The bring your own device (BYOD) trend has extended to many industries in 2012, including the healthcare sector. Employees like when companies adopt BYOD as it allows them use the devices they are most comfortable with for work. But while it may please the employee, the company may have to take a second look at their BYOD policy, as some organizations may not be taking security threats into account when they allow employees to use smartphones, tablets or other mobile devices to access work data.
A new report published in the Ponemon Institute and the Health Information Trust Alliance, found that of 80 healthcare organizations surveyed, 94 percent had experienced at least one data breach in the last two years. Forty-five percent said they had at least five breaches. The report authors said they wonder if healthcare organizations are simply not aware of the security hazards associated with BYOD, Medical News Today reported.
However, these security breaches put organizations at risk of exposing sensitive data. Nearly 20 percent of those surveyed said their breaches included at least one incident of medical identity theft. What’s more bothersome, is that more than half of the respondents said they had little or no confidence in their ability to detect a data breach, the article stated. Many also said they were not confident in the security of employee-owned devices.
Data breaches cost healthcare billions of dollar every year. According to the survey, healthcare organizations in the United States alone lose an estimated $6.78 billion annually from lost or stolen data, proving it may be time for companies to take a closer look at BYOD policies that include stricter application control. According to the report’s authors, creating a policy that includes detailed guidelines on all mobile devices being used by employees will be crucial. Workers also need to be aware of the security risks involved in using these devices and what procedures must be followed in order to cut down on data breaches.
Data breach costs healthcare organizations millions
Cyber criminals targeting the Massachusetts Eye and Ear associates in Alaska stole a laptop full of patient data in September. As a result, the U.S. Department of Health and Human Services Office of Civil Rights (OCR), which protects patient’s HIPAA rights, fined the clinic $1.5 million, MobiHealthNews reported. Earlier in 2012, the Alaska Department of Health and Human Services was fined by the federal OCR $1.7 million when a USB drive went missing, the article stated.
The source stated there is now an “inescapable reality” of BYOD in healthcare organizations, and these mobile devices bring with them the threat of HIPAA violations, and federal fines. Security can affect the quality of patient care, and data has shown that patients are becoming increasingly concerned about the security of their electronic medical records.
“Of course, it’s not just the threat of fines that will drive hospitals to adopt security solutions, it’s also maintaining a trust relationship with patients,” the article stated.
Hospital IT departments need to be especially wary of these mobile devices and create effective policies that regulate the use of employee smartphones, tablets and laptops.
“This is part of a broader macro-trend in security,” a data security expert said in the article. “It was very topdown, where IT departments made decisions about security. It’s going to much more of a detect, respond, and govern security model.”
Does your organizations have a BYOD policy in place? If so, are you confident employee devices are secure? Do you see these devices as a potential threat to the company?