Mobile devices are now strategically essential components in healthcare workflows. For hospital workers, moving quickly is a matter of life and death, and mobile devices deliver research enablement and expedite life-saving patient care. Studies conducted by Google found that 87 percent of healthcare professional regularly use mobile devices and perform an average of six professional searches each day. Sixty eight percent of these searches will occur during a consultation in response to a patient’s request for additional information.[1] To meet the demand for data on-demand, hospitals today must choose to provide mobile devices or allow employees to use their own, and, given the cost savings, BYOD will constitute a large percentage of healthcare mobility.
According to the Ponemon Institute’s “Fourth Annual Benchmark Study on Patient Privacy and Data Security,” 88 percent of healthcare organizations allow employee-owned mobile devices to connect to the hospital network, and more than half take advantage of this policy.[2] However, despite widespread adoption of BYOD policy, the report adds that more than half of organizations doubt their ability to secure these access points.
Couple this lack of confidence with recent high-profile data breaches in the healthcare industry (racking up costly fines for HIPAA violations) and the cyber risk forecast becomes troubling. In 2015, Anthem Inc., the largest U.S. health insurance company, settled litigation over a hack in 2015 that compromised about 79 million people’s PHI (Personal Health Information) totaling $115 million. And, in February 2017, Indiana Medicaid notified patients of a data breach after patient data was left open via a live hyperlink to an IHCP report. As this healthcare data is inherently valuable (as Ponemon Institute states, on average, nearly three times as costly to lose as other enterprise data), hackers will continue to escalate their attempts at stealing it.
In a recent presentation at the HIMSS 2018 Conference, the largest healthcare information technology conference in the nation, speakers Kevin A. McDonald and Axel Wirth gave a presentation titled “The Intersection of Patient Safety and Medical Device Cyber Security” to address this growing concern. The speakers noted that 94 percent of medical institutions have fallen victim to a cyberattack. However, compared to the financial industry which budgets 12 to 15 percent on security, the healthcare industry spends merely four to six percent – startling, considering healthcare data is nearly three times as valuable.[3]
A 2017 Black Book Research survey of 323 healthcare industry decision-makers and found that just 16 percent reported having an enterprise-level cyber security leader. Of those who didn’t, only 11 percent planned to fill that void in 2018. It’s clear healthcare organizations’ misgivings haven’t moved the needle nearly enough towards securing vulnerabilities, especially in terms of mobile endpoints. We just don’t read about device breaches enough for mobile security to rise in priority.
The bottom line: BYOD security must move to the forefront of business strategies. BYOD creates an access point to your network that is difficult to monitor and manage. The robustness of healthcare patient data makes it an attractive target for cyber thieves. But you can fortify your HIT system at the endpoint with a containerized solution like Secure.Systems™ and make it more difficult for cyber criminals to breach your perimeter. For more information on the Secure.Systems™ container from SyncDog, please visit https://secure.systems. More information on SyncDog can be found at www.syncdog.com.
[1] https://www.thinkwithgoogle.com/consumer-insights/the-doctors-digital-path-to-treatment/
[2]https://www.ponemon.org/local/upload/file/ID%20ExpertsPatient%20Privacy%20%26%20Data%20Security%20Report%20FINAL1-1.pdf
[3] http://365.himss.org/sites/himss365/files/365/handouts/550237082/handout-CYB4.pdf