How to ensure mobile device security in healthcare

The myth of mobile devices being more secure than desktops has proven to not be the case. To maintain mobile device security in healthcare, IT must do more to remind users how to stay protected.

Personal devices are generally harder for IT to protect and manage due to their inability to impose tools that may interfere with personal content. If a physician who uses their personal device to access patient data loses their phone, this can lead to data security concerns. If an unauthorized user accesses the data, that would be a direct violation of HIPAA.  

Smartphones have become a necessity, however, because they are used for everything, from communication to shopping and accessing work-related content. Mobile users working in healthcare can quickly and conveniently connect to medical records while on call or even during rounds at a hospital or clinic.

How to protect mobile devices

To help ensure mobile device security among healthcare professionals accessing sensitive health data, IT should implement specific security policies around BYOD. No device or platform is bullet-proof; this year, Apple's iOS has seen more than 156 reported vulnerabilities.

IT should implement specific security policies around BYOD.

Vulnerabilities in mobile devices provide hackers and cybercriminals an opportunity to exploit and execute malicious code to gain control of those infected devices. A successful infection on a mobile device can quickly result in several mobile device security issues in healthcare, including the following:

• theft of relevant credentials for EMR and hospital systems;
• encryption of work-related files stored within external storage on the mobile device;
• eavesdropping on private conversations between patients and physicians;
• stealing private information shared via text messages on employee phones; and
• collecting GPS location information.

This reality forces IT to continue to evolve in its fight to protect against data breaches coming from mobile devices. Educating its mobile workforce on several key recommendations to help protect their smartphones is critical:

• Always update mobile devices to the latest and greatest firmware available from the vendor.
• Only install applications from the app stores recommended by the device manufacturer.
• Never jailbreak a mobile device.
• Never sideload apps to avoid paying for them.
• Always install an antivirus tool.
• Always use a passcode to lock the device.

Security awareness and education is not enough for IT to completely stop potential infections and breaches, but it is a start. Multifactor authentication, advanced network threat detection and other technology, such as application containerization, can all assist in ensuring any infected mobile device will have minimal damage to the environment.