A 2015 study published in the Journal of Hospital Librarianship estimated that 85 percent of healthcare professionals brought their own devices to work. However, this number has declined significantly in recent years, and now only 58 percent of healthcare organizations allow their employees to bring and use their mobile devices at work.
What’s the reason?
The high cost of unmanaged mobile devices.
Below are the things that contribute to the high cost of unmanaged devices that healthcare organizations need to know about.
In the U.S., more than 96 percent of critical care hospitals and over 83 percent of regular hospitals have adopted EHR (Electronic Healthcare Records) systems, according to the National Health IT Dashboard.
This widespread adoption bred more sophisticated hackers and online thieves in the black market, as more healthcare professionals began to regularly access patient files on their mobile devices. Nowadays, a single patient file is worth a lot more than a social security number or a credit card number on the black market.
While healthcare organizations attempt to keep their patients’ data secure, data breaches are starting to become inevitable with the prevalent use of mobile technology and unmanaged devices. Approximately 90 percent of hospitals have reported a breach in the past two years. Experts estimate that there will be more data breaches in 2018 than in 2017.
The healthcare cybersecurity market is also anticipated to be worth $10.85 billion by 2022. And 81 percent of U.S. healthcare organizations already increased their security spending in 2017 to prevent data breaches.
Unmanaged mobile devices have led to hackers and thieves stealing patients’ files and personal information over unsecured networks, unsecured devices, via malware, and via stolen devices. Here are some statistics healthcare organizations will want to consider when it comes to costs surrounding unmanaged and unsecure mobile devices:
- For each data breach, healthcare organizations average $3.7 million in lost revenue.
- Healthcare organizations average $500,000 in lost brand value after a breach.
- The average healthcare data breach costs $380 per record. The average global cost per record for all industries is $141. So, a healthcare data breach costs more than 2.5 times the global average.
Compliance and Regulatory Restrictions and Policies
According to the HIPPA Act (Health Insurance Portability and Accountability) of 1996, each time a healthcare professional accesses patient records over an unsecured or unmanaged device, they are in violation and are subject to steep fines. Fines range from as low as $100 to more than $3 million, with the average HIPAA settlement fine being approximately $1.1 million.
For healthcare organizations to comply with HIPPA regulations and policies, they need to spend money creating and enforcing comprehensive mobile device management strategies and policies that:
- Define when it’s acceptable to access PHI (Patient Health Information)
- Outline privacy and data ownership expectations
- Approve acceptable devices, as well as individual device provisioning (for employees and patients)
- Create and administer detailed security policies for personal devices used by employees, as well as implantable and trackable IoT patient devices
- Assess security risks and liabilities
Improving Business Processes to Meet Regulations and Policies
It costs money to manage mobile devices in the healthcare sector. Not only do organizations need to keep their employees’ devices secure and comply with federal regulations and policies, they also need to spend money managing and improving their own business processes when managing these devices. They need a robust IT staff or third-party vendor to help them manage and secure mobile devices daily. Threats are always changing and happen at rapid speeds, as sophisticated hackers are constantly creating new ransomware, breaching firewalls, etc.
Healthcare organizations will need to spend money to improve how they will handle their security efforts, as well as how they’ll handle all patient files and trackable data. Luckily, however, research by Deloitte and others has indicated that MDM (Mobile Device Management) does offer healthcare organizations an affordable solution overall.
As healthcare organizations consider mobile device policies and strategies, they’ll also want to consider the high costs of unmanaged devices outlined above.
Are you looking for an IoT Managed Service Provider?
Download our free white paper to ask the right questions and find the best fit.