Americans love their cell phones, and doctors are no exception.
Hackers love handheld computers because they are a goldmine of personal information, medical data and corporate intelligence when doctors use them at work.
According to the Health Sector Cybersecurity Coordination, “Mobile devices are ubiquitous in the healthcare sector, storing and processing Personal Health Information (PHI) and other sensitive data, making these devices an important part of healthcare operations. It could become,” he said. Center (HC3) of the U.S. Department of Health and Human Services (HHS).
“Therefore, data and functionality must be protected,” says the latest “HPH Mobile Device Security Checklist” published by HC3. That agency and the Office of the National Coordinator for Health Information Technology (ONC) have tips for securing mobile and handheld electronic devices.
One of the easiest ways is to literally keep it out of the wrong hands.
“Devices must be physically protected at all times, including on corporate premises, user residences, and in transit,” says HC3 List. “Users should take precautions to ensure that passwords, PHI, and other sensitive data are always secure.”
Here are the latest tips for HC3:
Control wireless broadcasts. Wireless Internet access, Bluetooth connections, and broadband cellular connections should be disabled, and connection specifications removed if not needed.
Limit connections. Be careful of the networks you connect to, especially public or untrusted networks.
Limit apps. Hackers can infiltrate through apps, so use only the bare minimum of applications to reduce the attack surface of your device.
certification. Passwords should be complex and should be changed regularly, and users should be masked when entering passwords. Where practical, use multi-factor authentication. After a period of inactivity, the screen will be locked.
encryption. End-to-end encryption is recommended for all mobile devices and is required for protected health information by the Health Insurance Portability and Accountability Act.
backup data. HHS recommends a 3-2-1 approach of storing health data in three copies, two on different media, and at least one off-line.
Please use security software. Virus, spyware, and other cyber-attack prevention software should be installed when available.
composition. Operating systems, apps, and security software must be configured for full functionality and then configured for maximum security.
time to remember. Use periodic reminders, such as login prompts, to remind users that they are working with sensitive health information that must be protected.
remote wipe. Mobile devices need a way to remotely wipe data if the device is reported lost or stolen.
inventory tracking. Track all mobile devices used for PHI, whether company-issued or personally owned. Devices taken out of service must be wiped of data.
More information on healthcare cybersecurity is available on the HC3 website and the ONC website HealthIT.gov.