The health care industry's adoption of mobile technology poses certain security risks to health data, according to a report by the Department of Homeland Security, Government Computer News reports (McCaney, Government Computer News, 5/16).
DHS' National Cybersecurity and Communications Integration Center issued the report, titled, "Attack Surface: Healthcare and Public Health Sector" (Horowitz, eWeek, 5/16).
About the Security Risks
The report stated, "Since wireless medical devices are now connected to medical [information technology] networks, IT networks are now remotely accessible through the medical device."
It added that "communications security of medical devices to protect against theft of medical information and malicious intrusion is now becoming a major concern" (Kurtz, Becker's Hospital Review, 5/17).
The report noted that security threats against mobile devices -- such as smartphones and tablet computers -- include:
- Introduction of spyware and other malicious software;
- Loss of treatment records or test results; and
- Theft of patient data.
DHS' Recommendations
In the report, DHS recommended that health care organizations:
- Purchase only devices that have well-documented security features and can be configured safely to the organization's IT network;
- Require vendor support for firmware, software patches and antivirus updates;
- Operate well-maintained firewalls;
- Create and enforce password policies to protect patient data; and
- Protect communication channels -- particularly wireless channels -- by using authentication and encryption (Government Computer News, 5/16).