Canadian Security Magazine

Healthcare goes mobile

By Jeff Holleran   

Features Opinion blackberry healthcare

The growth of mobile technology adoption in every dimension of life, whether personal or for business, has been nothing short of phenomenal. Within the healthcare industry in particular, mobile devices have had an enormous impact.

The ability to share data faster and respond more quickly has promoted a more globally connected healthcare system. It has also enabled the rapid transfer of information that is critical in the industry. Oftentimes, with patients’ health on the line, a few seconds can make a world of a difference.

According to the Deloitte Open Mobile Survey, healthcare is one of the top fields likely to continue propelling the use of mobile devices. The increasing exchange of sensitive medical data and the rapid movement towards mobile health records and mobile health applications, put healthcare organizations at the forefront of growing cybersecurity threats, data loss and intrusions.

In fact, according to Ponemon Institute research, 90 per cent of surveyed healthcare organizations have experienced a data breach within the last two years. The survey also demonstrates that healthcare organizations continue to permit Bring Your Own Device (BYOD) within their organizations (88 per cent), despite more than half of them not being confident that BYOD is secure.

The growing prevalence of these data security risks, coupled with the need for healthcare organizations to stay compliant with government regulations such as the Personal Health Information Protection Act (PHIPA) in Canada, showcases the importance for healthcare organizations to evaluate the security of their mobile device strategy. While enterprises in other industries may be equally concerned about security, health-related organizations and their business associates are also obliged by law to conform to detailed rules around storing and sharing of sensitive data.


It is essential that desires for mobility and connectivity do not overshadow the importance of having proven and tested security. If the freedom and familiarity of BYOD is allowed to outweigh security, medical and patient data will become increasingly susceptible to threats. As mobile platform solutions begin to infiltrate the healthcare industry, organizations must be wary of untested and unproven solutions that can put their mobile infrastructure at risk.

Here are five key principles to help guide the implementation of smart, secure mobility management solutions:

1.    Manage BYOD Security
Let’s start with the end user. BYOD has made its mark on healthcare. Healthcare workers are using their own devices for a range of activities from simple Internet access to using applications to update health records on the fly. It is crucial to implement an enterprise mobility management (EMM) solution that enables containerization, application-wrapping and secure connectivity options that bring healthcare organizations a higher level of control and security over their mobile data. Users should also be able to easily and securely access emails, browse internal pages (intranet) or web pages, tap into work documents and download and use corporate approved applications. A containerization solution gives healthcare workers the flexibility to continue using the device for their personal lives, knowing their work data is not compromised.

2.    Iron-clad Data Encryption
Encrypting data at rest and in motion is critical for data security. Strong encryption such as AES-256 is fundamental for regulated industries and works to protect the integrity of data at all points. Remember to enable a solution which employs multiple sources of entropy to create dynamic and changing keys. Entropy plays a significant role in determining the effectiveness of a modern encryption system. At a very high level, entropy is a measure of the randomness of the information, and simply put, the more entropy there is, the stronger the encryption. Consider the differences between seeking a needle in a haystack and looking for one hidden in an acre’s worth of haystacks. Deploy an ‘always-on’ security model, which gives healthcare providers AES-encrypted access to systems behind the firewall through one single outbound port so there is no worry of data stolen out of the air.

3.    Protect Against Malware
The proliferation of healthcare-related applications has transformed the way in which healthcare is provided. However, healthcare organizations using mobile devices that have open development platforms are especially susceptible to malware. Disguised within an application, malware can be used to gain access to personal information, ranging from marketing to identity theft to compromising corporate data. To best prevent malware, security must be built in at every layer – hardware, software, and network infrastructure – to ensure full protection at every end point.

4.    Reporting and Monitoring – Critical for Compliance
Take into account the need to implement reporting and monitoring capabilities to have tighter control and management of mobile device use within the organization. Dashboard reporting capabilities can provide IT administrators in healthcare real-time access to, and a unified view of, key metrics across an entire mobile deployment. This gives a high level overview of device use within the organization and allows IT administrators to drill down into specifics to take immediate action, or export data for further analysis and reporting. IT administrators should also consider implementing automatic compliance actions so the system can identify and automatically react to violations. Functionalities of dashboard reporting will allow oversight into the monitoring of device activations, device compliance and applications deployed/usage and much more.

5.    Implement Remote Wiping Capabilities
In regulated industries such as healthcare, even a patient’s name has to be protected. With many healthcare workers out in the field, organizations must be assured from a security and compliance standpoint that when a device is lost or stolen, remote wiping or remote device-locking capabilities will ensure private information is not compromised. In a BYOD world, look for a solution that will allow remote wiping of sensitive corporate data without wiping a user’s personal info with it. This also comes in useful in the event an employee leaves the organization with their personal device, so  they don’t take corporate information along with them.

Jeff Holleran is the Senior Director of Enterprise Product Strategy at BlackBerry.

Print this page


Stories continue below