Enhancing the Security of Mobile Healthcare
The threat scenario in today’s healthcare market is enough to make a security executive feel sick. Hospitals, clinics, practices and other facilities are facing a growing number of vulnerabilities as they try to maintain a high level of services to patients and their families.
Cybersecurity in the connected device era
Four-fifths of executives at U.S. healthcare providers and payers say their IT infrastructure has been compromised by cyberattacks, according to a 2015 survey of 223 healthcare executives conducted by Forbes Insights for consulting firm KPMG.
At the core of the rising risk to healthcare organizations is the richness and uniqueness of the information that health plans, doctors, hospitals and other providers handle, the report says. Apart from typical financial fraud, it says, there’s also the possibility of medical insurance fraud or attacks on computer-controlled medical devices.
Indeed, one of the biggest security challenges in the sector is that a huge and growing number of connected devices are carrying patient information and other sensitive data. This includes not only smartphones, tablets and laptops, but health monitors that can be potential sources of a security breach. And the connected device scenario adds to an already complex technology environment in the industry.
"The rapid digitization of the healthcare industry, when combined with the value of the data at hand, has led to a massive increase in the number of targeted attacks against the sector," says Carl Leonard, Raytheon/Websense principal security analyst.
"While the finance and retail sectors have long honed their cyber defenses, our research illustrates that healthcare organizations must quickly advance their security posture to meet the challenges inherent in the digital economy — before it becomes the primary source of stolen personal information."
The most vulnerable industry
The Raytheon/Websense Security Labs 2015 Healthcare Drill-Down Report, released in September 2015, shows that healthcare is highly targeted and increasingly vulnerable, “as the next wave of connected devices hits.”
Among the top findings of the Raytheon/Websense report are that the healthcare industry sees 340% more security incidents and attacks than the average industry and, as a result is more likely to be impacted by data theft.
Medical information is 10 times more valuable on the black market, the study notes, making healthcare a major target for cyber criminals. And the proliferation of electronic health records “creates a data-heavy environment, while networks comprising thousands of providers present an enormous attack surface,” the report says.
One in every 600 attacks in the healthcare sector involve advanced malware, according to the study.
Smart mobile security
Mobile security technologies on the market such as enterprise mobility management and mobile device management systems can certainly help, especially if they don’t interfere with workflow and the experiences of end users.
According to a report by Forrester Research, “Top 11 Trends S&R Pros Should Watch: 2015” (July 2015), “as you refine your mobile security strategy, incorporate content creation and collaboration and secure network gateway product road maps into your decision-making process. What matters to your employees isn’t the security of the solution but the improvements that can be made in efficiency, user experience and workflow. Look for mobile security and content enablement vendors that deliver on these employee requirements while simultaneously adding security value to the mix.”
Examining security weaknesses
Healthcare companies can take other steps toward building a robust mobile security strategy, including conducting a comprehensive security assessment of their environment.
Given the rapidly increasing number of mobile devices and medical equipment, one of the top priorities should be taking account of these devices and their security status as accurately as possible, so that nothing is slipping through the cracks.
Health organizations should make ample use of data encryption tools, which can protect data even if devices fall into the wrong hands. Given the amount of patient information (or protected health information), and other sensitive data stored on mobile devices and the high risk of data leakage, encryption should never be an afterthought.
This becomes all the more important as more organizations deploy electronic health records and launch Bring-Your-Own-Device (BYOD) programs that bring even more devices into the workplace. Encryption should be applied to data that’s stored locally on devices and when it’s sent from one device to another.
And while technology is a vital part of the security strategy, healthcare organizations must not forget about the importance of having strong security and privacy policies in place.
There’s more than creating written policies and procedures that take into account the emerging mobile technologies. Companies also need to train medical and administrative staff, as well as management in the proper and secure use of connected devices and other technologies that they are using on an everyday basis.
Find answers to your pressing security questions and discover background information that will help you make a well-informed decision. Get in touch with Insight at 1.800.INSIGHT.