The problem with mobile email security in a healthcare setting

Mobile devices are frequently used in healthcare to improve communication and access to information. However, the convenience of mobile devices increases the risks of data breaches, with 89% of healthcare organizations experiencing data breaches linked to security vulnerabilities in their mobile devices.

The challenge of using mobiles in healthcare

“In broad terms, privacy and security are multi-faceted problems and require multidisciplinary approaches. Current research on privacy–security issues for data exchanges via new technologies are limited and challenging as we must realize that the problem in healthcare domain is more complex than most other domains, including e-business and manufacturing.”

The above quote comes from the article, Security and Privacy Issues with Health Care Information Technology, which discusses changing security in the healthcare sector. The problem with using mobile devices in a healthcare setting is that convenience comes at the cost of security. Storing protected health information (PHI) on portable devices increases the risk of a data breach.

The threats range from unsecured WiFi networks to loss and theft without the safety blanket of uniform security protocols. This scenario requires a balancing act: healthcare institutions have to provide extensive mobile security measures while not allowing security to impact the accessibility and functionality of mobile devices. 

See also: What is the 'bring your own device' policy in healthcare?

Factors contributing to mobile email security risks

• Mobile devices are more susceptible to loss or theft, increasing the risk of unauthorized access to email.
• Users often connect to unsecured Wi-Fi networks, making email data vulnerable to interception.
• Many healthcare professionals use weak or easily guessable passwords, compromising email security.
• Phishing attacks are more difficult to detect on mobile devices due to smaller screen sizes and simplified interfaces.
• Outdated operating systems and applications on mobile devices may contain unpatched security vulnerabilities.
• Inconsistent enforcement of mobile device management (MDM) policies can leave gaps in security.
• The blending of personal and professional use on a single device can lead to accidental sharing of sensitive information.

See also: Bring your own device (BYOD) policies in healthcare

Alternatives to using mobile devices in healthcare

1. Desktop computers with secure connections: Using desktop computers that are connected to the healthcare facility’s network via hardwired connections provides a stable and secure environment for accessing and sending emails. 
2. Dedicated workstations for electronic health records (EHRs): By accessing EHRs from fixed locations within healthcare facilities, organizations can ensure that all interactions with patient data occur within a secure and monitored environment. 
3. Virtual Desktop Infrastructure (VDI): VDI solutions allow healthcare professionals to remotely access a secure, central server that hosts applications and data. This means that sensitive information is not stored or processed on local devices. 
4. Pagers: Once a staple in healthcare communication, pagers offer a simple, reliable way to receive alerts and messages without the complexities and security concerns of smartphones. 
5. Smart cards and physical tokens: These devices provide secure, physical authentication for accessing healthcare systems and data. 

See also: HIPAA Compliant Email: The Definitive Guide

FAQs

What is MDM?

Mobile device management is a technology solution used by organizations to control, secure, and enforce policies on smartphones, tablets, and other endpoints.

Why are software updates a danger to mobile security?

Danger arises if they contain vulnerabilities that have yet to be identified or if the updating process is intercepted by malicious actors aiming to install malware.