October 13, 2016
With the expected proliferation of telemedicine, the medical community is raising the red flag on mobile device security. In a recent survey, a whopping 82 percent of hospitals surveyed say it is a “grave (no pun intended) concern” for them in the evolving cyber-threat landscape.
And it isn’t just patients’ wireless use. Personally-owned mobile devices used by hospital staff, including nurses and physicians were a large security worry.
The problem is password protection. Most personal mobile devices have inadequate password protection and most lack the right security levels for messaging and when being used on public Wi-Fi and cellular networks.
Personal medical data contains a plethora of information for cyber thieves. Not just medical data, but financial, personal and professional data, as well. This is a virtual goldmine for cyber criminals and they are figuring this out very quickly.
Some fixes for this vulnerability have begun to be introduced. For example, one approach is what is called “containerization.” This is a process where personal apps on a device are separated from corporate ones through a mobile device management system. This allows the enterprise to have complete control of the business apps, but no access to personal apps and vice-versa.
But it has some issues. One of which is that, generally, users don’t like having to switch between the container and main user screens. Another is that this adds overhead costs to the hospital administration staff and some users try to circumvent the system because of its bulkiness.
The healthcare ecosystem is one of the more difficult to manage from a security perspective because of its ubiquity. And the problem is not so much with the hospitals themselves as with the BYOD (bring your own device) environment of the cross-connected staff and patients. It is much easier to let the users have their own devices than try to manage enterprise devices across multiple locations, which is typical in the hospital ecosystem. How this is all going to shake out is still a bit of a mystery.
Well, I guess Apple isn’t happy just being a wearables contender. It has just filed a patent for a watch that can provide health “event detection” and medical alerts. We all knew this was coming. And I guess we all should have known that, soon or later, it would affect our health care status.
Apple claims that such devices are the perfect tool for corporate wellness programs, as well as affecting health care premiums. Apple claims their watches would detect a health occurrence or event through its sensors and feed that information to an iPhone. At the smartphone, alerts are sent to appropriate parties. This could save lives and lower premiums.
Sounds like a grand scheme. It could detect a heart attack, or an automobile accident, or a fall, for example, and start the first responder activity immediately. It could also send a variety of bio data to the appropriate agencies as they are responding so they have a much better picture of what the incident is and what condition the wearer is in.
All this sounds so grand, and a life-safety windfall…but. If anyone thinks that is all such watches will be used for, better think again. Corporations could use them to track employee’s health status. So much for feigning a temperature on opening day of baseball season. But then again, if you really are coming down with the flu at work, there is no doubt it is real.
However, my mind comes up with the dark side. Insurance companies now have a 24/7 picture of your health. (And don’t think they won’t be able to get that). Say this watch is detecting some signs that you are likely to have a heart attack shortly – blood pressure, heart rate, maybe even cholesterol down the road. And, all of sudden your health insurance is cancelled. The same scenario can happen with life insurance. Don’t wear it you say. OK, then the insurance companies simply refuse to insure you.
It could also be used as a condition of employment so the employer can control health premiums by hiring only marathon runners. Or even a screening device of potential employees. The list of potential abuses goes on. It is a bit early to opine where this may go. There is no doubt that it is a good thing, as long as it gets pigeon-holed as an optional device, if it comes to fruition.