- Nearly 38% of healthcare organizations admitted to having suffered a compromise involving a mobile device in the past year — a significant rise from the previous year, when 25% said they were compromised, according to Verizon’s 2020 Mobile Security Index.
- Fewer of the healthcare professionals surveyed responsible for buying and managing security of mobile and Internet of Things devices are concerned about mobile threats than a year earlier. In 2019, 83% of respondents said their organizations were at risk, compared with 73% in 2020.
- Providers increasingly rely on the cloud for data storage, but employ few precautions to protect patient data. Just 35% of healthcare organizations said they restricted the use of unvetted cloud apps, and only 49% said they restricted certain apps’ functionality when accessed from unknown networks or locations.
The threat certainly hasn’t gone away. Physicians increasingly use smartphones and other mobile devices to input patient data, among other things — providing hackers with stockpiles of sensitive information to steal and use maliciously.
The poll of 876 senior professionals responsible for buying, managing and securing devices looked across sectors. Of that group 9% came from healthcare, including hospitals and medical centers.
Despite those risks, 37% of healthcare professionals admitted they had sacrificed mobile security to “get the job done” — driven largely by the need for expediency and convenience in high-stakes medical settings, according to the Verizon study.
Only 12% of respondents said their organizations had in place what the report calls the most basic precautions: changing default or vendor-supplied passwords, encrypting data before sending it across public networks, regular security testing and restricting access to data on a need-to-know basis.
Installing unapproved apps and connecting to unsecure public Wi-Fi networks were a top concern among respondents, although 65% of them said they personally used public Wi-Fi for work tasks, and it was explicitly prohibited by company policy for 23% of them.
A newer threat respondents discussed this year was cryptojacking — a form of malware used to remotely steal a device’s computing abilities to mine for cryptocurrencies, such as Bitcoin.
Ransomware attacks in which hackers block access to a computer system until a sum of money is paid can be especially debilitating in medical settings, where physicians now rely on access to technology to perform their jobs.
While hacked patient data is a primary concern, stolen employee data can be a prime target for cybercriminals running highly targeted phishing scams, including tax scams, according to the report.
While 51% of respondents said they were afraid of exposing employee data, only 52% said they gave their employees ongoing training on IT security.
Insider threats, however, remain one of the biggest concerns for the industry. Three-quarters of healthcare organizations said they believed their employees are the greatest risk when it comes to mobile devices in Verizon’s study.
Beyond mobile devices, the study found smart IoT devices are also at risk of breaches. These include pills in smart packaging and diagnostic sensors in ambulances to transmit patient data en route, among other new technologies.
And 75% of respondents said their organization is at risk from attacks targeting IoT devices while 35% said they had already suffered a compromise involving such a device.
https://www.healthcaredive.com/news/more-healthcare-organizations-admit-lax-mobile-data-security-to-get-the-jo/572911/
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.