Mobility programs offer huge benefits to patients and staff alike, but these new tools come with their own specific set of vulnerabilities and threat vectors. Providers planning to evolve their mobile strategies must prioritize security to ensure patient safety and overall privacy.
Part of a strong security plan is understanding the risks facing healthcare organizations. Malware poses a particular challenge for providers due to the sensitivity of clinical data. Ransomware, which holds files hostage unless victims pay a fee, is a growing threat that requires a multipronged defense strategy, including a strong backup and recovery process and user education.
Threats don’t always come from malicious external sources, though. Employees can fall for phishing scams or introduce risks by using unauthorized devices or processes. Three-quarters of respondents to the 2017 HIMSS Cybersecurity Survey say they have some type of insider threat management program in place at their organization. What’s more, improperly configured networks and applications that aren’t maintained leave organizations vulnerable to attack. That’s why organizations must remain on alert.
According to HIMSS, 85 percent of healthcare leaders say they conduct risk assessments at least annually, and 75 percent conduct regular penetration testing. Other security strategies healthcare organizations should consider include data encryption, access control, device authentication, network segmentation, patch management, malware detection and remote device management.
Best Practices, Secure Platforms Shore Up Mobility
So, what makes mobile devices so vulnerable? One aspect is simply that, while users are generally aware of phishing or other typical threats that threaten desktops and laptops, the threats that impact devices like smartphones and tablets are less well known.
“Many users don’t think that their phones are as vulnerable as their laptops and PCs, which, in turn, lowers their guard when determining if, for example, an email is legitimate or not,” Anthony Giandomenico, senior security strategist and researcher for Fortinet, tells HealthTech.
To combat this gap in knowledge, he recommends that healthcare systems incorporate mobile attacks into user-awareness training programs to grow consciousness around mobile threats and what they look like.
Moreover, he encourages healthcare organizations to encourage users to employ basic cyber hygiene when using mobile devices. He suggests that leadership and IT teams encourage users to regularly check and install updates, install malware protection on mobile devices and only connect to trusted Wi-Fi networks.
Moreover, healthcare organizations can adopt secure messaging services, making it mandatory to use a secure platform to exchange all patient information. For example, Mary Washington Healthcare has transitioned more than 1,000 clinicians to TigerConnect, a secure text messaging platform designed specifically for healthcare professionals, and as a result, has managed to streamline clinician communication, improving care for patients.
“These secure messaging options give providers near-real-time responses to critical questions and allow clinicians to make changes in care quickly, versus in the past when such communication might take three or four hours,” Jonathan Christensen, director of research analysis at KLAS Research, tells HealthTech.