Remote Patient Care: How Secure is Your Mobile Data?
We hear a lot about cybersecurity breaches in the news, but we’re not always told the cause. The business or organization involved is rarely forthcoming with insight about breach scope and exposure. Companies only share details when the have to—when a customer or patient needs to be notified of payment card or protected health information exposure. We don’t learn the cause, source or nature of the attack, and we can’t always know if the breach occurred at the network level or at the delivery edge of the business on mobile devices. A lot of attention is focused on network access security; it can be easy to overlook the vulnerability of data at the edge.
And healthcare can’t afford to overlook it because the problem is growing.
In Verizon’s Mobile Security Index 2019 report, more than 600 US professionals responsible for the procurement, management and security of mobile devices enabled with Wi-Fi or cellular connectivity (tablets, laptops, phones, etc.) were surveyed. The research found that a quarter (25 percent) of the healthcare companies assessed in the study had experienced a security breach involving a mobile device in the previous twelve months. When closely evaluated for source and scope, two significant vulnerabilities are introduced into the picture just from the use of mobile devices by employees. The two biggest causes of mobile-related compromises affecting healthcare providers were personal use (53 percent) and user error/mistake (53 percent).
At first glance, it might be easy to assume that mobile security is nothing to worry about since patient-sensitive data isn’t stored on mobile devices; however, mobile devices are increasingly being used to remotely access core healthcare systems and sensitive information, paving the way for cybercriminals who are looking for an access point to get to clinical records, employee information and other intellectual property.
Beyond the inherent cybersecurity risks, there are other factors that should be considered. Of the healthcare organizations who experienced compromise via a mobile device, 67 percent had other devices compromised, 60 percent experienced down time, 60 percent lost data as a result of the breach and 40 percent of them experienced all of the above. Almost a third (30 percent) of healthcare providers that experienced mobile-related compromise said that cloud-based systems had been affected as part of the incident, again underscoring the foothold that can be established through vulnerable and unsecured mobile access points.
Why is this a particular challenge for healthcare? The survey revealed that 85 percent of healthcare providers were confident that their defenses were effective and that they would be able to spot a compromised device quickly (83 percent). Unfortunately, this isn’t supported by the data. Not only did 25 percent of healthcare providers suffer a compromise, but a surprising two-thirds (62 percent) were notified by a third-party (patient, partner or law enforcement). They were not able to spot a compromised device—in fact, they had no means to do so.
Healthcare organizations are leaving those devices unsecured to a degree they would likely never tolerate when it comes to their IT systems. There is a lack of confidence on the part of those IT teams when it comes to securing their mobile assets. They just don’t have the measures in place to identify and address mobile security—only 27 percent were using a private mobile network and just 22 percent had unified endpoint management solutions (UEM) in place.
Healthcare is one of a handful of industries, like financial services, that is too highly regulated to leave mobile devices exposed. More than 80 percent of survey respondents considered the “threat of regulatory penalties” to be a “a major driver of increased security spending over the past year.” If they don’t include measurable strides toward securing their mobile devices, they will be leaving an increasingly wider access doo open to breach and compromise. The proliferation of mobile devices and the demand for remote, real-time access will only make this problem worse. And there are technologies and solutions within reach to shore up the problem.
For a closer look at the mobile breach landscape, download a copy of the Mobile Security Index 2019.
About the Author:
Torrey Cardinalli, Managing Partner, Enterprise Mobile Security, Verizon Wireless Business Group