Should Healthcare Professionals Worry About Personal Device Security | Cassie Phillips | RxEconsult
Menus

All Health Articles

Should Healthcare Professionals Worry About Security On Their Personal Devices? Category: Health IT by - August 21, 2017 | Views: 1146 | Likes: 1 | Comment: 0  

Data breaches are a regular and real threat facing healthcare professionals. If the NHS attacks in the UK taught us nothing else, it’s that the scope of an attack can be catastrophic and that the vital services provided to patients can and will be interrupted.

Yet with the rise of “bring your own device” (BYOD) policies, in conjunction with new and old tactics cyber criminals use to obtain data, risks still present themselves, and healthcare professionals such as you should know how to safely use your personal device to prevent any issues.

The main questions and factors are as follows:

What Are the Potential Costs of a Data Breach?

A cyber security breach could take many forms, and the information gained from a personal device could be used in many ways. Here are a few examples:

1. Your personal credentials could be stolen and used to perform identity theft. Along with the common financial difficulties and inconveniences associated with this, your good name could be used to disseminate bad medical advice, potentially authorize poor procedures or prescriptions (this is in extreme cases, but it’s well within the realm of possibility), or create false records.

2. If you have any patient or organization information (this is not recommended) on your device, it could be stolen.

3. The accounts you access on your device could be compromised. This includes your personal email, any social media accounts you use from your device and online services you access. The likelihood of a professional not discussing or interacting with their workplace from such a device is small.

There is a need to protect devices and information from the above examples.

What Are Devices Being Used for?

How you use your personal devices in the context of your life and career matters a great deal in terms of the cyber security of the records and information with which you come into daily contact. Consider the following:

  • If you regularly work with sensitive data, you should have a device assigned to you at work (or a work laptop and/or smartphone). These devices are usually cleared for more sensitive matters and have advanced cyber security software on them. You should not use your personal device for work matters that could otherwise be handled by this work device.
     
  • If you talk to colleagues about work matters on your personal device (not recommended, but perhaps unavoidable), you will need to add some additional protections to it. An encrypted messaging app and some security software will go a long way. If you are asked suspicious questions, a colleague’s phone or account might be stolen. Use caution.
     
  • If you rarely have to deal with work outside of the office, then treat your device as normal. Be careful, of course, but no additional or special security measures should be required.

What Standards Need to Be Met?

Healthcare is a diverse field with a lot of different positions. The type and amount of data you personally handle on a regular basis will be highly dependent on what you do in the field. You will also need to make sure that you are meeting proper standards as determined by your workplace. Some employers do not allow the use of personal devices for any work-related reason.

It will be important to review HIPAA protocols and make sure that in your use of your personal device you are not breaching regulations. You might need to modify your personal device to meet regulations to be able to use it, and you’ll have to decide whether that is worth the convenience.

What Environments Are They Being Used in?

It is vital you consider both the network you are using and the other people using it at the same time. Consider the following situations:

  • If you are using a public network, you are in an unsafe environment, and if your device contains any semblance of healthcare information, you should disconnect your device immediately unless you are using some form of protection, such as a VPN.
  • If you are using your protected home network, your personal device is likely fine so long as you have the basic protections of a security suite and firewall. While you are still (and always) vulnerable to phishing and social engineering attacks, those threats must be met with knowledge and caution.
     
  • You will want to check on work networks to determine the level of security they have. If they are available to patients or other visitors, you should not use your personal device on them.

Perhaps most importantly, professionals will need to remember that cyber security is an evolving field and that the tools and tactics of today might not work tomorrow. Vigilance will be required, and investments will be necessary to defend patients’ rights to privacy. I recommend that you regularly review news and cyber security information to stay current.


For More Healthcare Insights Join Us On Twitter
and Facebook. Join The Community To Publish Articles.

Copyright 2017 RxEconsult. All Rights Reserved | Privacy Policy | Terms of Use | Sitemap