Free Hospital EMR and EHR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to Hospital EMR and EHR for FREE!

Hospitals Face Security Risks In Expanding Mobile Footprint

Posted on October 3, 2016 I Written By

Anne Zieger is veteran healthcare editor and analyst with 25 years of industry experience. Zieger formerly served as editor-in-chief of FierceHealthcare.com and her commentaries have appeared in dozens of international business publications, including Forbes, Business Week and Information Week. She has also contributed content to hundreds of healthcare and health IT organizations, including several Fortune 500 companies. She can be reached at @ziegerhealth or www.ziegerhealthcare.com.

A new study suggests that hospitals are deeply concerned about their ability to protect patient data and their technology infrastructure from the growing threat of mobile cyberattacks.

The study, by Spyglass Consulting Group, found that 71% of hospitals consider mobile communications to be an increasingly important investment, in part due to the growth of value-based reimbursement and emerging patient- centered care models.

Thirty-eight percent of hospitals surveyed by Spyglass reported having invested in a smartphone-based platform to support these communications, with the deployments averaging 624 devices. Meanwhile, 52% have expanded their deployments beyond clinical messaging support other mobile hospital workers, researchers found.

That being said, 82% of hospitals weren’t sure they could protect these assets, particularly against mobile-focused attacks. Respondents worry that both smartphones and tablets could introduce vulnerabilities into the hospitals network infrastructure through malware, blastware and ransomware attacks. (These concerns are backed up by other Spyglass research, which concludes that 25% of data breaches originate from mobile devices.)

The surveyed hospitals said they were especially concerned about personally-owned mobile devices used by advanced practice nurses and physicians, noting that such devices may lack adequate password protection and may not have security software in place to block attacks.

Also, respondents said, APNs and doctors typically rely on unsecured SMS messaging for clinical communications, which may include protected patient health information. What’s more, respondents noted that these clinicians make heavy use of public Wi-Fi and cellular networks which can be compromised easily, exposing not only their device but also their data and communications to view.

But the hospitals’ fears aren’t limited to clinicians’ personal devices, Spyglass noted. Despite making increased investments in mobile security, hospital respondents said they were also concerned about hospital-owned and managed mobile devices, including those used by nurses, ancillary professionals and nonclinical mobile hospital workers.

“Cybercriminals have become more sophisticated and knowledgeable about the capabilities and vulnerabilities of existing security products, and the strategies and tools used by hospital IT detect potential intrusion,” said Gregg Malkary of Spyglass in a prepared statement.

Still, hospitals have a number of reasons to soldier on and solve these problems. For example, a HIMSS study released in March notes that hospitals feel mobile implementations positively impact their ability to communicate with patients and their ability to deliver a higher standard of care. Not only that, 69% of respondents whose hospitals use mobile-optimized patient portals said that this expanded their capability to send and receive data securely.

The HIMSS study found that 52% of survey respondents used three or more mobile and/or connected health technologies, with 58% mobile-optimized patient portals, 48% apps for patient education and engagement, 37% remote patient monitoring, 34% telehealth, 33% SMS texting, 32% patient-generated health data and 26% concierge telehealth.

In addition, 47% of HIMSS respondents said that their hospitals were looking to expand the number of connected health technologies they used, with another 5% of respondents expecting to become first-time users of at least one of these technologies.

Hospital Aren’t Supporting Nursing Smartphones

Posted on December 11, 2012 I Written By

Anne Zieger is veteran healthcare editor and analyst with 25 years of industry experience. Zieger formerly served as editor-in-chief of FierceHealthcare.com and her commentaries have appeared in dozens of international business publications, including Forbes, Business Week and Information Week. She has also contributed content to hundreds of healthcare and health IT organizations, including several Fortune 500 companies. She can be reached at @ziegerhealth or www.ziegerhealthcare.com.

Here’s one more example of where Bring Your Own Device is causing security problems for hospitals. A new report by Spyglass Consulting Group suggests that while most nurse use personal smartphones on the job, few hospital IT departments support these devices.

According to Spyglass, 69 percent of hospitals said that their nurses use personal mobile devices, often to fill in gaps left by the technology the hospital provides for communication. This is no surprise. While there’s an armada of personal nursing devices which allow nurses to communicate with other staffers, smartphones do a better job, as they’re light, boast an easy to use interface and unlike VoWiFi devices, unaffected by local network ups and downs.

It’s worth noting that 25 percent of care providers interviewed by Spyglass weren’t happy with the quality and reliability of the wireless network within their facilities.  That’s further evidence that VoIP devices commonly used for nursing communication aren’t riding on a solid base.

So, nurses are driven to use the smartphones they bring in from home.  Those phones become the basis for mission-critical communications around day-to-day care. But at the risk of repeating myself — OK, I’ve already repeated myself often on this subject — these unsupported, vulnerable devices can be hacked or stolen quite easily. If a phone is left in a public area, not only are nurses deprived of a critical communications channel, the e-mail or texts or voicemails they’ve sent regarding patient care has just walked off as well, offering bunch of private data in the clear. Plus, there are free solutions to this communications, privacy and security problem like docBeat that are much much more functional than what’s on the nurses’ personal devices anyway.

According to the Spyglass researchers, who conducted 100+ interviews with nurses working in acute care, hospital IT personnel are concerned about the increasing dependence of clinicians on personal mobile devices.  But I note that at least in the report summary written up by Healthcare IT News, you don’t hear about a stampede of hospital IT departments rushing to establish support policies and deploy enterprise-class mobile management tools. I must say, I’m not sure what they’re waiting for.