The National Cybersecurity Center of Excellence (NCCoE) has released a guide to mobile device security. The guide entitled NIST Special Publication 1800-4 Mobile Device Security: Cloud & Hybrid Builds provides practical advice for organisations looking to improve their cybersecurity infrastructure and reduce the risk of data breaches.
Mobiles devices have revolutionised how the healthcare industry operates. By using mobile devices, healthcare organisations can improve efficiency, reduce costs, and improve communication between professionals. Mobile devices allow remote workers access to patients’ health information whenever they need it, which may be critical for the patient’s wellbeing.
As with any technology, the use of mobile devices comes with associated risks. A thief can use a steal a device to gain access to corporate email accounts, contacts, calendars, and other sensitive information stored on the devices or accessible through them. The thief may use this data for their gain, or sell it on the black market for a significant profit.
Stolen mobile healthcare devices have caused many substantial data breaches in recent times. Mobile device security failures have resulted in several financial penalties for HIPAA covered entities, including a $4,348,000 civil monetary penalty for University of Texas MD Anderson Cancer Center in 2018.
The healthcare industry faces a significant challenge ensuring that the data stored on mobile devices are not compromised. In an attempt to tackle this challenge, NIST/NCCoE developed a Mobile Device Security Practice Guide.
The Guide offers practical advice on how commercially available technologies can be used to create an enterprise mobility management system that ensures mobile devices can be used to securely access sensitive information from inside and outside the corporate network while minimising the impact on the user experience.
The National Cybersecurity Center of Excellence (NCCoE) is a US government organisation that builds and shares solutions to potential cybersecurity threats faced by US businesses. The NCCoE is a part of the National Institute of Standards and Technology, a non-regulatory federal agency within the US Department of Commerce.
The Guide can be used to implement BYOD securely and COPE deployment models and leverage cloud services to improve security, enhance visibility for system administrators, provide instant alerts about security events, and push policies out to mobile devices and enforce them through operating systems or mobile applications.
The Guide includes several how-to examples that demonstrate how standards-based technologies can be used in real-world situations to reduce the risk of unauthorised data access and intrusions while saving on research and proof of concept costs.
The guide can be viewed or downloaded from NIST/NCCoE on this link.