Tips for Reducing Mobile Device Security Risks

Security has always been an issue. Recently personal health records have become a target to hackers. HIPAA compliance is now enforcing to limit these hacks which are mainly targeted through mobile devices. Due to the rise in mobile medical practice such as Apple Watch, Fitbit, and other methods to track ones medical information, these devices are easily hackable. Laptops are another potential because of the access a patient can have to their online medical records.
Between January 2015 and October 2017, there have been 71 reported breaches which involved laptops, smartphones, tablets and portable storage. These breaches have exposed nearly 1,303,760 patient information including plan numbers and records.  The table below shows the impacted organizations and the penalty that was handed down for failing to comply with HIPAA.
Covered EntityHIPAA ViolationIndividuals ImpactedPenalty
Children’s Medical Center of DallasTheft of unencrypted devices6,262$3.2 million
Oregon Health & Science UniversityLoss of unencrypted laptop / Storage on cloud server without BAA4,361$2,700,000
CardionetTheft of an unencrypted laptop computer1,391$2.5 million
Catholic Health Care Services of the Archdiocese of PhiladelphiaTheft of mobile device412$650,000
Some tips to avoid being part of the hacked are listed below. These are all heavily emphasized by HIPAA.

  • Implement policies and procedures regarding the use of mobile devices in the work place – especially when used to create, receive, maintain, or transmit ePHI.
  • Consider using Mobile Device Management (MDM) software to manage and secure mobile devices.
  • Install or enable automatic lock/logoff functionality.
  • Require authentication to use or unlock mobile devices.
  • Regularly install security patches and updates.
  • Install or enable encryption, anti-virus/anti-malware software, and remote wipe capabilities.
  • Use a privacy screen to prevent people close by from reading information on your screen.
  • Use only secure Wi-Fi connections.
  • Use a secure Virtual Private Network (VPN).
  • Reduce risks posed by third-party apps by prohibiting the downloading of third-party apps, using whitelisting to allow installation of only approved apps, securely separating ePHI from apps, and verifying that apps only have the minimum necessary permissions required.
  • Securely delete all PHI stored on a mobile device before discarding or reusing the mobile device.
  • Include training on how to securely use mobile devices in workforce training programs.

Link to the article: https://www.hipaajournal.com/mobile-device-security-risks/

Comments

Post a Comment

Popular posts from this blog

How Can Healthcare Organizations Prevent Phishing Attacks?

Phishing sites have become a major issue, especially since the number of these sites is growing rapidly. Webroot reported in December 2016 that there are more than 13,000 new phishing sites created every day, nearly 390,000 each each month. By the third quarter of 2017, the number of phishing sites grew by more than 46,000 per day, roughly 1,385,000 per month. On average a phishing site can be up and running anywhere from 4-6 hours before it is blacklisted. To fight this, companies need to create a better way to detect phishing sites. Although 4-6 hours is a short time, these sites can capture thousands of credentials before being shutdown. Not only do these sites show a high success rate, they also contain SSL Certificates; this "ensures" the end user that the site is safe. Phishing sites do user their own domains, however DUO showed that many legitimate sites are being compromised and phishing kits are being loaded onto them. The study identified more than 3,200 unique fis...
Read more

October 2017 Healthcare Data Breaches

Image
2017 has been a busy year for HIPAA and security analysts as the year ends with a large number of data breaches. October has been reported to have 27 data breaches which resulted in about 71,377 thefts or exposures. October is reported to have the least amount of breaches, the highest being September. Main targets have been the healthcare providers where in October, 19 breaches were reported.There were six data breaches reported by health plans and at least two incidents involved business associates of HIPAA-covered entities. Main causes of these incidents in October were the result of unauthorized access. 14 breaches were reported to be unauthorized access, 8 hacking incidents and 4 theft cases, and 1 non-encrypted hardware loss. Breaches in October were reported between 22 states, highest reported state is Florida with 3 breaches. Other states included in the breaches are: Alabama, Arizona, California, Connecticut, Georgia, Iowa, Illinois, Kansas, Kentucky, Louisian...
Read more