Mobile devices are becoming critical in the health care sector. A 2014 survey from HIMSS found that mobile tech is being tapped on the hospital floor for a lot of different activities, according to MobiHealthNews. In fact, nearly 70 percent of clinicians are using these kinds of devices to view patient information, and 41.8 percent utilize them to get clinical data. In other words, these kinds of tools are integral to improving patient outcomes and getting the right information to the right professional in time to improve diagnoses or administer the proper care.
Trend Micro researchers noted that the future of mobile tech in health care is bright. Wearable devices and technologies driven by the Internet of Things are beginning to contribute to a better health landscape. For instance, these wearables can track fitness levels and even blood sugar for those with diabetes, and they will soon be (or in some cases already are) able to track blood pressure, heart rate and respiratory rate, among other important metrics.
In addition, Trend Micro researcher David Sancho noted that even more futuristic technologies are on the way, including "lab-on-a-chip drugs," which are pills or patches that automatically deliver the necessary dosage of a medicine, and smart clothing that could offer a variety of benefits to patients. However, Sancho warned that with the advancements in technology, it's crucial to make sure these devices are sufficiently protected against data theft.
"It is clear that the current state and evolution of technology will give new toys to all human fields," he wrote. "Healthcare is no exception. However, added risks make this industry more prone to attacks and life-threatening repercussions."
Security concerns on the rise
Because of the steady growth of mobile devices in health care, it's important to make sure these devices are secure. Health care organizations are under the eye of strict security compliance standards, like the 1996 Health Insurance Portability and Accountability Act, which states that all patient information needs to be confidential and protected – and that health care providers and insurance companies need to follow specific guidelines to ensure that security.
The unique future of health care technologies, however, depends on data security. There could be dire consequences for patients using the aforementioned "lab-on-a-chip drugs," for instance, if a malicious party were to gain access to their inner workings. These kinds of advanced targeted attacks could spell bad news.
"An attacker's interception of those drug parameters might be fatal," Sancho wrote. "Even delaying drug delivery could be bad enough."
The implication here is that it could be dangerous for too much or too little of a drug to be administered to an unsuspecting patient. Basically, it's going to be even more important as technology becomes more advanced to ensure these devices are sufficiently protected against hackers and would-be malicious actors.
Researchers and health care professionals have been aware of the security issues surrounding mobile devices for a while now. The U.S. National Institute for Standards in Technology issued a guide on how to thoroughly implement security procedures throughout an IT system. The goal of this guide was to educate organizations within and around the health care sector about how to know whether or not a system was safe against cyber attacks and how to improve security procedures across the board.
What are some best practices?
The NIST's guide for how to set up security procedures is a step in the right direction where mobile security is concerned. According to InformationWeek, there are a few things to consider when mobile devices are involved in the health care space, including:
- Device management: Make sure all devices on an organization's network are accounted for. This includes the strict surveillance of shadow IT.
- Remote capabilities: Shut down and wipe all devices on a network from a remote location. In this way, unauthorized users can be barred access.
- Encryption: Protect application data with encryption technology and endpoint protection tools.
- Employee awareness: Sometimes, the weakest link in any organization's cyber security is in personnel. Well-intentioned employees share documents or open emails that could open the floodgates for phishing scams and malware. Implementing mobile security training could alleviate some of this concern.
Is there an answer to the mobile security problem?
No doubt as health care tech continues to advance, medical practices will need to find better ways to protect their data and make sure these devices don't become a dangerous liability. Maintaining compliance with HIPAA standards and making sure PHI is as secure as possible may quickly become one of the most important jobs of any health IT professional. Investing in security solutions can make a difference – especially when it comes to ensuring data protection across a health care enterprise.
Mobile solutions from Trend Micro can help strengthen the security of heath care devices to maintain HIPAA compliance and keep PHI safe.