A recent Cisco Partner Network Study titled BYOD Insights 2013 examined 1,000 responses from full-time American employees with smartphones and among the respondents were an unnamed number from the healthcare industry. Managing BYOD from a health security officer perspective is obviously top-of-mind, so reading how respondents use their own phones in a healthcare setting gives readers an idea as to the mobile security challenges that these professionals face.
A mere 36 percent of healthcare respondents stated that their employer would be prepared for the issues that are tied to BYOD. Another 36 percent don’t feel as though their organization is ready and 26 percent weren’t sure.
As the cost to provide phones rises and budgets decrease, BYOD numbers are increasing, but 88.6 percent of healthcare respondents using smartphones for work purposes is still a relatively high number. Only 11.5 percent said they don’t, which is scary if you consider not every healthcare organization has BYOD policies in place. Healthcare executives using the phrase “Wild Wild West” to reference mobile device management issues makes a lot of sense when you look at these numbers.
While encryption is the basic standard to avoid HIPAA and Office for Civil Rights penalties, one would assume healthcare employees would at the very least password-protect their smartphones if they’re using them for work purposes. However, only 59 percent of respondents protected their phones with a password and 41 percent did not. This is a disturbing figure because, though they can be hacked with ease, password protection should be a bare necessity for healthcare organizations.
Another 53 percent said they access unsecured or unknown Wi-Fi networks with their smartphone and 52 percent have Bluetooth discoverable mode disabled on their smartphone. These figures should be taken with a grain of salt in that we don’t know what percentage of the 1,000 respondents were from healthcare, but when paired with data breach statistics, BYOD continues to be a major healthcare security barrier.