Patient Data at Risk – Nearly 50% of Healthcare Providers Admit BYOD Security Policies Aren’t Being Followed

Healthcare IT pros know sometimes staffers can have a bit of a lackadaisical attitude towards securing digital devices. That mentality isn’t great when employees are using those devices strictly during their personal lives. But when they bring those devices to work as part of a BYOD policy, it can be catastrophic.

For some folks, the only time they think about digital security is right after something goes wrong. Say, the Heartbleed vulnerability is used against a major organization or a bunch of celebrities’ personal accounts are broken into.

Right on the heels of one of those big news items, people will ramp up their security efforts, start using more secure, complex passwords and so on, but then over time that vigilance can start to fade again.

If they aren’t being vigilant and they’re using a personal device for professional purposes, employees in the healthcare industry aren’t just putting their own data in danger, they run the risk of exposing the sensitive – and HIPAA-protected – info of countless patients. 

Clearly spelling out what a staffer needs to do in order to secure his or her device in a BYOD policy is a great start, however too many healthcare organizations seem to be leaving it at that.

In fact, almost half (46%) of healthcare providers admitted that, while they have a policy in place for securing devices, that policy isn’t being followed to the letter, according to a recent poll conducted by Deloitte.

Without the proper enforcement of every aspect of a policy, it won’t be long before employees start to look at an organization’s finely-tuned, hardened BYOD rules as nothing more than a nice bunch of tips and suggestions.

And it’s not just the more advanced or involved parts of a BYOD policy that employees aren’t following. Even the basics aren’t making an appearance on their radars, according to separate research done by Cisco.

It found:

• 9 in 10 employees use their smartphones for work
• 40% don’t password protect their smartphones, and
• 51% of people connect to unsecured wireless networks on their smartphone.

If employees are letting basics like password protection and being wary of unsecured wireless networks go by the wayside, there’s no telling what other BYOD rules they may be forgetting.

The BYOD landscape is in a period of flux right now, especially on the heels of the major California Court of Appeals ruling in the case of Cochran v. Schwan’s Home Service, which requires companies to reimburse workers for business calls made from personal phones. Some are predicting this ruling, which only applies to calls and not data or app usage as of now, could have a major impact on companies’ acceptance of BYOD programs and could lead to an about-face as they explore other, more cost-effective solutions. But for the foreseeable future, that ruling only applies to California and so the BYOD trend as a whole won’t be going anywhere.

Holding regular refresher training to keep those security basics top of mind is a critical part of the puzzle that is managing a safe and secure BYOD program. Another important piece is having a partner like Arraya Solutions.

There’s no shortage of solutions out there designed to help organizations manage and secure their BYOD programs. Arraya can help organizations sift through what’s available, select the one that best fits their individual needs and then guide them through the implementation process.

One option to consider is VMware’s Horizon suite. This unique approach to BYOD is built on linking applications and customized virtual desktops to users’ identities and not to specific devices. End users are happy because they’re free to access their data and apps from anywhere, on any qualified device and IT is happy because they can focus less on devices and more on user experiences and activities.

Healthcare providers might also want to take a closer look at Cisco’s BYOD solution. This is built on the idea that a true BYOD solution isn’t a single, isolated product, but instead it must be fully integrated into an intelligent network. Cisco offers a thorough solution architecture which combines multiple network elements to ensure secure device access, visibility and policy control. 

Microsoft also provides organizations with a variety of ways to better manage BYOD. Windows 8.1 has been enhanced to better support a mobile workforce. Among the recently added features is Workplace Join, which gives IT administrators more precise control of corporate resources and Work Folders, a feature that lets users keep copies of work files on their devices, with automatic synchronization to a data center. This gives the user the option to access that data from other devices. System Center & Windows InTune can also be leveraged to create a responsive environment for mobile users that also meets Microsoft’s compliance requirements.

Once an organization has the right BYOD platform in place, Arraya can monitor the availability, health and performance of that – and the rest of an organization’s devices and applications – with its Alert 365⁺ solution.

This enterprise monitoring solution features a distributed, redundant framework, so IT pros will be able to rest easier knowing their organization’s devices and apps are always covered by the watchful eye of Alert 365⁺. If there’s an issue, IT teams will know about it before whatever the problem is has a chance to do any damage to their systems.

Visit http://go.arrayasolutions.com/healthcare.html to learn more about healthcare technology solutions from Arraya and make sure to register for our upcoming event, Stories of Success: How IT Decision-makers are Changing the Game in Healthcare, which will take place at Ruth’s Chris Steakhouse in King of Prussia, PA, at 4:00 p.m.