The health care industry's adoption of mobile technology poses certain security risks to health data, according to a report by the Department of Homeland Security, Government Computer News reports (McCaney, Government Computer News, 5/16).
DHS' National Cybersecurity and Communications Integration Center issued the report, titled, "Attack Surface: Healthcare and Public Health Sector" (Horowitz, eWeek, 5/16).
About the Security Risks
The report stated, "Since wireless medical devices are now connected to medical IT networks, IT networks are now remotely accessible through the medical device."
It added that "communications security of medical devices to protect against theft of medical information and malicious intrusion is now becoming a major concern" (Kurtz, Becker's Hospital Review, 5/17).
The report noted that security threats against mobile devices -- such as smartphones and tablet computers -- include:
- Introduction of spyware and other malicious software;
- Loss of treatment records or test results; and
- Theft of patient data.
In the report, DHS recommended that health care organizations:
- Purchase only devices that have well-documented security features and can be configured safely to the organization's IT network;
- Require vendor support for firmware, software patches and antivirus updates;
- Operate well-maintained firewalls;
- Create and enforce password policies to protect patient data; and
- Protect communication channels -- particularly wireless channels -- by using authentication and encryption (Government Computer News, 5/16).