News Feature | September 15, 2014

Mobile Security Puts Hospitals At Risk

Katie Wike

By Katie Wike, contributing writer

Healthcare Mobile Security

Just over half employees secure their mobile devices with full- or file-level encryption, posing a big threat to hospital security.

A recent report from Forrester Research has found mobile security is still lacking, and that lack of protection is putting hospitals at risk.

“Amid a rising tide of compliance pressures, employee mobility, and high black-market values for personally identifiable information (PII) and personal healthcare information (PHI), security and risk professionals at healthcare organizations are dealing with staggering amounts of endpoint-related data loss and exposure when compared with other industries,” notes the report. “However, many healthcare organizations struggle with low security budgets, and only about half secure their endpoint data through technologies such as full disk encryption or file-level encryption today.”

Fierce Mobile Healthcare writes the study found only 59 percent of employees protect their mobile devices with full-disk encryption or file-level encryption. "We expected the number to be higher," report author Chris Sherman told the Wall Street Journal. "This shows that healthcare has a way to go before they can say that they have data protection."

The report further found 39 percent of security incidents over the last nine years have involved mobile device theft or loss. "Endpoint data security must be a top priority in order to close this faucet of sensitive data," Sherman said.

Health It Outcomes reported that of organizations reporting breaches in the last year:

  • 45 percent had a mobile device containing enterprise data come up missing
  • 11 percent have lost data requiring public disclosure
  • 13 percent do not even enforce encryption on mobile devices

Sherman said he believes many healthcare tech leaders don't realize the monetary value of healthcare data; the price ranges from $20 for one health record to $500 for a patient's complete record.