8 strategies for tightening mobile security at hospitals

More than 5 percent of all Apple and Android smartphones will be infected with some type of malware in the next year, security firm Trusteer predicts, according to a report in the UK-based Telegraph. While that might not sound like a large number initially, consider that it equates to one in 20 phones. That should be a frightening statistic for hospital CIOs, given that more than 60 percent of physicians currently are using smartphones, and 80 percent are expected to be using them by next year.

With that in mind, Rick Kam, president of security firm ID Experts, last week shared eight strategies to ratchet down mobile security for healthcare facilities. His advice includes:

  • Only allowing wireless devices to access--not store--patient data: If you do allow users to store sensitive data, be sure it is fully encrypted.
  • Requiring all users to set up the password protection on their wireless devices, and configure the screen to lock down after only a short period of inactivity.
  • Ensuring that your IT department turns on the Remote Wipe feature of all wireless devices, regardless of whether they belong to your hospital (and are distributed to clinicians and staff), or they are clinicians' personal devices.
  • Enabling Wi-Fi network security: As a best practice, use the newer version of Wi-Fi Protected Access protocols, WPA-2 (instead of WPA-1), whenever possible. Do not use wired equivalency privacy (WEP) protections.
  • Changing your system's default service set identifier (SSID) and administrative passwords.
  • Not transmitting your wireless router's SSID.
  • Requiring mobile devices to identify themselves via their media access control (MAC) address before they can log onto your network.
  • Implementing a wireless intrusion prevention system.

Consider that in the past two years, of 116 data breaches affecting 1.9 million patient records, more occurred because a mobile device was lost or stolen, according to new statistics released this month by the U.S. Department of Health and Human Services Office for Civil Rights (OCR).

In addition to Kam's advice, Robert Siciliano, CEO, IDTheftSecurity.com warned that mobile isn't just the latest gadget or toy. "[I]t's a huge target for criminal hackers," he said, "and [it] needs to be treated accordingly."

To learn more:
- check out the announcement on security concerns
- get more detail from Mobile Marketing Watch's coverage
- learn more about data security from Network World
discover more about malware from this Telegraph article