BlogMobile Device Management: How to Reduce the Risk of a Healthcare Security Breach

Mobile Device Management: How to Reduce the Risk of a Healthcare Security Breach

October 1, 2015, Financial Management

Healthcare data provides a valuable target for cyber criminals, with names, addresses, social security numbers, usernames and passwords available from electronic health record systems. A recent large breach at UCLA affected 4.5 million patient records, according to Fortune. Security breaches affect organizations large and small, and additional risk is introduced through mobile devices in the healthcare environment. Data breaches put patient and employee data at risk, but it also opens up the threat of HIPAA compliance-related fines. Absolute reports on several fines ranging from $2.5 million to more than $4 million in HIPAA-related fines. Some companies chose to shut down and declare bankruptcy due to the fine amounts levied on the business. Proper mobile device management must be in place to balance the benefits of these devices with the risks to a healthcare company.

Mobile Vulnerabilities

Bring Your Own Device (BYOD) policies reduce IT spending on hardware, and in some cases healthcare, workers choose to use their own devices without a formal BYOD policy in place. Cisco found 88.6 percent of healthcare workers used their smartphones for at least some job duties. A few ways smartphones, tablets and other mobile devices introduce risk include:

Malware infested mobile devices connecting to the healthcare network

Smartphones without anti-theft measures saving patient records to the device

Lack of data encryption runs afoul of HIPAA compliance measures

Risk Reduction Through Managed Mobility Services

Healthcare companies don’t always have sufficient resources on hand for in-house enterprise mobility management. Assistance from managed mobility services familiar with healthcare challenges, particularly in data security compliance, helps cut the possibility of security breaches. Other potential measures for mobile risk reduction include only allowing approved devices on the network, using virtualization software to create a self-contained business space and using data encryption.

Data security in healthcare environments raise significant challenges as cyber criminals attempt to access valuable, and often vulnerable, records. Mobile device management and other proactive measures allow healthcare providers to keep BYOD and mobile devices around for better productivity, while reducing the chances of a HIPAA fine.