The healthcare industry suffered from 277 data breaches in 2015, with 340% more security incidents and attacks than the average industry. The loss or theft of endpoint devices such as smartphones, laptops and tablets, along with human error and malicious insiders, are listed as the top three sources for breached data in healthcare. Facing the upcoming HIPAA audits and increasingly steep penalties, healthcare organizations need to be proactive in rethinking data security.
Healthcare networks, often comprising thousands of providers, contractors, and vendors, face unique challenges in data protection, complicated by the use of cloud storage and mobile devices across the board. The increased use of electronic health records (EHRs) by a highly mobile workforce creates an immense attack surface that must be protected. A report published in JAMA suggested that 80% of healthcare breaches can be tied back to poor data hygiene such as authentication, encryption, or the storage of information on endpoint devices. A new report corroborates this.
— Absolute (@absolutecorp) May 13, 2016
The Mobile Threat Intelligence Report from Skycure indicates that 99% of doctors use mobile devices, with the number of doctors using more than one device increasing to 74% (up from 38% just 2 years ago). While mobile use isn’t troubling in an of itself, it’s the Insider Threat that has reared its head in healthcare. The survey reveals some troubling findings:
- Doctors are using a variety of insecure and unapproved methods to share patient data: 46% of doctors use picture messaging, 33% use WhatsApp, and 65% use SMS / texting.
- 28% of doctors have patient data stored on their mobile device
- 14% of doctors have patient data but not even rudimentary protections such as a passcode
- 27 million Android devices with medical apps installed also potentially have at least one high-risk malware infection
Skycure posits that there is a misunderstanding among medical professionals that mobile devices are not as “at risk” as traditional endpoints, perhaps accounting for the poor security practices shown here. There are several different kinds of insiders, and negligence is only one problem that healthcare organizations need to face when it comes to protecting endpoints and the data they contain.
Mobility is a key part of effective healthcare delivery, but it is increasingly important that healthcare organizations take appropriate steps to protect the PHI on these devices, with proper reports and proof that data is secure and compliant. Absolute DDS for Healthcare helps support the mobility of your healthcare workers while protecting and securing patient information. Our adaptive endpoint security solution provides you with a persistent connection to all of your endpoints and the data they contain. This means you’re always in control, even if a device is off the network or in the hands of an unauthorized user. Learn more here.