Data breaches are a regular and real threat facing healthcare professionals. If the NHS attacks in the UK taught us nothing else, it’s that the scope of an attack can be catastrophic and that the vital services provided to patients can and will be interrupted.
Yet with the rise of “bring your own device” (BYOD) policies, in conjunction with new and old tactics cyber criminals use to obtain data, risks still present themselves, and healthcare professionals such as you should know how to safely use your personal device to prevent any issues.
The main questions and factors are as follows:
What Are the Potential Costs of a Data Breach?
A cyber security breach could take many forms, and the information gained from a personal device could be used in many ways. Here are a few examples:
1. Your personal credentials could be stolen and used to perform identity theft. Along with the common financial difficulties and inconveniences associated with this, your good name could be used to disseminate bad medical advice, potentially authorize poor procedures or prescriptions (this is in extreme cases, but it’s well within the realm of possibility), or create false records.
2. If you have any patient or organization information (this is not recommended) on your device, it could be stolen.
3. The accounts you access on your device could be compromised. This includes your personal email, any social media accounts you use from your device and online services you access. The likelihood of a professional not discussing or interacting with their workplace from such a device is small.
There is a need to protect devices and information from the above examples.
What Are Devices Being Used for?
How you use your personal devices in the context of your life and career matters a great deal in terms of the cyber security of the records and information with which you come into daily contact. Consider the following:
What Standards Need to Be Met?
Healthcare is a diverse field with a lot of different positions. The type and amount of data you personally handle on a regular basis will be highly dependent on what you do in the field. You will also need to make sure that you are meeting proper standards as determined by your workplace. Some employers do not allow the use of personal devices for any work-related reason.
It will be important to review HIPAA protocols and make sure that in your use of your personal device you are not breaching regulations. You might need to modify your personal device to meet regulations to be able to use it, and you’ll have to decide whether that is worth the convenience.
What Environments Are They Being Used in?
It is vital you consider both the network you are using and the other people using it at the same time. Consider the following situations:
Perhaps most importantly, professionals will need to remember that cyber security is an evolving field and that the tools and tactics of today might not work tomorrow. Vigilance will be required, and investments will be necessary to defend patients’ rights to privacy. I recommend that you regularly review news and cyber security information to stay current.