Mobile Devices Used By Doctors Remain a Top Risk
Mobile Devices Used By Doctors Remain a Top Risk

The healthcare industry suffered from 277 data breaches in 2015, with 340% more security incidents and attacks than the average industry. The loss or theft of endpoint devices such as smartphones, laptops and tablets, along with human error and malicious insiders, are listed as the top three sources for breached data in healthcare. Facing the upcoming HIPAA audits and increasingly steep penalties, healthcare organizations need to be proactive in rethinking data security.

Healthcare networks, often comprising thousands of providers, contractors, and vendors, face unique challenges in data protection, complicated by the use of cloud storage and mobile devices across the board. The increased use of electronic health records (EHRs) by a highly mobile workforce creates an immense attack surface that must be protected. A report published in JAMA suggested that 80% of healthcare breaches can be tied back to poor data hygiene such as authentication, encryption, or the storage of information on endpoint devices. A new report corroborates this.

The Mobile Threat Intelligence Report from Skycure indicates that 99% of doctors use mobile devices, with the number of doctors using more than one device increasing to 74% (up from 38% just 2 years ago). While mobile use isn’t troubling in an of itself, it’s the Insider Threat that has reared its head in healthcare. The survey reveals some troubling findings:

  • Doctors are using a variety of insecure and unapproved methods to share patient data: 46% of doctors use picture messaging, 33% use WhatsApp, and 65% use SMS / texting.
  • 28% of doctors have patient data stored on their mobile device
  • 14% of doctors have patient data but not even rudimentary protections such as a passcode
  • 27 million Android devices with medical apps installed also potentially have at least one high-risk malware infection

Skycure posits that there is a misunderstanding among medical professionals that mobile devices are not as “at risk” as traditional endpoints, perhaps accounting for the poor security practices shown here. There are several different kinds of insiders, and negligence is only one problem that healthcare organizations need to face when it comes to protecting endpoints and the data they contain.

Mobility is a key part of effective healthcare delivery, but it is increasingly important that healthcare organizations take appropriate steps to protect the PHI on these devices, with proper reports and proof that data is secure and compliant. Absolute DDS for Healthcare helps support the mobility of your healthcare workers while protecting and securing patient information. Our adaptive endpoint security solution provides you with a persistent connection to all of your endpoints and the data they contain. This means you’re always in control, even if a device is off the network or in the hands of an unauthorized user. Learn more here.

ABOUT THE AUTHOR

Arieanna Schweber

Arieanna Schweber has been a part of the Absolute writing team since 2007. Arieanna was Canada’s first female professional blogger and has been professionally blogging since 2006 and has spoken at leading blogging conferences including BlogHer and Northern Voice. Arieanna has a joint degree in Business and Communications from Simon Fraser University and continues to build communities for Vancouver-based clients.