Part 1
There’s no doubt that smartphones have made our lives immeasurably easier and convenient in so many different ways. There seems to be an app for everything imaginable and even unimaginable and health-related apps are no exception, topping out at over 100,000 aps for just this category.
The screeching halt to this cornucopia of choice appears when it is evident that with all the options out there, security can be seriously lacking – not just in smartphone apps but in the Cloud where some choose to store sensitive Patient Health Information (PHI) which they capture on their smartphones.
Expensive breaches and embarrassing mistakes can occur when hospitals and users are unaware of the risks involved with any system that might lack proper encryption methods, proper transfer methods and proper storage methods of PHI. Whether it boils down to ignorance, complacency or something else, breach fines run in the millions of dollars annually for many organizations.
One quick look at the Breach Portal (Notice to the Secretary of HHS Breach of Unsecured Protected Patient Health Information (AKA PHI), maintained by the U.S. Department of Health and Human Services’ Office for Civil Rights, paints a somber picture. The year is still relatively new, and yet the portal shows 25 healthcare providers and healthcare plans which have already suffered PHI breaches in 2017 – some, with thousands of individuals affected and with thousands of dollars in fines. Everything from hacking to theft to unauthorized access to PHI is documented. In 2016 alone, major companies who experienced health care breaches included Kaiser Foundation Health Plan, Inc., and Blue Cross Blue Shield of South Carolina.
In a recent research report conducted by the Ponemon Institute entitled, “The Cost of Insecure Mobile Devices in the Workplace”, it was found that the majority of organizations in their study suffered loss or theft of sensitive or confidential information on mobile devices, due to employees' careless use of the device. Often, in a big organization, it is difficult to detect those employees who are using their mobile devices in a careless manner. Thirty-six percent of organizations in Ponemon’s study say they allow employees to copy sensitive or confidential data to public cloud-based applications; yet at the same time, nearly half of the employers in this study admitted they were unable to manage or control what was sent up to the cloud, and another ten percent were unsure. A lot of companies still use passwords or key lock to secure mobile devices.
In Part 2, which will be up on our site in a couple of days, we’ll show you that there is light (and sometimes, it’s ultraviolet!) at the end of the forensic tunnel…keep following if you want your organization to be "Secure Beyond Reasonable Doubt®.