Healthcare News & Insights

Protect your hospital from security threats caused by mobile devices

Hospitals are taking some big risks when it comes to IT security, particularly when it comes to staffers’ use of mobile devices.

175216093New data from the Ponemon Institute’s annual Privacy & Data Security Report suggest that devices like tablets and smartphones pose dangers to hospitals’ technology infrastructure. But most aren’t doing enough to help matters.

According to the report, which was written based on findings from a survey of healthcare pros, 75% of organizations say employee negligence is their biggest worry when it comes to IT security. In spite of that, though, the vast majority of organizations (88%) allow staffers to bring in and use their personal mobile devices to connect to the hospital’s network or enterprise systems.

And no one is checking that these devices are secure – over half of healthcare organizations aren’t sure whether staffers’ mobile devices have adequate security protections.

How this can cost hospitals

Considering the confidential info providers are accessing with these devices, that statistic is alarming.

In another recent survey, conducted by the Health Information and Management Systems Society (HIMSS) about mobile technology use by clinicians, nearly 70% of respondents said doctors and nurses used these devices to view patient information.

If patients’ protected health information (PHI) is viewed on a non-secure mobile device, hospitals run the risk of data breaches. While most of these breaches happen because of staffer negligence, a growing number of breaches are caused by malicious criminal attacks on vulnerable systems, per the Ponemon Institute report.

The average economic impact of such a breach to a hospital’s bottom line? $2 million.

So these types of BYOD threats should be nipped in the bud right away, before they cause similar financial damage.

Baby steps toward security

Hospitals have made strides with some basic steps to keep their systems secure from threats caused by BYOD. Many respondents to the Ponemon survey are taking precautions such as limiting access from devices to critical systems (56%), requiring users to read and sign acceptable use policies (53%), and limiting or restricting the downloading of PHI (44%).

But fewer organizations are taking critical steps like scanning devices for viruses and malware while they’re connected to hospital systems/networks (36%), requiring anti-virus or anti-malware software to be installed on a device (23%), scanning devices for viruses and malware before they’re connected (22), and scanning for and removing apps that may pose a security threat (14%).

And worst of all – 38% of organizations say they’re doing none of these things.

The best defense

With smartphones, tablets and other mobile healthcare devices poised to play a bigger role in the future of healthcare, hospital IT pros can’t just sit by and allow mobile devices to go unregulated.

So it’s important for hospitals to have clear policies governing the use of BYOD. Policies should address security for these devices. While it may be good in theory to ban clinicians from viewing patient PHI on a personal tablet or smartphone being used for work purposes, it likely isn’t practical.

A better approach would be to allow these devices, but with data encryption technology set up by IT or an outside security vendor.

Regular training on security best practices for clinicians is also essential. Because many data breaches are caused by employee error, staffers should be regularly reminded about the best ways to protect sensitive patient info when working with a portable device. Along with encryption, this is probably your best defense against a breach.

Subscribe Today

Get the latest and greatest healthcare news and insights delivered to your inbox.