Only slightly more than half of healthcare employees (59 percent) are using full-disk encryption or file-level encryption on mHealth computing devices used at work, according to a new Forrester research report, which concluded that medical enterprises must adopt a data-centric approach to endpoint security on all employee devices. Such a security strategy will lead to less risk of data theft and data breaches, as well as shore up regulatory compliance, according to the report's authors.
The 59 percent statistic is alarming, analyst and report author Chris Sherman told the Wall Street Journal.
"We expected the number to be higher," Sherman said. "This shows that healthcare has a way to go before they can say that they have data protection."
According to the report, 39 percent of healthcare security incidents in the past nine years have involved a device loss or theft. The incidents accounted for nearly 80 percent of all reported data breaches involving healthcare records.
"Endpoint data security must be a top priority in order to close this faucet of sensitive data," Sherman said, adding that in addition to endpoint security, medical enterprises need to improve encryption technology, implement better data monitoring and ensure only authorized data access.
As FierceMobileHealthcare reported in early August, another study revealed that the global healthcare industry is not keeping pace with mobile device security. IDG Connect's research states unauthorized device use and data leaks are top security issues, ahead of phishing and targeted attacks, and the issue was noted as a concern by 60 percent of those polled on healthcare device security.
Weak security is one of several reasons medical professionals are still shying away from mHealth device use, according to a recent VentureBeat report.
While recent data breach events at healthcare organizations are getting more attention and spurring a bigger focus on security, Sherman said he believes many healthcare tech leaders don't realize the monetary value of healthcare data. The selling price, he told WSJ, ranges from $20 for one health record to $500 for a patient's complete record.
Mobile device security in health industry 'immature'
Docs show little interest in mobile data tools, wearable devices
Little privacy protection for personal health data culled from fitness-tracking apps
FTC mobile health privacy revelations deserve more attention