Hospitals Face Security Risks In Expanding Mobile Footprint

A new study suggests that hospitals are deeply concerned about their ability to protect patient data and their technology infrastructure from the growing threat of mobile cyberattacks.

The study, by Spyglass Consulting Group, found that 71% of hospitals consider mobile communications to be an increasingly important investment, in part due to the growth of value-based reimbursement and emerging patient- centered care models.

Thirty-eight percent of hospitals surveyed by Spyglass reported having invested in a smartphone-based platform to support these communications, with the deployments averaging 624 devices. Meanwhile, 52% have expanded their deployments beyond clinical messaging support other mobile hospital workers, researchers found.

That being said, 82% of hospitals weren’t sure they could protect these assets, particularly against mobile-focused attacks. Respondents worry that both smartphones and tablets could introduce vulnerabilities into the hospitals network infrastructure through malware, blastware and ransomware attacks. (These concerns are backed up by other Spyglass research, which concludes that 25% of data breaches originate from mobile devices.)

The surveyed hospitals said they were especially concerned about personally-owned mobile devices used by advanced practice nurses and physicians, noting that such devices may lack adequate password protection and may not have security software in place to block attacks.

Also, respondents said, APNs and doctors typically rely on unsecured SMS messaging for clinical communications, which may include protected patient health information. What’s more, respondents noted that these clinicians make heavy use of public Wi-Fi and cellular networks which can be compromised easily, exposing not only their device but also their data and communications to view.

But the hospitals’ fears aren’t limited to clinicians’ personal devices, Spyglass noted. Despite making increased investments in mobile security, hospital respondents said they were also concerned about hospital-owned and managed mobile devices, including those used by nurses, ancillary professionals and nonclinical mobile hospital workers.

“Cybercriminals have become more sophisticated and knowledgeable about the capabilities and vulnerabilities of existing security products, and the strategies and tools used by hospital IT detect potential intrusion,” said Gregg Malkary of Spyglass in a prepared statement.

Still, hospitals have a number of reasons to soldier on and solve these problems. For example, a HIMSS study released in March notes that hospitals feel mobile implementations positively impact their ability to communicate with patients and their ability to deliver a higher standard of care. Not only that, 69% of respondents whose hospitals use mobile-optimized patient portals said that this expanded their capability to send and receive data securely.

The HIMSS study found that 52% of survey respondents used three or more mobile and/or connected health technologies, with 58% mobile-optimized patient portals, 48% apps for patient education and engagement, 37% remote patient monitoring, 34% telehealth, 33% SMS texting, 32% patient-generated health data and 26% concierge telehealth.

In addition, 47% of HIMSS respondents said that their hospitals were looking to expand the number of connected health technologies they used, with another 5% of respondents expecting to become first-time users of at least one of these technologies.

About the author

Anne Zieger

Anne Zieger

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she's served as editor in chief of several healthcare B2B sites.