It has been indicated by the Verizon Mobile Security Index 2019 report that 25% of healthcare organizations have experienced a security breach which involved a mobile device in the past 12 months.
Despite all businesses facing similar risks from mobile devices, it appears that healthcare organizations are addressing risks better than most other industry sectors. Out of the eight industry sectors that were surveyed, healthcare experienced the second lowest number of mobile security incidents, just behind manufacturing/transportation.
Healthcare mobile security breaches have fallen considerably in the past couple of years. Since 2017, 35% of surveyed healthcare organizations claimed they had experienced a mobile security breach in the past 12 months.
Although the figures suggest that healthcare organizations are getting better at protecting mobile devices, Verizon argue that may not necessarily be what is happening. A suggested explanation is that healthcare organizations may simply be struggling to identify security incidents involving mobile devices.
Out of all the healthcare organizations surveyed, 85% believed that their security defenses were effective. What’s more, 83% said they believed they would be able to detect a security incident quickly. That confidence may be misplaced as 25% of healthcare organizations have suffered a breach involving a mobile device and 80% of those entities were made aware of the breach from a third party.
As mobile devices are used regularly to access or store ePHI, a security incident could easily result in a breach of ePHI. 67% of all healthcare mobile security incidents were considered major breaches. From those breaches, 40% had significant lasting repercussions and, in 40% of cases, it was said to be difficult and expensive to remediate the situation.
67% of mobile device security incidents involved other devices being compromised, 60% of organizations said they experienced downtime as a result of the breach, and 60% said it resulted in the loss of data. 40% of healthcare organizations that suffered such a breach said multiple devices were compromised, downtime was experienced, and they lost data. 30% of breached entities said that cloud services had been compromised due to a mobile security breach.
The main security risks were seen to be related to how devices were used by employees. 53% of respondents claimed personal use of mobile devices posed a major security risk and 53% said user error was also a significant problem.
Out of all the healthcare organizations that were surveyed, 65% were less confident about their ability to protect mobile devices than other IT systems. Verizon claims that this could be partly explained by the lack of effective security measures in place. An example of this can be seen with just 27% of healthcare organizations using a private mobile network and only 22% having unified endpoint management (UEM) in place.
It was also confirmed from the survey that users are taking major risks and are breaching company policies. Across all industries, 48% of respondents said in order to get tasks completed, they sacrificed security. This percentage was only at 32% last year. 81% admitted to using mobile devices to connect to public Wi-Fi, despite the fact that in many cases doing so violates their company’s mobile device security policy.