Survey: Mobile, cloud computing are source of most healthcare security worries

By: Aditi Pai | Jul 9, 2013        

Tags: | | |  |

This week, a study from the Ponemon Institute found that cloud based storage and mobile applications are the typical sources for safety concerns in clinical settings.

The study, “The Risk of Regulated Data on Mobile Devices & in the Cloud,” which surveyed 781 IT and data security practitioners, found that 33 percent of respondents said that they need to access protected health information (PHI) to do their work and yet few understood how to keep data secure. For example, 15 percent of those surveyed knew about HIPAA’s security requirements, but 33 percent of respondents indicated that they work for a HIPAA covered entity.

Additionally, 23 percent of those surveyed said that they frequently circumvent or disable required security settings on their mobile devices while 36 percent say it happens occasionally and 22 percent say it never happens.


Ponemon’s study concluded that healthcare organizations need to create awareness about the importance of regulating data on mobile devices and make sure security policies include guidance on what employees should be doing to protect the regulated data. Furthermore, these organizations need to conduct a data inventory of sensitive and confidential information to understand what regulated data is and consider investing in technologies that specifically address the regulated data risk.

In an interview with, Dr. Larry Ponemon discussed the need to balance efficiency and productivity with security in order to make sure respondents weren’t using a less secure device because it was more convenient to do so.

“We’ve found that mobile devices and cloud computing are the two greatest sources of healthcare CIOs’ fear,” Ponemon said. “It’s an environment that’s ripe with potential problems and vulnerabilities. But at the same time, a lot of these devices aren’t necessarily designed to be secure. The purpose of the paper was to explain that compliance requirements really don’t address mobile devices.”

While there have been limited breaches in the health sector thus far, Ponemon predicts more alarming hacks into places such as Dropbox, shifting away from mobile devices and towards cloud storage.

“Healthcare is particularly vulnerable because many organizations don’t have the resources needed to secure those technologies,” Ponemon said. “The goal in healthcare generally is treating those patients, not privacy and security. You don’t see the same focus on security in healthcare that you do in the financial sector.”

For additional information on the study, read more of the results here.

  • Colin Anawaty

    Why does healthcare believe security is a special case over financial services?

    Obviously, the security of health data is just as important as it is with the transfer and exchange of large sums of money – but the “fear of” has not kept banks from releasing innovative mobile apps, customers can bank online and wire money internationally easier than they can check PHRs, and just about anyone can now accept a credit card from their mobile devices.

    Furthermore, the damage of identity theft / financial fraud can hurt someone’s credit record for years so consequences are just as severe, if not moreso in today’s consumption economy.

    A little too much naval gazing going on?

  • joetierney

    If your CIO fears the two most important platforms of modern computing, you need a new CIO.

  • Eddie Mayan

    If there is new invention or innovative technology introduce so it also takes their some disadvantages and some advantages. But, Secured and Safety is main features of all technology.