A security consultant tells Healthcare IT News in an interview that security threats to the information systems of healthcare organizations are proliferating with the growth of mobile devices, embedded devices, virtualization software, social media and IT consumerization. But a recent study on health data losses cast doubts on some of his assertions.
Frank Andrus, chief technology officer of Bradford Networks, a security firm in Concord, N.H., says that the operating systems of mobile devices are targets for virus attacks. The use of "network access control" (NAC) solutions could help organizations fend these off, he adds.
Tablets, other mobile devices, medication scanners, patient-monitoring systems and imaging devices all have embedded connectivity that is vulnerable to viruses, Andrus continues. And many healthcare systems are using "virtualization" strategies that allow them to run multiple applications on the same server. Hosted virtualized desktops, Andrus says, have the same security issues that real PCs do, so organizations should deploy programs to protect them against attack, as well.
It all sounds logical, and following Andrus' recommendations can undoubtedly safeguard patient data better than many organizations currently do. But a new report that analyzes data from the Department of Health and Human Services (HHS) finds that hacking was involved in just 6 percent of data loss incidents. Physical theft, human error, and misplacement of computers and mobile devices were responsible for most of the security breaches.
What do you think? Is Andrus on the right track with his warnings and suggestions? Or do we need to just be more careful with our devices?