Healthcare Security? What about it?
Why is healthcare security so outdated, out of practice, and at high risk of attacks. But where and why?
99% of doctors and healthcare providers today have mobile devices. Unlike workplaces that enforce only company or protected and secured devices, healthcare is not one of those industries with a strict BYOD policy (Bring Your Own Device). Used in a variety of situations from answering calls and pages, used in dictation, to consult with others and more, mobile security is attracting more and more attention not because of the security risk that it can pose but also the breadth of it in the sector today.
One in five doctors’ mobile devices are at high risk, especially in most cases, mobile devices are not secured with full device encryption or even a passcode sometimes. As more and more doctors are becoming savvy tech user, there are an increasing number of ways to share patient data or discuss private and protected health information, all too often in ways that are not secure.
Most of the transportation is through picture messaging, messaging apps, or just with user developed medical apps. Especially as healthcare is now becoming one of the most vulnerable and attacked industries, no longer are criminals targeting credit card information and financial statements, because those can be voided and negated, but because of the INFINITE possibilities that are in protected health information: social security, private and sensitive health information etc. One problem is the environment and administration not trying to create policies on mobile phone encryption and security.
Working as a medical scribe, I’ve seen so many situations where the physician or any other provider or healthcare support will just leave a tablet or mobile phone at a workstation or table and walk away to the bathroom or to round around for a few minutes. HOW VULNERABLE. If I was walking by, especially in the busy times of an ER, no one would notice me swipe a phone. With such little protection in place, it would be easy to find remnants of medical information, assuming the provider had used it, which isn’t uncommon. Healthcare organizations increasingly are becoming a popular and lucrative victim, especially as more and more professionals are using mobile devices to download apps and share data, it highlights the POSSIBLE and POTENTIAL risk of exposing sensitive medical records. In fact, as I mentioned before, phones might not even be protected with a passcode! 14% of mobile devices that contain patient data aren’t protected, even a passcode which might be annoying, can turn out to have a detracting effect on possible criminals, not wanting to spend the time to figure out a password.
Additionally, a report found that 27.79 million devices running medical apps might also be infected with a high-risk malware. However, it doesn’t mean that personal mobile devices can’t be brought or used, the real risk isn’t the device itself but the standards, or lack of standards that secure and protect it, especially any sensitive health information. Instead of focusing on the people and their devices, it is important to view the situation in a broad sense, stay aware and up to date, and start protecting.
SECURE YOUR DEVICES!