The Verizon Mobile Security Index 2019 report shows 25% of healthcare companies have had a security breach involving a mobile device in the past year. While breaches are still common, that is a significant improvement on last year when 35% of surveyed healthcare companies had experienced a mobile breach.
All organizations have to deal with similar risks when using mobile electronic devices; however, healthcare institutions appear to be mitigating those risks better than other industry sectors. Of the eight industries surveyed, healthcare had the second least number of mobile security breaches behind the manufacturing/transportation industry.
Although the statistics suggest that healthcare companies are now better at securing mobile devices, Verizon suggests that the figures could suggest that healthcare institutions are finding it difficult to identify mobile device security breaches when they do occur.
85% of surveyed healthcare companies were positive that they have effective security defenses and 83% said they believe they could identify a security incident quickly. Those figures suggest that many healthcare institutions have a false sense of security, as a quarter of healthcare companies had experienced a breach and in 80% of cases, they learned about the breach from a third party such as a patient or law enforcement.
Because mobile devices are frequently employed for ePHI access or storage, a security incident can lead to an ePHI breach. Of all the healthcare mobile security incidents, 67% were considered major breaches. 40% of the breaches caused serious lasting consequences and 40% of the breaches were difficult and expensive to remediate.
67% of mobile device security breaches involved other devices, 60% of companies said they suffered downtime because of the breach, and 60% reported loss of data. 40% of said all three had occurred.
53% of survey respondents stated that private use of mobile devices was a major security risk and 53% stated user error was a key factor in security breaches.
65% of healthcare companies thought it harder to secure mobile devices than other IT devices, which Verizon remarks could be because they have not implemented appropriate security controls. For example, only 27% of healthcare companies were employing a private mobile network and just 22% had a unified endpoint management (UEM) solution in place.
In all industries, 48% of survey respondents said security came second to getting tasks completed and 81% claimed they utilize mobile devices to hook up to public Wi-Fi, even if doing so is in violation of their company’s security policy.