The Fitness of Mobile Health Security

For the most part mobile security is often looked at under the context of mobility and enterprise. As trends drive solutions and capabilities towards more personal use like healthcare monitoring; app security and mobile security affect our personal lives in a much broader way.

Mobile devices are increasingly used in medical and healthcare monitoring.  Patients are using smartphone connected devices such as blood pressure and heart rate monitors for health and fitness tracking.  Data collection such as glucose monitoring for diabetic patients can now be done in near real-time with your phone.  More and more your smartphone is becoming the centralized datastore and communication channel for your aggregate personal data, including your medical and health information.

Medical professionals are embracing mobility as well. This is especially beneficial for remote patients, where smartphones may be the primary communication vehicle with the doctor through means such as phone calls, SMS and transmission of monitored health information.

Additionally, the patients have new interfaces to the medical system, using their smartphones for simple tasks such as appointment schedule to prescription filling and accessing their own medical records.

The digitization of the healthcare system is attracting the attention of cyber criminals. This results in ransomware attacks, phishing attacks and breaches that leak personal records.  Last year saw leaks of hundreds of thousands of personal records, hospital records held ransom.  Thieves initially were targeting financial and billing information, this has grown to ransomware encrypting patient records holding hospitals hostage until millions of dollars have been paid.  Healthcare breaches don’t just have financial implications, they are significant breaches of privacy, exposing a person's most sensitive information.

To combat this cyber threat, cybersecurity spending in healthcare is expected to grow to $65billion over the next 5 years.

Mobility is a vector.  

Smartphones and tablets are considered the second most important technological invention in medicine after the stethoscope.  The increased use of smartphones and tablets for both medical professionals as well as patients in tracking and communicating sensitive health information means they will become points of attack for cyber criminals. You will see cyber criminals attempting methods such as phishing attacks through mobile apps masquerading as legitimate applications which breach a user’s credentials resulting in leaked access to personal records.  

Healthcare industry is playing catch-up.

Until recently IT spending in healthcare has lagged behind other verticals.  There has been a lack of awareness, security expertise and budgets primarily focused on healthcare, not IT. That trend is changing with many high-profile breaches and ransom attacks, the healthcare industry is expected to be adopting cybersecurity technology at rates similar to other verticals.

From a mobility perspective, it is critical to protect both organizations and users.  Re-packaged apps can lead to loss of trust of a brand.  As part of a holistic IT Security solution, there is a need to ensure that the privacy and security risk posture is well understood and acceptable for both applications being deployed to healthcare professionals as well as apps developed for patient use.

The blurred lines will continue to grow

As we move forward the line between business and personal, public and private, open and confidential will continue to be tested. Your personal health should be exactly that, personal, however we’re entering an era where cyberattacks are targeting health related applications and the tables are still in favor of attackers vs protectors. While we all want to embrace this new trend in healthcare, especially when it makes a meaningful difference to our quality of life, we need to do so with a clear understanding of the associated risks.

What to do next

Contact us to see a demonstration of the RECON Platform

Watch an overview of the Mi3 Security Portfolio