So you've lost your cell phone?
Oh, someone stole it?
Don't cry, these things happen all the time...besides you have insurance.
Why would you lose your job?
A BYOD (Bring Your Own Device)? Well, wasn't it password protected?
What do you mean, you never got around to it...it's the first thing you should have done.
Did the hospital have an encryption policy?
In the process?
Uh Oh...you do have a problem.
This and similar conversations are far more common than you think. Sadly, the problem of pilfered confidential information is going to get worse before it gets better. According to data disclosed at the 2014 Fourth Annual Benchmark Study on Patient Privacy and Data Security from the Ponemon Institute, cyber-attacks caused by stolen patient data within U.S. healthcare networks have increased 100 percent since 2010. Last year, a UCSF healthcare provider's device was stolen resulting in the dissemination of healthcare information on 3400 patients. Just recently a nursing home employee had a BYOD stolen from her car. It contained names, addresses, social security numbers and comprehensive health information on hundreds of patients. Needless to say, HIPAA was notified immediately and the consequences were severe.
Medical institutions, law firms and other organizations handling confidential information, who decide to move to the BYOD model, must be forced to ask themselves one simple question: Will the money we expect to save by no longer sponsoring technology devices be worth the fines, lawsuits and sanctions we might suffer from security breaches? Do these organizations realize that installing agent software on every single wireless device and continually updating that software in order accommodate large and extremely demanding users and institutional policies and procedures will be an extraordinarily demanding, invasive and expensive task?
By the time regulatory encryption mandates are perfected, implemented and enforced, these institutions may be spending more than anything they thought they would save.
During a recent conference, Mac McMillan, CEO of the information security company CynergisTek and Chairman of the HIMSS Privacy and Security Task presented some staggering statistics:
Over 40% of users in the healthcare don't use a password to access their device
More than 50% of healthcare workers admit to accessing unsecured networks
"Basically", said McMillen, "they are a walking accident looking for a place to happen".
Another problem with the BYOD model is resistance from device owners, particularly millennials. They are not happy about restricted websites. Their desire for immediate access to personal e-mails, Youtube, Facebook, Twitter, news, sports and shopping sites can result in viruses, worms and malware that can compromise an entire network. So, to BYOD or not BYOD ? After all this data....do we really have to ask?
Edward DuCoin, CEO ORPICAL Group
Ed DuCoin is the CEO of ORPICAL Group, known for his success in growing a small company into a thriving organization that was listed as one of the 500 Fastest Growing Companies for three consecutive years by INC. Magazine.