Why Mobile Devices in Healthcare need to be Regulated
IT has Transformed Healthcare Delivery.
As our healthcare system becomes heavily dependent on technology, security concerns regarding patient data have also surfaced. The sheer volume of valuable data and insufficient security measures are the major reason behind the growing cybersecurity breaches specifically in the healthcare industry. Hearing about security breaches in the news is very common, but rarely do we get to know about the cause. Unless obligated by the law or circumstances, the involved organizations do not share the details. As a result, the targeted vulnerability and nature of the attack usually go unaccounted for. Although a security breach can occur at the network level as well as the end user devices, the security policies are mostly focused on the network while dangerously ignoring the vulnerability of the data on the edge.
The implications of a cybersecurity breach in a healthcare infrastructure could be grave, potentially life threatening. To avoid that, the approach towards cybersecurity, specially in the healthcare department, should rather be a holistic one. That’s the only way that organizations can protect their patients, gain their trust and avoid crippled healthcare systems.
Common Reasons for Neglecting Cybersecurity for Mobile Devices
Typical security threats associated with desktops and laptops are common knowledge, but people are less aware of the vulnerabilities associated with their mobile devices. As a result, a lax in cybersecurity implementation at the end points is prevalent. Statistics from Verizon’s Mobile Security Index 2019 indicate that about 25% of the healthcare providers have been a victim of some sort of security breach associated with employees’ mobile devices in the past year. The reasons range from user error to using mobile devices for personal reasons at work.
Another common misconception is that the mobile devices are not a threat because the patient data is not ‘stored’ on these devices. Therefore, it is the data centers and the network that must be secured. However, mobile devices can provide a very easy remote access point to cybercriminals who can then easily attack the core healthcare system and gain access to patient data and employee information.
The Cost of Unsecured Mobile Devices
The consequences of unsecured mobile access points are often undermined. According to the stats from the report mentioned above, most of the companies that endured a cybersecurity breach had to face multiple issues like data loss, compromised devices and downtime. About 30% of those affected had experienced an impact on their cloud-based systems as well. This reiterates the fact that a vulnerable mobile device has the potential to give attackers a strong foothold into the core system.
Over-estimating the Effectiveness of Security Policies
What’s even more concerning is the fact that 85% of the surveyed healthcare companies believed that their cybersecurity policies were foolproof, and they had the means to pinpoint the compromised device should a breach occur. However, data suggests otherwise. Out of the 25% providers that endured a breach, about 62% didn’t even realize that they had been compromised until informed by a third entity. The fact is: most of the providers do not have the means to find out the exact mobile access point that gave way to the attackers.
Companies are not as effectively implementing secure mobility practices and policies as they will do with their core IT systems. IT teams have been negligent about protecting the mobile devices. It’s even more concerning that 73% of the mobile users in healthcare organizations use public mobile networks and only 22% had implemented UEM solutions.
Leaving No Access Point is Important
Healthcare is one of the industries that have greatly benefited from the mobility programs. It has enabled easy access and better care delivery. Mobile devices are becoming an integral part of the healthcare industry; however, the mobile devices basically designed for commercial purposes are inherently unable to protect sensitive data such as clinical records and patients’ payment and credit card information. Undoubtedly, healthcare is also one of those industries that stand to suffer the greatest in the event of a security attack. 80% of the surveyed organizations believe that they were more inclined to spend over security to avoid the regulatory penalties.
Whatever the driving force may be, it is imperative that no access point is left unattended in a healthcare organization. The threats are bound to increase with the pervasive mobility programs. But there are viable solutions and latest technologies to tackle those threats. It’s high time our healthcare industry starts actively investing in those.