65% Of Healthcare Organizations Admit Mobile Devices Security Threat
By: Jim Stickley and Tina Davis
April 29, 2019
Protecting devices, in particular the mobile type, is a threat to all industries. The healthcare industry is undoubtedly feeling the burn with employee mobile device use. The 2019 Verizon Mobile Security Indext finds healthcare organizations struggling to protect mobile devices, with 65% having no confidence in their ability to protect them. It’s not a problem unique to healthcare. The report finds overall, 83% of businesses believe their organization is at risk from employees using mobile devices. For healthcare, it’s a scary thought considering just how much ePHI (Electronic Protected Health Information) is at risk. More and more businesses rely on BYOD (Bring Your Own Device) to work, or simply allow personal devices to be used outside of the office. When that happens, the IT protections in place at an office go out the window with the ePHI of patients not far behind.
With over 40% of malware-based attacks involving ransomware being successful, healthcare has long been a favorite target for hackers. It’s not just the ePHI they are after; the ransomed data also includes payment card information and other PII (Personally Identifiable Information). Having precious data in the hands of hackers is bad enough, but it poses a particular threat when it’s held for ransom. When crucial healthcare data is inaccessible, the lives of countless patients are at risk. That being the case, hackers expect healthcare agencies to pay ransoms quickly to get that precious data back as soon as possible.
It’s easy to see how employees using their mobile devices increase the vulnerability of that data being held for ransom.
Ransomware attacks aside, the report finds other disturbing data about mobile device-oriented healthcare hacks. Twenty-five percent (25%) of healthcare organizations experienced a breach involving a mobile device, with 80% saying they learned of a hack from third-party alerts. Finding out about a hack from other than the IT department shows the inability to properly secure mobile devices used for work. Although the report finds 53% of user error is a huge problem, only 27% of healthcare organizations use a private mobile network. Perhaps the most disturbing stats involve all industries as a whole. Employees agree that 48% sacrifice security to get work done, compared to 32% last year. Even though connecting to unsecured public Wi-Fi may violate company policy, 81% agree they do it anyway.
It’s important to have a BYOD policy in place at all organizations and that it stresses security. This means requiring security software such as anti-virus to be installed on all personal mobile devices. In addition, using a VPN when not physically in the office should be included and strictly enforced. There is no shortage of unsecure Wi-Fi available for employees to use when out and about. That VPN can keep any ePHI that crosses through the connection safer.
With these numbers showing there are security issues on both sides, placing the blame for healthcare hacks is all encompassing. There’s responsibility with all involved in maintaining secure systems, whether using devices in-office or on the go. Bolstering mobile device security requires a commitment by those in charge. Undeniably, educating staff about navigating mobile devices safely is key, as well as ongoing cybersecurity education for those employees using devices in the office. Creating a culture based on employee cybersecurity education is necessary not only with healthcare, but with all industries going forward.