Mobile security in healthcare is more important now than it ever has been.
With the proliferation of smartphones, tablets, and the Internet of Things in the workplace, the number of ways an attacker could harvest personal health information has skyrocketed.
In other words, BYOD complicates healthcare cybersecurity.
BYOD is an acronym for “bring your own device.”
It means that healthcare workers may bring their personal devices to work and may use them to perform work-related activities.
One of the most important benefits of BYOD in the healthcare space is convenience. Instead of carrying both a personal device and a device distributed through work, workers can instead only carry a single device.
Workers and healthcare organizations may compromise when it comes to autonomy, though. That’s because the organization may insist that workers who bring their own devices to submit to some level of control.
For example, employers may require employee-owned devices to be a part of a unified endpoint management strategy. Part of that strategy would include secure applications through which employees could access protected health information through email and browsers.
Employers may also require the ability to perform a remote wipe on those devices in the event a device is lost or stolen.
Finally, employers may set employee devices to automatically upload information to cloud platforms. That way, if a device is out of commission, that data is still located in a secure environment.
BYOD benefits employees because of its convenience, but employees must make some concessions when using their own devices for work purposes.
As alluded to earlier, BYOD presents a variety of risks.
First, the device could be misplaced, lost, or stolen. Attackers may look to steal this information to sell on the dark web. Smart healthcare organizations would have the ability to remote wipe that device.
Plus, compromised devices could have weak passwords or encryption, allowing for easier access to sensitive data.
Healthcare workers could also inadvertently download a virus or malware through a mobile app or email attachment. Even if they do without the intention of doing so for work, that mistake could be costly.
In addition to these risks, the location from which someone works could present a security challenge. Something as innocuous as swinging by the coffee shop on the way to work and connecting to an unsecured Wi-Fi network could potentially open a vector through which attackers could pounce.
Healthcare providers and professionals must implement mobile device policies and procedures. They should include actions such as:
BYOD can work in a healthcare organization, but it must be tightly controlled.
Proactive organizations should reach out to a trusted partner to help them draft policies and procedures to make sure their patient data is secure.
