Mobile communications technology has come a long way in the past 35 years, and as technology continues to advance, it has been predicted that standard text messages will soon be replaced with a secure SMS messaging service, as consumers take greater care to protect the information they send on their portable devices.
The first mobile phone to be released – the Motorola DynaTAC 8000x – didn’t offer any form of text message; that took another 15 years to develop. The first mobile cellphone also only offered users a paltry 30 minutes of talk time between charges. The phone may have been mobile, but weighing in at a hefty 2 pounds, it was far from portable.
Now, mobile phones weigh just a few grams, and batteries last a day or two between charges. However, while hardware and software has advanced, text messages have remained largely unchanged for more than 20 years. Until fairly recently that is.
Mobile Phone Text Messages are Anything but Secure
It is possible to listen in on phone calls, and it is also possible for text messages to be intercepted. That may be of little consequence for most users – it doesn’t matter if a hacker knows you are going to pick up an extra quart of milk that your partner requested – but, in a healthcare setting, it is a different matter entirely.
Communicating confidential information via an insecure channel such as SMS, could potentially violate patient privacy and would definitely violate HIPAA Rules, and HIPAA violations carry substantial financial penalties. The exposure of PHI could see a fine issued by the Department of Health and Human Services’ Office for Civil Rights of up to $1.5 million per violation; multiplied by the number of years that the violation has been allowed to exist.
Fortunately, there are ways of making text messages secure, which even allows PHI to be sent without the risk of the message being intercepted. A secure SMS messaging service can be use to transmit PHI without violating HIPAA Rules.
Why Are Text Messages Insecure?
The problem with SMS messages is they are based on a system that was developed more than two decades ago; just a few years after Tim Berners-Lee invented the World Wide Web. With the pace of technology today, the system used to send SMS messages is now somewhat archaic.
SMS messages are typed on a device, then sent through the mobile phone carrier’s network. The message first goes to a short message service center (SMSC), which stores and forwards the message on to SMSC recipients. The message is delivered, or is queued if it is not possible to reach the recipient.
A single text message is likely to be stored on multiple servers on different cell phone networks. Those messages can remain on those servers for a considerable amount of time. Anyone with access to those servers – technicians, IT staff, and in some cases, hackers – could all too easily read the messages.
Since the messages remain on the sender’s and receiver’s phone, they could also easily be viewed by unauthorized individuals, and if a phone is stolen, multiple text messages could be read by the thief. The messages could be forwarded on, released to the general public, or the data used to commit identity fraud.
Insecure Text Messages can be Intercepted and Infected with Malware
Furthermore, hackers can capture data packets and infect devices and messages with malware. While the risk of that happening used to be very small, today it is a different matter entirely. Healthcare providers are being targeted for the data they hold as it is highly valuable. A single set of health data, along with personal information, can be used by thieves to obtain credit and commit fraud, and tens of thousands of dollars can be fraudulently obtained.
A healthcare computer network may be a bigger prize as it holds much more data, but hacking phones can also provide huge rewards.
Consumers, patients and healthcare professionals are now much more aware of the vulnerabilities that exist when sending electronic information. Since most people have now had their data compromised in at least one security incident, they are now being much more cautious about communicating electronically. Many have already chosen to replace the old SMS messages with a secure SMS messaging service.
Secure SMS Messaging Service to Replace Standard SMS Texts
The use of text messages has grown at an extraordinary rate. Today, over 6.5 trillion SMS messages are sent each year. It is now one of the most used, and best loved, methods of electronic communication. Fortunately, companies such as TigerText now provide a secure SMS messaging service which ensures messages cannot be intercepted. Controls also exist to ensure only the intended recipient gets to see a message. For healthcare professionals, this also means text messages can be used to communicate PHI without causing a HIPAA violation.
A secure SMS messaging service ensures data are encrypted and are stored secure servers where information cannot be accessed by unauthorized individuals. Without a security code, the data sent in messages – in the message itself or in attachments – cannot be viewed. If a device is lost or stolen, the data will remain secure. Messages can also be automatically deleted after a set period of time.
According to Marc Ladin, TigerText Chief Marketing Officer, “it’s no longer a question of why secure texting will replace SMS, but rather when.” With the threat from hackers now at an unprecedented level, that is likely to happen sooner rather than later.