There have been a number of attacks on hospital systems and healthcare platforms. Ransomware attacks, patient data breaches, and even drug and medical device trial information has been compromised. While good IT network security practice can protect from some of these outcomes, there are a number of concerns that can’t be remediated in this way.
Mobile devices are increasingly in use in clinical and home health settings. The Covid emergency has driven a move to remote support of patients and fellow professionals. A real challenge for the CISO of any health or community support provider is whether their teams use their own mobile devices or those provided by the hospital or institution.
If clinicians, nurses and other staff use their own phones or tablets, the risk of cross contamination of information, other applications becoming attack vectors, or API being compromised is significant. Mobile health applications have to be able to defend themselves and ensure that patient information remains secure, but also that clinical information from the devices themselves can be trusted by medical staff.
The FHIR HL7® standard for healthcare data integration has some security recommendations, but vendors across networks, APIs, mobile and embedded/IoT devices are free to implement their own standards. Despite regulation by the FDA in the US, and equivalent regulators globally, the recognition of applications, mobile, wearable and embedded systems is still in its infancy.