Photo by tonybangkok On Envato Elements
Cell phones are often targeted by hackers since they contain a wealth of personal information, as well as potentially valuable health care and corporate data if they are used by doctors for work purposes.
Mobile devices play a significant role in the healthcare industry, storing and processing private health information (PHI) and other sensitive data.
The Health Sector Cybersecurity Coordination Center (HC3) of the U.S. Department of Health and Human Services (HHS) emphasizes the criticality of protecting these devices in healthcare operations.
The recently updated “HPH Mobile Device Security Checklist” published by HC3 highlights the need to safeguard the data and functionality of these devices. The Office of the National Coordinator for Health Information Technology (ONC) and HC3 provide tips on ensuring the security of mobile and handheld electronic devices.
One simple yet effective measure is to prevent unauthorized access by keeping the device secure at all times. This includes securing it at the healthcare facility, the user’s residence, and during transit.
Users should also take precautions to ensure that passwords, PHI, and other sensitive data are always protected.
The most recent tips from HC3 include:
Restrict wireless transmissions. Disabling wireless networks, Bluetooth connections, and broadband cellular connections and removing connection settings when not in use is recommended.
Restrict your connectivity. Exercise caution when connecting to networks, particularly public or untrusted ones.
Reduce the number of apps. Cybercriminals can exploit vulnerabilities in apps, therefore, it is advisable to only use the necessary applications to decrease the potential for a device to be targeted.
Authentication. To ensure secure access, it is important to have strong and regularly updated passwords. Additionally, it is recommended to mask passwords when entering them and implement multifactor authentication whenever possible. To prevent unauthorized access, screens should automatically lock after a period of inactivity.
Encryption. It is highly recommended to use end-to-end encryption on all mobile devices and it is mandatory under the Health Insurance Portability and Accountability Act to protect health information.
Data Backup. According to HHS, a recommended approach is to have three copies of health data, stored on two different mediums, with at least one being offline.
Employ security software. It is important to have software installed to protect against viruses, spyware, and other cyberattacks.
Configuration. To ensure both full functionality and maximum security, it is important to properly configure operating systems, apps, and security software.
Reminder Time. Implement regular prompts, such as login notifications, to remind users that they
Remote deletion. In case a mobile device is reported missing or stolen, it is important to have a method for erasing data remotely from the device.
Tracking Inventory. Monitor all mobile devices, whether they are provided by the company or owned personally, that are utilized for PHI. Any devices that are no longer in use must have their data erased.
More information about healthcare cybersecurity is available through the HC3 website and the ONC website, HealthIT.gov.
Download our complimentary guide to learn how to effectively outsource your IT challenges. It’s akin to having a reliable tech expert at your disposal. Save time, money, and maintain your peace of mind.
