Healthcare BYOD Presents Data Security Challenges

The rise of bring-your-own-device (BYOD) policies in the heatlhcare industry has presented a number of new challenges for IT teams tasked with fortifying data security. BYOD has become popular among medical professionals, with nearly 89 percent of healthcare organizations allowing physicians and staff members to use their personal devices for work, according to a study released by Cisco.

However, that study concluded that there were several alarming lapses in security when healthcare organizations deployed BYOD policies. For instance, only 59 percent of industry respondents said the smartphones they used to while on the job were password protected. In addition, 53 percent reported accessing either unsecured or unknown Wi-Fi networks with those devices.

Another area of concern is the possibility of a data thief being able to remotely identify and connect to Bluetooth devices, allowing them to access any stored data. Only 52 percent of those surveyed in the Cisco report could confirm that they had disabled Bluetooth discoverable modes on their smartphones to prevent this type of breach.

In order to prevent hackers from using employee devices to access patient records, hospital IT administrators need to develop a security plan that targets the specific challenges of BYOD. Health IT Security contributor Bill Ho discussed BYOD risks like the latest crop of Dropbox-style synchronization applications. By poking a hole in an institution’s security fabric to synchronize files to mobile devices, physicians are potentially creating a new channel through which confidential patient information could leak. Ho suggested several measures healthcare officials should implement to mitigate BYOD risks, including application control protocols and mobile device monitoring software. One of the most important suggestions was the use of encryption at all levels. Sensitive information that is stored on hospital servers should always be protected with data encryption software. When organizations allow BYOD, they must ensure that their security policies are extended to employees' mobile devices. If medical staff members are permitted to access patient files such as health records and payment account information using their personal devices, that data is vulnerable to cyberattacks. Employing data encryption software for information stored on employees' devices will allow hospitals to expand the scope of patient information protection.