The healthcare industry is emerging as a leading advocate for the use of smartphones and tablets in the workplace, but the sensitive nature of the data carried on these devices heightens the importance of effective mobile security practices.
"Clinicians are so in love with their mobile devices that these gadgets may soon become the preferred computing devices in healthcare, eventually replacing desktops, cart-bound work stations and other traditional hardware," industry expert Marianne McGee wrote in her latest column for InformationWeek. "But that love affair comes at a price."
According to the U.S. Department of Health and Human Services, more than 360 data breaches affecting more than 500 individuals have been reported to date.
In the vast majority of cases, lost or stolen hardware was to blame. Just weeks ago, the loss of a computer at Stone Oak Urgent Care & Family Practice offices in San Antonio is estimated to have compromised the data security of more than 3,000 patients.
With laptops and entire servers falling into the wrong hands, the smaller dimensions of smartphones and tablets only amplify this risk. However, these physical threats may soon pale in comparison to digital vulnerabilities.
With Google standing its ground and staking its claim as a more open, developer-friendly mobile ecosystem, many advanced hackers are turning their attention toward the Android platform. According to Computerworld, these lax policies may be putting data in harm's way. Citing research from Juniper Networks, Android malware has increased 472 percent since July 2011.
"We're seeing a mix of the traditional hacking community [creating] malware very similar to organized efforts on the PC side, as well as people who are just a little smart – the '15-year-old kid crowd' – who are able to hide some malicious content in an app," industry analyst Dan Hoffman told Computerworld.
To stay ahead of emerging threats and take control of their data, McGee advised healthcare organizations to implement mobile security policies sooner than later. Many of the most common vulnerabilities can be addressed with sound employee education, but explicit protocol will increase accountability and hopefully inspire responsible use.
Network administrators will also have to take more proactive steps to ensure data security. Regulating mobile application downloads, providing end-to-end encryption and enabling remote lock and data wipe features can provide comprehensive threat protection, according to McGee.
Data Security News from SimplySecurity.com by Trend Micro