Get instant
small business insurance quotes

Home > Professional Liability/Errors & Omissions Insurance > News

BYOD policies could expose health care systems data


Health care systems are common targets for cybercriminals because of the wealth of information they contain in their databases. They face daily risks like data breaches that could make them vulnerable to lawsuits or result in a damaged reputation, the costs of which could be covered by business insurance. With these threats, health care IT professionals are changing the way they approach security to protect personal and financial data, Health IT Security reported.

Security concerns that have emerged in recent years include storing data in the cloud, having employees use mobile devices during work and outsourcing data or systems to third parties, according to Rob Winter, information security officer at UCSF Medical Center in San Francisco.

"Security solution companies are starting to recognize the risk and mitigating controls are in place," Winter said. "As the products mature for the enterprise, corporations will have better control of their data."

As more health systems incorporate a bring your own device policy allowing employees to use their personal mobile devices for work purposes, they are presented with a new set of challenges. Hospitals must defend patient data from security threats that could expose personal information, causing them to pay penalties for violating the federal privacy rule, the Health Insurance Portability and Accountability Act, or face lawsuits.

To monitor how hospital data is being used, employers can use mobile device management and security tools or erase information from the tablet or smartphone itself if necessary.

Younger employees more likely to disregard security rules
Keeping an eye on employee behaviors and attitudes toward BYOD could also be a factor in mitigating risks surrounding data, according to PC World.

In a survey by IT security firm Fortinet, the majority of respondents between the ages of 21 and 32 said they would bypass company policies that may limit use of their personal device, cloud storage or wearable technology.

While some users of BYOD devices indicated they disregarded rules, there is still opportunity for companies to change that attitude around to better secure their systems.

"On the positive side, however, 88 percent of the respondents accept that they have an obligation to understand the security risks posed by using their own devices," said John Maddison, vice president of marketing for Fortinet. "Educating employees on the threat landscape and its possible impact is another key aspect for ensuring an organization's IT security."

Training employees to recognize cyberthreats is an important step in safeguarding confidential information. The survey showed the majority of respondents were not aware of malicious cyberattacks that involve advanced persistent threats or botnets, a network of infected computers. If businesses fail to safeguard data, they could face threat of litigation, which could call for professional liability insurance that specifically covers data.

WHY Business Insurance Now?

Learn why thousands of small businesses trust Business Insurance Now as their insurance agency.

Take 15 minutes to see how we can help you protect your business.

  • FREE, no-obligation quotes.
  • Complete one online application to compare multiple quotes.
  • Fast response—typically less than 24 hours on week days.
  • We are a nationwide insurance agency covering 48 states.
  • We work directly with you to evaluate your insurance options.
  • We only work with the top business insurance carriers in the country.
  • Expert, licensed insurance agents to guide you through the process.