Jamie Hartford

Hospitals are increasingly recognizing the benefits mobile devices can bring in the clinical environment, but they're also wary of the cyber threats these devices can pose, according to a new survey.

In the Point of Care Communications for Nursing 2016 study conducted by health IT market intelligence firm Spyglass Consulting Group, nearly three-quarters of the hospitals surveyed said mobile communications is an "emerging investment priority" for their organization. More than one-third have already invested in a smartphone-based communications platform for physicians and nurses, and of those more than half have expanded their mobile communications platform to nonclinical mobile hospital workers, including security, housekeeping, nursing support staff, and others.

"In the past, hospitals didn't make investments like this for nurses," said Gregg Malkary, founder and managng director of Spyglass Consulting Group. "Now, there's a compelling ROI not only for deploying for nursing, but for all mobile hospitals workers." 

Mobile devices, he said, have the potential to help hospital employees communicate with each other more efficiently than traditional call systems. They can also allow doctors and nurses to receive notifications from medical devices if a patient's condition changes, collect patient data, and even leverage EMR data to provide better care.  

Investing in mobile communications technology of their own can help hospitals mitigate some of the risks associated with hospital employees using their personal mobile devices. Such devices may have inadequate password protection, lack cybersecurity software, use unsecured text messaging, and rely on public Wi-Fi and cellular networks that open them up to attack, according to Spyglass Consulting Group.

Still, organizations are concerned that even hospital-owned and -managed mobile devices aren't completely safe. The vast majority of hospitals surveyed (82%) said they worry their mobile technology solutions are vulnerable to cyber threats.

Those fears are not unfounded. About one-quarter of cybersecurity breaches originate from mobile devices, according to Spyglass Consulting Group.

"Despite increased investments in mobile device management solutions and secure text messaging solutions, cybercriminals have become more sophisticated and knowledgeable about the capabilities and vulnerabilities of existing security products and the strategies and tools used by hospital IT to detect a potential intrusion," Malkary said.

Breaches that expose patient health information can be costly for hospitals. Besides potentially resulting in fines of more than $1.5 million per incident if the hospital is determined to be at fault, the organization's reputation can be harmed by required reporting to the media if the incident exposed more than 500 patient records, according to Spyglass Consulting Group.

Cyberattacks that come through mobile devices used by hospital employees can also threaten medical devices such as ventilators, infusion pumps, and patent monitors that are tied to them via middleware.  

"Every time the data is in the clear, there's vulnerabilities and a hacker can get in--not only to the infrastructure but to biomedical devices as well," Malkary said. "If I can control the device, I could be able to reprogram, say, an IV pump."

But Malkary added that despite cybersecurity concerns, hospitals are unlikely to turn away from the trend toward mobile commmunications. In fact, he said, some are likely to even go a step further by allowing employees to use their own mobile devices at work.

"This is a freight train they can't turn around," he said. "We just have to provide the best level of security we can."

Jamie Hartford is MD+DI's editor in chief and serves as director of content for medical brands in UBM's Advanced Manufacturing Group. Reach her at [email protected] or on Twitter @MedTechJamie.

[image courtesy of STOCKIMAGES/FREEDIGITALPHOTOS.NET]