Survey: 8 in 10 Hospitals Concerned About Mobile Cyberattacks
Mobile devices are being used more frequently by clinical staff members for communication.
Slightly more than 80 percent of IT and healthcare professionals reported being concerned about the cybersecurity of their mobile devices in a survey released Aug. 22.
Even though more than a third of hospitals were reported to be investing in mobile communications, the results show a fear of vulnerability to cyberattacks involving malware, blastware and ransomware.
“We’re seeing hospitals make investments and leverage mobile technology to improve the productivity and efficiency of care providers,” says Gregg Malkary, founder of Spyglass Consulting Group, which conducted the survey. “But it has to balance out against the risk.”
For the study Spyglass, a healthcare market intelligence firm focused on mobile computing, surveyed more than 100 members of the healthcare community, reports Tech Republic.
Researchers found that, on average, hospitals deployed 624 mobile devices for doctors, nurses and other staff members to discuss clinical matters. The devices were often reported to be integrated with existing hospital infrastructure, have secure messaging systems and strict policies for use.
But hospital-sanctioned devices aren’t the only types of mobile devices carrying protected health information, or PHI. Many survey respondents reported clinical staff members at their institution use personally-owned devices for work matters. These devices likely have weak passwords, use unsecure SMS messaging on public WiFi networks and utilize other inadequate encryption measures.
The U.S. Department of Health and Human Services’ Office for Civil Rights recorded more than 230 healthcare breaches involving the PHI of more than 500 individuals. If a breach involves more than 500 patients, the healthcare institution is required to notify local media outlets.
The fear of cyberattacks is understandable considering the frequency of large-scale attacks. More devices typically mean more opportunities for a cyberattack, and if mobile devices have complete access to a database with half the encryption of laptops, they represent particularly low hanging fruit for hackers.
The concern is there, but is it warranted? Are hospitals adopting new technologies before they’ve corrected the vulnerabilities of existing ones?