Hospital Mobile Device Security – Not Ready for Prime Time

October 13, 2016

October 13, 2016

By Ernest Worthman

Executive Editor
AGL Small Cell Magazine

With the expected proliferation of telemedicine, the medical community is raising the red flag on mobile device security. In a recent survey, a whopping 82 percent of hospitals surveyed say it is a “grave (no pun intended) concern” for them in the evolving cyber-threat landscape.

And it isn’t just patients’ wireless use. Personally-owned mobile devices used by hospital staff, including nurses and physicians were a large security worry.

The problem is password protection. Most personal mobile devices have inadequate password protection and most lack the right security levels for messaging and when being used on public Wi-Fi and cellular networks.

Personal medical data contains a plethora of information for cyber thieves. Not just medical data, but financial, personal and professional data, as well. This is a virtual goldmine for cyber criminals and they are figuring this out very quickly.

Some fixes for this vulnerability have begun to be introduced. For example, one approach is what is called “containerization.” This is a process where personal apps on a device are separated from corporate ones through a mobile device management system. This allows the enterprise to have complete control of the business apps, but no access to personal apps and vice-versa.

But it has some issues. One of which is that, generally, users don’t like having to switch between the container and main user screens. Another is that this adds overhead costs to the hospital administration staff and some users try to circumvent the system because of its bulkiness.

The healthcare ecosystem is one of the more difficult to manage from a security perspective because of its ubiquity. And the problem is not so much with the hospitals themselves as with the BYOD (bring your own device) environment of the cross-connected staff and patients. It is much easier to let the users have their own devices than try to manage enterprise devices across multiple locations, which is typical in the hospital ecosystem. How this is all going to shake out is still a bit of a mystery.