During the first few months of 2017, the health care sector was plagued by a variety of security incidents (see 10 of the biggest here). The theft of laptops and mobile devices are the gateway for several of these incidents. In most cases, the user had not password protected these devices even though they contained highly confidential patient data in the form of emails and email attachments.
So how can you control for user error and secure patient data on mobile devices?
Because email is still the most common form of collaboration between healthcare professionals; doctors forward emails to colleagues for a second opinion, nurses share patient files over mobile devices and hospitals share patient information with insurance companies via email, it is critical that health care providers ensure email messages cannot be accessed on a lost or stolen device.
There are various technologies available for securing email on laptops and mobile devices that involve post-incident wiping. But it often takes time to recognize and report a theft and even more time for administrators to respond, and by then sensitive patient data has been compromised.
Last week Lifespan notified 20 thousand patients of a privacy breach when a laptop was stolen from an employee's car. The company changed the employee’s credentials used to access Lifespan system resources but determined that the stolen laptop was unencrypted and not password protected, and that employee’s work emails stored on the device were accessible.
A statement on their company website read: “Our investigation has determined that the emails may have contained patient information, including name, medical record number, demographic information such as partial address information, and the names of one or more medications that were prescribed or administered at Lifespan.”
And it’s not just Lifespan who have fallen prey to device theft in the past few months. In January a children's hospital in LA notified 3,600 patients that their information was exposed when a laptop was stolen from a physician's car. And the theft of a laptop computer containing information of nearly 1,400 patients was among two HIPAA breaches that led a Pennsylvania provider of remote heart monitoring to pay a $2.5 million fine.
Messageware offers health care providers a solution that, in conjunction with Microsoft Outlook Web, addresses the root cause of the problem – data downloaded and stored on mobile devices. Because Messageware's security software ensures that no information leaves the security of your data center, medical staff can access messages and attachments without a trace of the data ending up on their device.
Messageware Security Solutions:
- Ensure no data is downloaded to the device – all patient data remains on the Exchange Server under corporate control. When thieves steal a device, there is no chance they can access sensitive patient data contained in emails or attachments.
- Allow health care professionals to view all their attachments – Messageware software allows medical professionals to view over 400 different attachment file types without downloading them to the device.
- Gives administrators complete control – for an individual user or group, Exchange Server administrators can set security to control whether a user can print, view, copy, download or forward an email or an attachment, and these permissions can be extended or revoked at any time.
Before your health care facility falls prey to a security incident, talk to us about our award winning solutions for securing corporate information on Outlook Web and Microsoft Exchange Server. Find out why thousands of business from medium size to F100, including many in the health care sector, rely on Messageware. And if you are interested in testing any of our products in your environment, we’ll be glad to help with a fully supported software trial, just click here.