Mobile devices have become an essential productivity tool for physicians who use them to access and share patient data and perform a variety of clinical and documentation tasks. According to a recent report, four out of five practicing physicians use smartphones, computer tablets, various mobile devices and apps everyday.
Mobile devices have become an essential productivity tool for physicians who use them to access and share patient data and perform a variety of clinical and documentation tasks. According to a recent report, four out of five practicing physicians use smartphones, computer tablets, various mobile devices and apps everyday.
While mobile technology has led to better outcomes in patient care, productivity and decision accuracy, there has been little consideration to the risks of connecting unsecured smartphones and tablets to the network.
This is of great concern because healthcare was named the most-attacked sector in 2015, and a recent Ponemon Institute study reports that on average, healthcare organizations are attacked once a month. With mobile devices a prime target for cyber attack, healthcare organizations need to take a second look at their cybersecurity posture.
Increased Use of Mobile Devices Threatens Security
The abundance of patient data collected has placed healthcare organizations on cyber criminals’ radar as this data contains personally identifiable information (PII) that garners a high value on the dark market. According to Ponemon, breaches have cost healthcare an estimated $6.2 billion over the last few years, with the average cost of an attack at $2.2 million.
Data breaches are not only putting patient safety and privacy at risk but also exposes organizations to HIPAA violations. Already this year, the Department of Health and Human Services has announced 10 HIPAA settlements, including six with fines of more than $1.5 million — resulting in more settlements and bigger fines than any of the previous years.
Healthcare IT infrastructure is chronically underinvested and is especially inadequate to handle challenges from the rise of mobile devices, the Internet of Things (IoT) and Big Data. Mobile devices have added additional endpoints to protect and contribute to security challenges by introducing new vulnerabilities in an already vulnerable cybersecurity environment.
IT practitioners, in fact, see mobile devices as the fastest-growing threat for healthcare cybersecurity with mobile malware among the most common types of cyber attack.
Traditional Endpoint Security Not Enough
Healthcare has lagged behind in adopting cybersecurity tools and practices that will protect them at the basic level and mobile devices are yet another worry that must be addressed. In order to protect their patient data and avoid HIPAA fines, healthcare organizations must invest in cybersecurity measures that will keep the entire organization safe, from hospitals to physician offices and urgent care satellites.
Mobile devices are vulnerable and can open the door to attacks such as, social engineering, DDoS, malware, and phishing schemes. Security practices, protocols and technology that address the entire fabric of your healthcare environment are needed, such as:
- Consistent, clearly communicated and enforceable password and multi-factor authentication policies
- Data encryption and encrypted traffic inspection
- Periodic, cyber awareness education for all employees
- Cohesive cyber security platform leveraging multiple technologies across the attack cycle such as advanced sandboxing, gateway-level firewalls, internal segmentation firewalls, and threat intelligence
Our partner, Fortinet, offers a platform that connects multiple technology products optimized for healthcare on tightly woven fabric of security. Contact us to learn more.