A few things you should consider when adding new mobile devices to your healthcare facility
When implementing new mobile devices, many healthcare organizations today simply aren’t taking security seriously enough.
TheDarkOverlord, phishing, and WannaCry are just a few of the monumental breaches that cost organizations really big money and impact brand reputation in a sensitive industry. IT professionals are all talking and worried about what’s next and staying out of the news! Healthcare organizations need to act.
Security remains a real issue for healthcare organizations, and here’s why:
Lack of authentication practices puts your data and patients at risk
Most of us, regardless of industry, are familiar with the ins and outs of mobile technology – it’s become part of our daily routine. As such, we’re used to multi-factor authentication: fingerprint recognition, creating secure passwords and more. With the familiarity already in existence, there’s no excuse for failing to implement thorough authentication practices into your business, particularly when your patients’ information is at risk. But healthcare organizations are still failing at this.
In May 2017, a major U.S. healthcare provider, Molina Healthcare, was forced to grapple with its compromised e-portal. It had left patient information exposed and available for anyone to grab, due to neglect of authentication requirements. This put more than 4.8 million patients at risk of fraud and identity theft.
Phishing attacks are sneaky and can cause major breaches
We’ve all seen mail come through our inboxes that sets off alarm bells in our heads; we should know what subject lines and “click here” tricks to avoid. But phishing attacks are evolving and becoming more sophisticated. Your employees need to know to look for nuances in the sender address, name, subject lines and more. It’s up to you to give them that guidance. Otherwise, you’re opening your organization up to all sorts of hazards.
In early 2017, an employee at the Washington University School of Medicine put more than 80,000 patients at risk for potential identity theft and fraud, all because the employee fell victim to a phishing attack.
Improper or inadequate employee training can open your organization to security threats
As with any company-wide technology roll-out, one of the worst things you can do when adding mobile devices to your organization is to create a free-for-all. Do not simply hand out new technology without giving your employees the proper training and resources to equip them, and your organization for success. Consider the following points:
- Determine company policies for acceptable personal use of company devices
- Consider creating an acceptable list of workplace-approved applications
- Have a set of best practices, restrictions, and support in place, prior to the roll-out
Considering these key points will enable your organization to avoid unwanted risk in the security and usage of your company’s mobile devices.
Today’s security risks warrant having a partner to help you
These days, you need to have all your bases covered. While that may seem like a daunting task for smaller healthcare organizations, there are third-party providers who can help. Consider partnering with an organization that can assess your environment and build a mobility management program customized to the devices you support.
Third-party providers can also manage your network services or service desk, taking care of some of the basics for you while your in-house IT focuses on the critical tasks of securing your organization from harmful, virtual threats.
Whatever you choose to do, be wary of the virtual threats ravaging the industry. Take them seriously, and implement the right teams, resources and plans to make sure your organization and patients don’t fall victim.
How are you protecting your healthcare organization from security risks? Let us know in the comments.