Majority of Hospitals are Unprepared for Mobile Cyberattacks
According to a recent report from Spyglass Consulting Group there is widespread anxiety over the risk of cyberattacks via mobile devices. Mobile devices are susceptible to malware and there are fears that security vulnerabilities in the devices could be exploited by cybercriminals to gain access to healthcare networks and protected healthcare information.
Spyglass conducted interviews with over 100 hospital IT and healthcare professionals over a three-month period from March 2016. The aim of the study was to identify workflow inefficiencies in communications with patients and colleagues, to assess mobile device usage, and identify barriers that are preventing the adoption of mobile communications.
The majority of respondents were concerned about the security risks from mobile devices. 82% of surveyed hospital professionals expressed concern that they are not adequately prepared to deal with mobile cyberattacks.
The biggest risks were believed to come from personally owned mobile devices. These devices are being used by physicians and nurses under BYOD schemes or when secure mobile communication platforms have not been provided by hospitals. Risks are taken including using standard SMS messages to communicate PHI, even though SMS messages are not secure. Mobile devices are allowed to connect to unsecured public Wi-Fi networks, security software is not installed on the devices, and password protection is often poor.
Many healthcare organizations have introduced strict policies covering the use of mobile devices and 38% of organizations have adopted a secure communication platform for mobiles, yet even these additional levels of protection have not been enough to ease concerns about mobile security.
Gregg Malkary, MD of Spyglass Consulting Group, explained that “Despite increased investments in mobile device management solutions and secure text messaging solutions, cybercriminals have become more sophisticated and knowledgeable about the capabilities and vulnerabilities of existing security products, and the strategies and tools used by hospital IT to detect a potential intrusion.” According to the report, 25% of healthcare data breaches involve mobile devices.
Mobile technology has tremendous potential to streamline communications, improve collaboration, and drive down healthcare delivery costs. The Joint Commission recently reported that 70% of treatment delays were due to communication breakdowns. By moving to mobile, many of these communication problems can be eliminated.
However, the report points out that while the benefits of mobile technology are clear, it is essential that healthcare organizations take steps to mitigate cybersecurity risk. According to Malkary, hospitals should develop an overall mobile security strategy and put policies and procedures in place to ensure that staff members comply with mobile usage policies. He also recommended that hospitals work with vendor partners to minimize the risks that the devices introduce and deploy tech solutions to ensure that each endpoint is appropriately secured.