Hospitals are being singled out by cybercriminals who see them as an easy target. Hospitals store highly valuable data in large quantities and all too often hospital cybersecurity defenses are inadequate. However, even when cybersecurity solutions are deployed, security gaps often remain. One of the biggest areas of concern is the use of smartphones.
The use of mobile technology in healthcare is growing and mobile communication is now a major investment priority for U.S hospitals. Mobile devices are popular with healthcare professionals as they help to streamline communication, improve collaboration, and allow PHI to be accessed from any location. To get the most out of healthcare smartphones they must be linked to EHR systems and allow protected health information to be sent and received.
However, healthcare mobile device security controls are often. Furthermore, healthcare professionals are breaching hospital policies by using their devices to communicate PHI via unsecured channels. The devices are also allowed to connect to public Wi-Fi networks, and users often fail to use secure passwords on their devices. Personally owned mobile phones are often used for work purposes yet lack even basic security controls such as anti-virus software. The risk of transmitting a malware infection to a healthcare network is therefore significant.
Healthcare Mobile Device Security A Major Cause for Concern
According to a recent report issued by Spyglass Consulting Group, 82% of healthcare professionals and hospital IT pros are concerned about the security of mobile devices and are worried about cyberattacks via the devices. The main concern is personally owned mobile devices, which are used by many physicians and nurses for work purposes.
According to the report, only 38% of hospitals have invested in a secure mobile platform for communication. Organizations that do not provide a secure messaging platform run a high risk of healthcare workers using unsecured channels – such as standard SMS messages – to communicate PHI.
Personal devices can connect to healthcare networks, yet passwords are not used on the devices. If the phone is lost, an unauthorized individual would potentially be able to gain access to the data stored on the phone and even connect to a healthcare network.
According to the report, the average number of mobile devices deployed by hospitals is 624. IT professionals are concerned about their ability to keep all of those devices secure and ensure that end users do not inadvertently install malware or ransomware on healthcare networks.
Healthcare Organizations Must Mitigate Mobile Device Security Risks
While the use of mobile technology has tremendous potential to streamline communications, cut healthcare delivery costs, and improve patient outcomes, they can also introduce considerable cybersecurity risks.
Hospitals must invest in technology to keep the devices secure. It is also essential for strict policies and procedures on the use of mobile technologies.to be developed and to ensure that PHI is only communicated via secure channels.
Unless appropriate security controls are used and policies and procedures developed to restrict the use of mobile devices, they are a data breach waiting to happen. According to the Spyglass report, 25% of healthcare data breaches involve mobile devices. Given the increasingly sophisticated nature of cyberattacks, if healthcare mobile device security is not improved, smartphones are likely to be used by hackers to gain access to healthcare networks.
Hospitals may be keen to adopt mobile technology, but the benefits must be balanced against the risks that are introduced.