Bring-Your-Own-Device (BOYD) is the new perk at healthcare facilities.
But would you believe that, according to a new survey by Coalfire, security isn't high on the list of priorities – for both employers and employees?
According to a story by Eric Wicklund, not surprisingly, experts are warning that many healthcare organizations may be violating HIPAA guidelines for protecting sensitive patient data.
"They're not keeping pace with the changes in technology," as Rick Dakin, CEO and chief security strategist for the Louisville, Colo.-based IT governance, risk and compliance firm, told Wicklund. "And this isn't just a minor shift – it's the tectonic plates of IT shifting."
Forty-nine percent of the 400 individuals surveyed in different industries across North America responded that their IT departments haven't discussed security issues on mobile devices with them, and, even more disturbing, 51 percent say their companies don't have the capability of remotely wiping data from a device if it is stolen or lost, Wicklund reported.
No one is denying that the BYOD trend doesn’t improve loyalty and productivity, according to Jeffrey Burt. But the fact that 91 percent of corporations are now allowing smartphones, tablets, USB drives, and optical storage on their internal networks, and that 40 percent of "IT decision makers" at these companies admitted to "unintentional exposure of corporate data" due to the loss or theft of these devices, is very concerning, Jacqueline Emigh noted. The data was obtained in a new study by the Harris Interactive on behalf of Imation.
“The BYOD trend is not slowing down, and while it has many benefits, it’s also introducing a number of new security risks that may be foreign to many companies,” Dakin said in a press release accompanying the survey. “The results of this survey demonstrate that companies must do much more to protect their critical infrastructure as employees work from their own mobile devices, such as tablets and smartphones, in the workplace. Companies need to have security and education policies in place that protect company data on personal devices.”
And while providers might have security systems in place to protect data on PCs, “less than half had similar controls in place for mobile devices,” according to Wicklund. In addition, providers aren't conducting annual audits to identify new threats, new environments, and new and justified controls, as required by HIPAA.
Edited by
Brooke Neuman
