In a recent article from Erin McCann, an HP-led study identified that “Internet of Things-type” devices average 25 hidden vulnerabilities and, in Erin’s words, a “whopping” 70 percent of all commonly used mobile devices and apps have these vulnerabilities.
Erin writes, “In the study, HP researchers scanned 10 of the most common IoT devices, identifying 250 total security concerns. And although the devices tested included products from TV, webcam, remote power outlets and home alarm manufacturers, unprotected health data contained on apps was a concern.”
We have been talking about the proliferation of mobile devices in healthcare, and the data protection risks associated, for the last decade. The explosion of apps to support the new frontier of patient and caregiver engagement, care coordination, care team communications and health information exchange only adds to the privacy and security risk paradigm.
The OCR and ONC feel like the risk analyses that are being performed across the industry already fall short. So, this study provokes an obvious question that few of us in the industry can probably answer with any great confidence – “How does our enterprise risk analysis/risk management program account for mobile device and app risk?”
What are you telling the compliance and audit committees of your Boards when they ask? Are they asking? What do you need to be telling them to empower them in effective risk management decision-making?
As subscribers to a robust controls-based risk analysis and risk management approach, mobile device security and related application security are part of how we practice risk management at Immersive. We welcome the opportunity to share with you how we can study this specific domain of your data protection program or conduct enterprise risk analysis to provide you the insight that you need.
Erin’s complete article can be found here: http://www.healthcareitnews.com/news/mobile-devices-apps-open-attacks