November 19, 2015 By Kevin Olivieri 3 min read

Health care practitioners are walking around with a gold mine of data on their smartphones and tablets. Mobile devices, whether physically cracked or malware hacked, sit as the greatest inside accomplice since Bonnie helped Clyde.

Cybercriminals are targeting the health care industry at an increasingly alarming rate. Even with increased mobile security, the number of attacks targeting personal health information (PHI) has increased 125 percent since 2010, according to a recent Ponemon Institute study.

What else makes health care information so valuable for cybercriminals? Basically, electronic health records yield the most intimate personal information on individuals, which criminals then flip for their own gain. For example:

  • 59 percent of the stolen information is used to acquire treatment and services.
  • 56 percent is used to obtain pharmaceuticals or medical equipment.
  • 52 percent is used to fraudulently receive benefits like Medicare and Medicaid.

When an individual’s health care data is combined with other personally identifiable information (PII), they can be packaged into full identity kits, which are sold for around $1,000 on the Dark Web.

Start Managing Your Devices, Apps and Docs Now with a free 30-day trial of MaaS360

For health care organizations, these breaches aren’t just significant hits to consumer trust; there are serious financial ramifications to the tune of $363 per stolen record on average. It’s a steep fine that makes the penalties in other industries seem like a light slap on the wrist. Individually, each infraction is far from crippling to an organization, but data is very rarely exfiltrated just one record at a time.

Mobile Raises the Odds of Health Care Data Breaches

Mobile devices have made a significant, beneficial impact on the health care industry. They have provided doctors, nurse practitioners and other health care employees with important information at their fingertips. In an industry where accessing the correct and actionable information quickly can be a matter of life and death, the instant access to data is an undeniable advantage.

While tablets and smartphones are a definitive boon to saving lives, the consumerization of IT with bring-your-own-device (BYOD) at the forefront left IT and security teams scrambling to ensure every data transmission was safe and compliant with HIPAA and other regulations.

While hacking and malware present clear and present dangers, mobile is also open to losing PHI through general misuse, devices being left behind or someone in an admin function sharing patient data on public-facing apps. Infinite ease of access to information for the right people also opens infinite possibilities for the wrong people to see this protected information.

Thankfully, this mobile threat escalation and the need for mobile security hasn’t gone completely unnoticed. About 81 percent of health care executives in KPMG’s “2015 Healthcare Cybersecurity Survey” revealed that their organizations have been compromised by a cyberattack in the past two years, with 13 percent claiming they’re targeted by external hacks once a day and 12 percent professing two or more attacks a week.

NIST and NCCoE Give Prescription for Health Care Mobile Security

Even though the awareness of cybersecurity is strong, only 53 percent of health care providers are prepared to defend against attacks, according to the KPMG study.

Recognizing the aforementioned conundrum and a growing need to ensure the tightest security without restricting productivity in the enterprise, the National Institute of Standards and Technology (NIST) and National Cybersecurity Center of Excellence (NCCoE) released a cybersecurity guide specifically aimed at providing guidance for securely mobilizing electronic health records.

One of the clear messages within the suggested framework is an enterprise mobility management (EMM) centrifuge to manage and secure the many variations of mobile devices, document types and applications — without restricting productivity.

IBM MaaS360 has been an ambulatory EMM for mobile health in health care since the first iPad started putting cumbersome PCs out to pasture. Security and productivity are delivered through the following key security and productivity characteristics:

  • Access control: The selective restriction of access to an individual or device.
  • Audit controls and monitoring: Controls recording information about events occurring within systems.
  • Device integrity: Maintaining and ensuring the accuracy and consistency of a device.
  • Person or entity authorization: The function of specifying access rights to people or entities.
  • Transmission security: The process of securing data transmissions from being infiltrated, exploited or intercepted by an individual, application or device.

Mobility, security and productivity aren’t separate conversations. To see how IBM MaaS360 can help your organization deliver reliable and secure mobile data to patients, employees and all affiliates that help save lives, start your free 30-day trial.

More from Endpoint

Unified endpoint management for purpose-based devices

4 min read - As purpose-built devices become increasingly common, the challenges associated with their unique management and security needs are becoming clear. What are purpose-built devices? Most fall under the category of rugged IoT devices typically used outside of an office environment and which often run on a different operating system than typical office devices. Examples include ruggedized tablets and smartphones, handheld scanners and kiosks. Many different industries are utilizing purpose-built devices, including travel and transportation, retail, warehouse and distribution, manufacturing (including automotive)…

Virtual credit card fraud: An old scam reinvented

3 min read - In today's rapidly evolving financial landscape, as banks continue to broaden their range of services and embrace innovative technologies, they find themselves at the forefront of a dual-edged sword. While these advancements promise greater convenience and accessibility for customers, they also inadvertently expose the financial industry to an ever-shifting spectrum of emerging fraud trends. This delicate balance between new offerings and security controls is a key part of the modern banking challenges. In this blog, we explore such an example.…

Endpoint security in the cloud: What you need to know

9 min read - Cloud security is a buzzword in the world of technology these days — but not without good reason. Endpoint security is now one of the major concerns for businesses across the world. With ever-increasing incidents of data thefts and security breaches, it has become essential for companies to use efficient endpoint security for all their endpoints to prevent any loss of data. Security breaches can lead to billions of dollars worth of loss, not to mention the negative press in…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today