Healthcare tends to lag some other industries (such as financial services and manufacturing) in terms of regulatory requirements affecting technology, IT security investment, sophistication of policies, and use of available tools for enforcing policies. At the same time, people’s health information can be worth thousands of times more than their financial information, according to one 2017 Forbes article.
In healthcare, use of personal devices can introduce points of vulnerability where hackers can infiltrate, potentially putting PHI at risk. IT teams work to mitigate the risk and ensure HIPAA compliance through secure BYOD programs.
Seven Tips for a Secure BYOD Program
I’ve compiled recommendations for a secure BYOD program, in priority order:
1.Communicate, communicate again, and when you think you’ve done enough, communicate more.
Make sure your workers understand your policies, procedures, and tools with respect to BYOD smartphones and security. Verbal and written communication are equally important.
2. Reduce risk by educating users.
Education and awareness are the best defenses around! To paraphrase Bridget Duffy M.D., Chief Medical Officer at Vocera, “There are no HIPAA-compliant devices or processes. There are only HIPAA-compliant people.” One of the best ways you can improve cybersecurity is to build awareness with your users about why behaviors they see as perfectly normal can pose a risk to the facility.
3.Make policies clear and impossible for workers to ignore.
Key elements to include in a BYOD policy:
Administrators have the right to remotely wipe the device and destroy all data, at any time, for any reason.
End users must report the loss or theft of a device as soon as possible so it can be wiped remotely.
Administrators have the right to seize an employee’s device used on the organization’s network at any time and for any reason.
The organization has immunity to legal action by a user if the organization sees the user’s private information in the course of a security assessment or other investigation involving his or her device.
Maintain liability insurance that covers smartphone misuse, abuse, and hacking.
4. Require biometric authentication via fingerprint.
Every iPhone since the iPhone 5s launch in late 2013 allows users to log into the phone through a fingerprint scan on the home screen button, and the new iPhone X does it with facial recognition. The feature is now available on many Android phones as well.
Although fingerprint authorization might not prevent passive intrusion through a device into the organization’s network, it may help prevent unauthorized use of a device while it’s on the company network. It can also prevent someone in possession of a lost or stolen device from accessing your network during the interval before the device is reported missing and remotely wiped.
When you standardize software, make it secure software. At Vocera, we’re proud to call the security of our solutions “defense-grade.” The security credentials we’ve earned from the U.S. Army, Department of Defense, and American Institute of Certified Public Accountants are unsurpassed.
6. Allow single sign-on.
Enabling users to authenticate to individual applications simply by unlocking their smartphones will make their lives simpler and easier. Although some MDM solutions enable this capability, before you go this route take a look at whether you can allow single sign-on via the Active Directory you may already have.
7. Blacklist containers and personally-owned applications.
If you have an MDM solution or enterprise mobility management (EMM) solution, you may be able to prevent certain smartphone apps from using your network.
Similarly, putting your professional environment or selected applications in what’s called a “container” may secure them, but it places a noticeable performance burden on the smartphone and can require end users to swap between their personal and professional environments.
Healthcare can be low-hanging fruit for hackers. With effective communication, education, policies, and technologies within a secure BYOD program, you can avoid being eaten.
Subscribe To The Blog
Blog subscription request received. You will receive a confirmation email shortly.