Healthcare Information Security

Mobile News

4 Tips to Locking Down, Securing Healthcare BYOD

Securing endpoints, educating digital users, and enabling good network protection and segmentation are key to entities securing healthcare BYOD practices.

healthcare BYOD security mobile security

Source: Thinkstock

By Bill Kleyman

- We are a connected world. Furthermore, our level of connectedness will only continue to increase. And, this is becoming even more so the case when we look at healthcare.

A recent CITO Research study showed that leveraging apps and mobile tools helps with improved employee productivity.

Their research found:

  • 30 percent of respondents said apps improve business processes.
  • 23 percent of those polled said apps increased productivity.
  • 20 percent said it gave them a competitive advantage.
  • 14 percent reported greater satisfaction as an employee.

Further workplace mobility statistics derived from the study include:

  • 91 percent of corporate employees are using at least one app that’s mobile.
  • 45 percent of companies employing 10,000 or more people provide apps to at least half of their workforce.
  • 56 percent are enabling mobile access to drive app adoption.
  • 35 percent are promoting business apps internally or in a company app store.

There’s no slowing down around this growth. Research from Strategy Analytics’ latest report indicates that the mobile workforce is forecasted to grow from 1.45 billion in 2016, accounting for 38.8 percent of the global workforce, to 1.87 billion in 2022, accounting for 42.5 percent of the global workforce.

How Does This Impact Healthcare?

READ MORE: Healthcare Endpoint Attacks Cost the Industry $1.3B Annually

First of all, Ponemon Institute recently calculated the average healthcare data breach costs to be $380 per record. While the average global cost per record for all industries is $141, healthcare data breach costs are more than 2.5 times that global average. Financial services came in second with $336 cost per record.

Secondly, when we look at healthcare, a recent study from PricewaterHouseCoopers shows that healthcare was one of the top three biggest mobile trends for 2016. PWC bases its projection on the fact that US adults who own web-enabled smartphone or other wireless device have at least one health or fitness app on their smartphone—an increase of 16 percent over the past two years.

All of this translates to more users leveraging more mobile devices that potentially have sensitive data on them.

Here’s the big question: How is your organization protecting all of this?

In my experience, working with workforce mobility has been a top project for healthcare organizations. To that extent, here’s a list of four great ways to help ensure you have a secure healthcare BYOD plan.

  1. Ensure end-points are locked down. Let me give you a very specific example: Ransomware. Oftentimes we encounter ransomware because a user opens an email file, clicks on a link, or brings in malware on a peripheral device. First of all, make sure user training around security is happening within your healthcare organization. This means discussing what to click on, what a malicious file or email looks like, and how to be proactive in everyday computing. From there, you can use powerful pieces of software to lock down end-points. Controls can be as granular as allowing only specific USB keys ending in a pre-specified serial number. Or, you can have approved devices which can be brought in and used. Finally, network sensors can interrogate end-user devices to ensure compliance with network security. This level of security must happen within both BYOD and corporate device scenarios.
  2. Enable good network protection and segmentation. Modern network gear has made it much easier to create good network policies around segmentation and security. So, you can ensure that there are network policies and monitors set specifically for mobile devise and mobile users. This means creating access policies around data sets, storage groups, specific network locations, and even user devices. Furthermore, ensure that you have good visibility into your network layer. This could include data loss prevention (DLP) technologies that analyze specific, sensitive, data sets within your network. Remember, your network layer acts as both a sensor and enforcer when it comes to security. A good network architecture may very well limit the impacts of a potential attack because of intelligent segmentation.
  3. Educating and supporting digital users. Your users are now a part of the digital revolution. Get used to the fact that non-traditional ways to consume healthcare resources is now the norm. So, you need to find ways to protect these users and how they access data. All the while, you need to be keeping them productive. New types of security solutions revolving around endpoint protection (EPP) and endpoint detection and response (EDR) are taking user security to a new realm. Now, we’re talking about AI within security, and even machine-learning capabilities. Furthermore, BYOD and mobility security solutions allow organizations to secure data transfer between on premise and hybrid cloud ecosystems.
  4. Always control the data flow. Do you know if your users are copying data onto their personal devices? Do you have a mechanism to ensure proper file sharing best practices? Corporate file sharing solutions allow you to create centralized file repositories that can sit both on site and in the cloud. You can control via policy which types of files stay on site versus what you place into cloud storage. Furthermore, you can assign compliance as well as security policies on specific data groups. This allows users to still access their files from anywhere, while allowing the administrator to apply appropriate policies. Basically, you can apply corporate controls over a file sharing architecture. Remember, there are a few options here as well. Similarly, you’ll need to align cloud file sharing solutions with your healthcare BYOD and communications strategies. Finally, make sure to select a cloud-ready file sharing technology that fits your use-case.  There are several choices here between Box, Accellion, Dropbox, Microsoft, Google, and Citrix ShareFile. Some of these offerings can give you very granular storage zone control where you can specifically limit where files can go and how they can be shared.

READ MORE: Healthcare Data Breach Costs Highest for 7th Straight Year

The pace of mobility won’t be slowing down. And those healthcare organizations that allow for greater levels of mobility can actually create some powerful competitive advantages.

Every mobility and BYOD strategy should be carefully planned out with growth in mind. Furthermore, you absolutely need to make sure you control the data which flows through all of those devices.

When designed properly, a good mobility strategy can go a long way with user productivity, improved healthcare services, and even better security best practices.


SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
Data Breaches

Our privacy policy

no, thanks

Continue to site...