Mobile Security Challenges in Healthcare (And Really Any Industry)
Blue Cedar | Oct 12, 2016
There’s yet another survey out there that talks about the challenges with mobility in healthcare (in reality, these challenges apply to any industry). With the rise of mobile adoption, the threat vector from mobile devices continues to be top-of-mind. While mobile technology has allowed users to increase productivity, reduce workflows, and become more efficient, the way devices are connected places an organization’s infrastructure at high risk for cyberattacks.
A Spyglass survey examined how devices were connected within hospitals. While these devices enabled better clinical communication, results showed that hospitals were at risk for attacks including malware (software that is intended to damage a device); blastware (destroys systems); and ransomware (malicious software that blocks system access until a sum of money is paid).
Mobile Security is an Issue in Any Industry
The fact is, any industry or enterprise is at risk for these cyber-attacks when the security approach remains device-centric. Spyglass’ Managing Director and Founder, Gregg Malkary, said “every time you integrate systems, there are points where the data is in the clear, and where it is vulnerable.” Our interpretation of this is, if you treat the app as the end point and encrypt the data while within the app, there is no point when the data is in the clear as it moves back and forth from the enterprise.
Malkary also states that “personally owned devices commonly contained inadequate password protection.” While this statement is true at the device level, with an app-centric approach, you can enforce your own level of adequate PIN / password / bio-metric protection for your app, even if the device PIN isn’t strong. With this approach, even if your device is stolen or lost, your data is still protected.
Are Your Devices Protected with Security Software?
The survey also showed that these devices were not satisfactorily protected with security software. This point is irrelevant if you’re protecting the app. An app-centric approach protects you even if the device (and network) are known to be compromised.
In addition, Malkary mentions that clinical team members relied on unsecured SMS messaging to communicate sensitive information, such as patient data. With the app-centric approach, you can ensure that sensitive information can’t be copied and pasted into vulnerable apps like SMS or e-mail. Word of advice – use a secure browser. This fosters good behavior by empowering users to leverage existing web portals as collaboration platform for coordinating patient care among team members.
Why Mobile is a Powerful Change Agent
Overall, mobile is a powerful change agent, and can be harnessed for immeasurable good. We need to switch gears from a device-centric approach to an app-approach in order to alleviate vulnerability to cyberattacks. The app-centric approach allows organizations to tap into the benefits without exposing themselves to the risks and allows users to freely use their devices without exposing both the hospital and patients to harm.