Mobile device security in health industry 'immature'

Tools

The global healthcare industry is not keeping pace when it comes to mobile device security, specifically unsanctioned device and application use, according to a new survey by IDG Connect for security vendor ForeScout.

Phishing and targeted security attacks are less of a problem for the global healthcare industry compared to unauthorized device use and data leaks, which was cited as a security concern by 60 percent of respondents to the survey.

"When ranked according to impact on a global basis, the healthcare sector was particularly affected by data leakage monitoring issues compared to other industries," states the report, which cites the healthcare sector as the most immature industry in terms of personal mobile device security, endpoint compliance discovery and remediation.

The survey states 68 percent of those in the U.S. healthcare industry are not--or just somewhat--confident that needed tools are in place to battle perimeter security threats.

Security is consistently cited as a major obstacle to integrating and use of mHealth tools, devices and apps. For instance, a Ponemon Institute study published last year revealed many organizations are not taking the necessary steps to protect regulated data, such as health information, housed and stored on mobile devices and in the cloud. More than half of respondents to the survey said they have had, on average, five data breach incidents involving the loss or theft of a mobile device containing regulated data.

A more recent KLAS study notes identity management and unauthorized data access by employees are healthcare providers' top security concern. The bring-your-own-device trend and remote security policies rank a close second.

The arrival of new mHealth platforms, such as Apple's HealthKit, is also drawing greater attention to data and security issues. While texting is being embraced by doctors, a recent study reveals such technology use requires greater focus on security and meeting federal regulatory rules.

"Without proper safeguards in place, there is a concern of violating HIPAA, and few hospital systems seem to have secure networks and encryption programs in place," the survey's authors said.

A CompTIA survey from June also notes the need for greater focus on mobile device security.

To learn more:
- download the report

Related Articles:
Mobile devices, cloud computing: What healthcare CIOs fear most
Apple HealthKit draws concerns about data security, privacy and medical accuracy
Experts: Holy Grail ahead in mHealth but hurdles remain
Increased med staff texting requires more security oversight