ALWAYS check to make sure you’re entering your login information on a secure site.

Learn more about phishing here.