Forty-three percent of data breaches are due to lost or stolen devices, with smartphones and tablets outranking desktop and laptop computers as the devices most likely to go missing. There are numerous examples of employee negligence-related data leakage. At Oregon Health & Science University (OHSU) the PHI of approximately 1,000 patients was exposed when an unencrypted laptop was stolen from an employee’s car. In a separate breach, also at OHSU, the PHI of 14,000 patients was compromised when an unencrypted thumb drive was stolen from an employee who brought it home without authorization.
Even when devices are stolen, encryption can prevent data getting into the wrong hands. This makes it vital for organizations to not only implement clearly-defined procedures for protecting mobile and employee-owned devices, but also to enforce them.
3. Exercise caution when accessing foreign networks
Quest Imaging Solutions provides all major brands of surgical c-arms (new and refurbished) and carries a large inventory for purchase or rent. With over 20 years in the medical equipment business we can help you fulfill your equipment needs
In a Cisco report on BYOD, 59 percent of respondents who used smartphones to access PHI said the smartphones were not password protected, 53 percent of respondents accessed unsecured or foreign Wi-Fi networks, and 48 percent of respondents could not confirm if they disabled “discovery mode” on their Bluetooth devices and smartphones, which makes these devices extremely vulnerable to a cyber-attack. Many healthcare roundtable participants also reported that it was not uncommon for doctors to email PHI to personal email addresses (a known HIPAA violation) which opens yet another opportunity for access to unencrypted PHI.
IT departments at healthcare organizations should enforce strict requirements with respect to health care providers accessing PHI via mobile devices.
4. Beware of medical devices and mobile apps
Be careful when downloading apps and monitor all technology involved in the healthcare environment. Shockingly, nearly 20 percent of breaches within the health sector are caused by insecure mobile apps and medical devices.
5. Data storage in the cloud
A third of healthcare organizations say that when it comes to data security, they are most concerned about the use of public cloud services. However, it is not just public services that should be of concern. With respect to private cloud storage providers, there can be a range of solutions and variances in the types and implementation of security measures. Because HIPAA rules apply to business associates and their subcontractors or vendors, it’s important that all cloud service providers contractually agree to adhere to HIPAA standards.