Health pros neglect mobile security

Many UK healthcare professionals could be putting patients' personal details at risk by storing them on personal mobile devices, research has found.

The Mobile Device Usage in the Healthcare Sector report collated responses from policy makers, senior clinicians, GPs, IT directors and IT and general managers. It was conducted by E-Health Insider and Outpatient Surgery Magazine on behalf of mobile security vendor Credant Technologies. 35 per cent of healthcare professionals revealed they secured a work device with just a single password while six per cent admitted they used no security whatsoever.

UK healthcare professionals are considerably more careful than their transatlantic counterparts, however. 56 per cent in this country use strong security measures to protect devices compared to just 23 per cent in the US. 35 per cent of UK respondents use encryption, 17 per cent use two factor authentication, three per cent use biometrics and one per cent use smart cards.

The survey claims the recent spate of well-publicised data losses and the subsequent guidance from NHS chief executives on data security has had a positive effect of healthcare professionals' security policies. 65 per cent of those in the UK have revised their security policy over the last year with many claiming new restrictions have been placed on use of mobile devices.

44 per cent claimed restrictions such as blocking USB connections, disabling mobile phone cameras and banning downloading information from a hospital network onto a mobile device had been imposed. Six per cent reported that mobile devices have been completely outlawed in the workplace.

62 per cent of UK respondents claimed a laptop was the main device they used with 17 per cent using a USB stick and 13 per cent a BlackBerry or similar mobile device. Details of work contacts is the most common data stored on these devices with 61 per cent of respondents claiming they did this. Half of those surveyed store corporate data and personal contact details while. 15 per cent store security information such as passwords, PINs and bank account information and the same amount store patient records and medical images. A quarter of respondents claimed this was a concern.

E-Health Insider's managing editor Lyn Whitfield said: "There is a lot still to do in terms of NHS trusts taking control of their networks and the devices that connect to them, or providing staff with good, workable and secure alternatives to carrying information around on USB sticks and other devices. The survey also shows up some examples of very bad practice. Every data breach has the potential to undermine faith in the NHS and its ability to keep patient records secure, so this is not an issue that can fall off the health service’s agenda.”