BYOD has already made big waves within healthcare organizations, providing both benefits and challenges. The IoT brings even more security considerations
Bring-your-own-device (BYOD) is a practice many hospitals are implementing as network costs rise, physicians have specific model preferences, and staff members are required to be available at all times.
In a BYOD healthcare survey conducted by Spok, 71 percent of hospital officials said they offer some form of BYOD for employees. Physicians reportedly use the benefit more than other hospital staff members (62 percent). But with the growing prevalence of the Internet of Things (IoT) throughout healthcare organizations, BYOD may have already begun taking on a new meaning and thus bringing different, bigger, concerns.
First, let’s take a look at how BYOD is being implemented within hospitals, and then we’ll assess how security considerations could be addressed moving forward.
First and foremost, what is BYOD? Do you just show up at work with a phone and connect to the network?
In essence, yes. BYOD allows employees of a company to choose and provide their own devices to use for work purposes, whether they’re smartphones, tablets, or laptops. This saves businesses the cost of purchasing new devices for everyone while allowing workers to use the devices they’re already familiar with.
The trend isn’t all that new – the practice has been prevalent for more than a decade now. But it’s been slowly building since then, especially with the rise of new kinds of devices like smartwatches and other wearables.
The 2018 Bitglass BYOD Report indicated that 76 percent of organizations are now making BYOD available to employees and that these organizations are increasingly offering contractors, partners, customers, and suppliers the option to use their smart devices to access company information as well.
Given that hospitals are some of the most diverse and dense networks across organization types – requiring hundreds of devices that need regular updates or replacements – BYOD is a game changer. However, there are many risks and challenges to this approach.
BYOD challenges for hospitals
The same Spok survey mentioned above also provided information about hospitals that choose not to use BYOD. These organizations’ number-one reason for prohibiting it? Data security.
These concerns include the possibility of leakage of data to unauthorized sources or uncontrolled uploads and downloads. There’s no doubt that cybersecurity is a big risk factor with BYOD within hospital networks, as devices with access to sensitive information may not be properly tracked or protected.
For healthcare organizations in particular, there are big risk factors for the unauthorized distribution of health information including:
- Lost or stolen mobile devices
- Downloading viruses or malware by accident
- Unintentional disclosures to unauthorized users
- Unsecured wireless network usage
These risks create a pretty tricky situation for companies: it would not be popular to start monitoring everything employees can do on their own devices, but lack of monitoring poses risks to data and overall networks.
Hospitals should be sure to:
- Implement passwords or other user-authentication practices
- Install and enable encryption on both company devices and BYOD devices
- Activate wiping or remote disabling
- Disable file-sharing apps
- Install firewalls and other security software
- Update security software regularly
- Regulate and research apps
- Protect the transmission of health information over public Wi-Fi networks with added security measures
- Ensure all health data is removed from a device before reusing or disposing of it
The IoT and cybersecurity
As more solutions are introduced to combat cybersecurity challenges that hospitals face with BYOD, it could become a more prevalent practice. The IoT, which Forbes called “BYOD on steroids” for organizations, may be the biggest reason why.
The IoT is a massive network of diverse devices that communicate and share data. These devices could be personal wearables, machines, medical implants like heart monitors, sensors, or any other object with an IP address. As you can imagine, these devices are many and varied in a hospital and its network. While they provide many benefits to both caregivers and patients, such as the ability to engage in more efficient remote monitoring, smart sensing, and patient interactions, they also bring additional challenges for network monitoring, performance, and security.
Pair these issues with BYOD risks and hospital IT personnel have their work cut out for them. And the fact is, some cyberattacks may be inevitable regardless of tech security. The Scientific American points out that cybersecurity is just as much about managing the people within a hospital network as it is machines; specifically, by ensuring they are following applicable procedures.
Aside from educating staff and patients about best practices, hospital IT professionals can still minimize risk with the right plans in place. Some hospitals are incorporating cloud-based data storage within a mobile device network they have created. They’re then able to build a network wall that creates better protocols for security, such as determining which mobile devices are able to use the network and when. More efficient authentication processes are also being put in place so that apps managing patient data are further protected. Those apps could then be easily wiped if the device is stolen or an employee leaves the company. In essence, cloud-based storage prevents data from living on personal devices and is instead stored within the hospital’s network.
The Center for Connected Medicine and the Health Management Academy surveyed healthcare IT executives in its 2019 Top of Mind Report and found that 87 percent of respondents expect to pay more for cybersecurity in 2019, and 60 percent believe their health data will be stored in a hybrid or private cloud within three years.
With the IoT now a reality, it’s more important than ever for healthcare organizations to manage medical records and patient data in ways that will be secure and accurate while taking advantage of the value that wearables and BYOD can bring caregivers and patients alike.
7SIGNAL® is a leader in enterprise Wireless Network Monitoring. The 7SIGNAL platform is a cloud-based Wireless Network Monitoring (WNM) solution that continuously troubleshoots the wireless network for performance issues – maximizing network uptime, device connectivity, and network ROI. The platform was designed for the world’s most innovative organizations, educational institutions, hospitals, and government agencies and is currently deployed at Booz Allen Hamilton, IBM, Kaiser Permanente, Walgreens, Microsoft, and many others. 7SIGNAL continuously monitors the connectivity of over 4 million global devices. Learn more at www.7signal.com.