Home  |   Subscribe  |   Resources  |   Reprints  |   Writers' Guidelines

Study: Hospital IT Anxious About Growing Mobile Security Threats

Spyglass Consulting Group recently released its most recent health care study, Point of Care Communications for Nursing 2016. The study shows that 82% of hospitals surveyed expressed grave concerns about their ability to support and protect mobile devices, patient data, and the hospital's technology infrastructure as a result of the growing threat of cybersecurity attacks.

Mobile devices including smartphones and tablets can introduce vulnerabilities to the hospital's network and infrastructure through attack vectors that include the following:

• Malware: designed to penetrate networks, steal information, and cover up its tracks;

• Blastware: designed to destroy or disable a system when detected; and

• Ransomware: designed to block access to a computer system until money is paid.

Hospitals surveyed were concerned about personally owned mobile devices used by physicians and advanced practice nurses, because many end users have inadequate password protection; lack security software to thwart an attack; rely upon unsecured SMS messaging for clinical communications, which often included patient health information; and widely use public WiFi and cellular networks that could easily compromise their device, data, and communications.

Hospitals surveyed also were concerned about hospital-owned and managed mobile devices used by nurses, ancillary health care professionals, and other mobile hospital workers. "Despite increased investments in mobile device management solutions and secure text messaging solutions, cybercriminals have become more sophisticated and knowledgeable about the capabilities and vulnerabilities of existing security products, and the strategies and tools used by hospital IT to detect a potential intrusion," says Gregg Malkary, founder and managing director of Spyglass Consulting Group.

HIPAA privacy rules require hospitals to closely guard and protect patient health information, such as patients' names, birth dates, social security numbers, diagnoses, tests, physicians' names, and insurance information. Hospitals found guilty of data breaches can be fined upwards of $1.5 million per incident and be required to notify the local media if the breach involves more than 500 patient records. Approximately 25% of data breaches originate from mobile devices.

Additional highlights of the Point of Care Communications for Nursing 2016 report include the following:

• Hospital IT investment priorities are pivoting toward mobile communications. Seventy-one percent of hospitals surveyed regard mobile communications as an emerging investment priority driven by the adoptions of new patient centered care models and value-based purchasing.

• Large-scale enterprisewide deployments are focusing on the mobile hospital worker. Thirty-eight percent of hospitals surveyed had invested in a smartphone-based communications platform to support clinical communications with an average size deployment of 624 devices.  Fifty-two percent of them have expanded their deployments beyond clinical messaging to support other mobile hospital workers.

Source: Spyglass Consulting Group