Despite the compliance challenges and privacy risks inherent to the industry, healthcare professionals continue to push toward a mobile-first approach to accessing critical data, including HIPAA-protected patient information. In fact, according to Skycure’s Mobile Threat Intelligence report issued this spring, 99% of doctors are now using mobile devices in the workplace and nearly three-fourths (74%) are using multiple devices. While the benefits can be great, the mobile devices of physicians with access to sensitive information are becoming prime targets for hackers looking for a payday.

News that a hacker acquired personal information on nearly 10 million patients and put it up for sale online indicates a worrisome shift in ransomware attacks on hospitals and databases targeting access to personal patient information. According to a recent article in Medscape, doctors with lax information security practices expose themselves to Health Insurance Portability and Accountability Act (HIPAA) violations and large fines, in addition to putting their patients’ information at risk.

Yet, tragically, the Skycure report further indicates that many doctors are not adopting even the simplest mobile device security practices. For instance, some 14% of mobile devices that contain patient data aren’t protected by a passcode. Rather than stripping physicians of access to mobile devices that may enhance their productivity and patient service, doctors can put the following common-sense tips into practice for protecting HIPPA patient information and, in-turn, their own reputations.

  1. Encrypt laptops and other devices so that the information on them will be simply be unusable to anyone who steals them. If your organization doesn’t have an enterprise-grade solution in the budget, consider using the built-in encryption programs available on most modern operating systems in the meantime.
  2. Don’t let convenience trump good security. No amount of encryption will keep a hacker out of your files if you use weak or easy-to-guess passwords (or none at all!). Also, use anti-virus programs and keep them up-to-date, and install operating system updates to protect devices from known exploits.
  3. Practice safe surfing. The author of the Medscape article emphasizes the importance of understanding and recognizing phishing scams, where hackers send emails with links or attachments that trick users into giving them access to their information, either by providing their credentials to a bogus web site or by executing malicious software on their machine. Professional security training can help prevent these types of attacks from spreading easily among coworkers in your office or organization.

A little effort toward protecting HIPAA patient information and ensuring your practice meets regulatory requirements can go a long way in helping ensure you fly under hackers’ radar. Contact our team for help incorporating a mobile threat defense platform for greater peace of mind.