Mobile Device Security Raises Risk for Hospitals

The bring-your-own-device to work trend is deeply entrenched in the healthcare industry, with roughly 89 percent of the nation’s healthcare workers now relying on their personal devices in the workplace. While this statistic—supplied by a 2013 Cisco partner network study—underscores the flexibility of mHealth devices in both improving patient care and increasing workflow efficiency, it also shines a light on a nagging, unrelenting reality: mobile device security remains a problem for hospitals.

A more recent IDG Connect survey concluded the same, as did a Forrester Research survey that was released earlier this month.

It’s not that hospitals are unaware of the issue; indeed, most HIT professionals are scrambling to secure every endpoint through which hospital staff access medical information. The challenge is keeping pace with a seemingly endless barrage of mHealth tools.

As a result:

  • 41 percent of healthcare employees' personal devices are not password protected, and 53 percent of them are accessing unsecured WiFi networks with their smartphones, according to the Cisco partner survey.
  • Unsanctioned device and app use is partly responsible for healthcare being more affected by data leakage monitoring issues than other industries, according the IDG Connect survey.
  • Lost or stolen devices have driven 39 percent of healthcare security incidents since 2005, according to Forrester analyst Chris Sherman, who recently told the Wall Street Journal these incidents account for 78 percent of all reported breached records originating from healthcare.

Further complicating matters is the rise of wireless medical devices, which usher in their own security risks that take precedence over data breaches.

So, where should healthcare CIOs focus their attention? Beyond better educating staff on safe computing practices, they need to know where the hospital’s data lives at all times, and restrict access based on job function. If an employee doesn’t need access, he doesn’t get it. Period.

Adopting stronger encryption practices also is critical. And, of course, they should virtualize desktops and applications to block the local storage of data.

What steps is your healthcare organization taking to shore up mobile device security? Do you have an encryption plan in place?

As a B2B journalist, John Farrell has covered healthcare IT since 1997 and is a sponsored correspondent for Intel Health & Life Sciences.

Read John’s other blog posts