Mobile device security in healthcare: 4 tips to enhance security for ultra-mobile professionals

Keeping devices and data safe in hospitals and clinical office environments can be difficult. Protecting data becomes even more challenging when healthcare professionals leave the hospital. When clinicians and caregivers exit the controlled environment and venture into patients’ homes, all the same worries about data and device security remain — but without the protections of the healthcare setting.

To address this, mobile healthcare professionals should focus on two main goals: protecting their devices and ensuring the integrity of the networks and applications they access.

Here are four tips to help make this happen:

1. Mandate devices with built-in, high-end security

For ultra-mobile workers, devices need to be convenient portals to all their needs, and they must also be protected against loss, theft and unauthorized usage. The security of the hardware makes a difference here. A Bring Your Own Device (BYOD) program may deliver freedom, but you can enforce higher security if you can control device selection even more tightly, either through Choose Your Own Device (CYOD) or Corporate Owned, Personally Enabled (COPE) approaches.

Look for devices with Trusted Execution Environment (TEE) key stores, burned-in digital certificates for device identification, secure boot technology to block device rollback and rooting, and firmware-based kernel checking. These can make protecting the device — and by extension, your applications and PPI — much easier.

Integration and simplicity are key. That’s why Samsung’s Knox Suite has become so popular in healthcare settings for enterprise mobility management. It bundles Samsung’s most popular Knox management solutions, creating a simplified, comprehensive approach to managing devices wherever they are.

2. Secure devices with advanced tools

With a secure base, layering on software tools to increase security becomes simpler. Select an advanced mobile device management (MDM) tool, also called enterprise mobility management (EMM) or unified endpoint management (UEM), that can handle whatever devices you expect to encounter, and make sure that enrollment in the MDM happens before the device goes out into the field.

What kinds of MDM policies do you need for mobile healthcare workers?

To start, implement strong controls on:

• App store choice (only allow authorized stores)
• Application block lists (include all applications that cannot be installed)
• Software updates (require regular check-ins and updates for both operating systems and installed applications)
• Remote device-wipe capabilities
• Device-unlock authentication controls

In addition, install next-generation endpoint security tools to detect and block malware and deliver host intrusion prevention — similar to how traditional antivirus works on Windows. The value of next-generation protection on mobile devices becomes obvious considering the types of malware threats these devices face. Because their operating systems and operating models are significantly different from those of traditional Windows and MacOS computers, the techniques used to breach them are different.

In addition, consider using device partitioning to divide the mobile device into two isolated partitions: one for “work” and one for “home.” Partitioning can dramatically reduce healthcare compliance issues in dual-use mobile devices, especially smartphones.

For example, with Android Enterprise, a Work Profile allows healthcare IT managers to create a truly isolated environment within an Android smartphone or tablet. The Work Profile can only launch approved “work” applications, and personally downloaded applications aren’t even visible when the Work Profile is unlocked. The Work Profile can have its own VPN, encrypted storage and even its own isolated clipboard.

Using a well-protected, partitioned device can deliver better security and a more convenient workflow than a situation where the clinician has to juggle multiple devices without mixing things up or losing one. Using the mobile device becomes intuitive, not intrusive.

3. Use advanced authentication

Traditional two-factor authentication is often a source of frustration for healthcare teams. Managing tokens or using fingerprint readers may be impractical because healthcare users often wear gloves. Consider devices that provide hands-free biometric authentication, such as the facial recognition capabilities built into Samsung mobile devices and tablets .

Biometrics simplify device unlocking and can be used for application authentication, providing a higher level of security than simple passwords. At the same time, they minimize the provider’s hassle. Standards like FIDO help extend biometrics all the way from the device to the application without using easily stolen passwords.

Employing faster authentication is also critical to simplifying end users’ lives. Too often, security features add complexity, which frustrates clinicians and other providers. Mobile devices must enhance productivity and patient care. By integrating mobile devices and wearables into their everyday workflows, healthcare staff can gain easier access to real-time patient data and necessary channels of communication without disrupting their current demanding workloads, as noted by Cherry Drulis, RN and director of healthcare mobile B2B at Samsung.

4. Move to a Zero-Trust model

When a healthcare professional is in the field, it can be difficult to tell what type of network they will be using. The most common access point in the home is an unsecured Wi-Fi network. With so many untrusted and possibly malicious networks in the field, there’s only one logical choice: Trust nothing.

The traditional answer to the issue of unsecured networks would be to build a VPN tunnel and encrypt every bit of traffic leaving the mobile device, even basic internet traffic. This is still an option for complex healthcare IT application environments.

But there is an alternative. The more modern approach shifts network security away from the 1990s-era “crunchy shell with a chewy center” architecture. Zero Trust removes the implicit trust typically afforded to office or corporate networks. If you adopt Zero Trust, you don’t need to build elaborate VPN infrastructures for mobile devices. Of course, you still have to make sure that all application traffic is encrypted, usually by adding a TLS/SSL layer, if one isn’t already present.

One of the basic ideas behind Zero Trust is that access to applications and services is conditional — it’s not just a question of authentication but also of the state of your device, where you are and even the time of day. Security enforcement systems can check the status of the device using an installed MDM client and define access controls using tools such as Samsung Knox Attestation. In addition, there are Zero Trust access solutions ready for Samsung mobile devices like Cisco’s Zero Trust Access client. With this kind of solution, Galaxy users benefit from enhanced protection without cumbersome security steps.

Mobile device security in healthcare: Keep it safe, keep it simple

As breach after breach has shown, devices and networks remain constant avenues for data loss. As of 2023, the average cost of a healthcare data breach was estimated at $11 million. And that doesn’t factor in the loss of patient confidence and other precious intangibles. It doesn’t have to be that way.

When mobile healthcare workers hit the road, focusing on a few basic security strategies, such as employing biometric authentication, Zero Trust, and secure hardware and software, can help protect critical data and applications. By integrating these strategies seamlessly, you not only keep data protected but also minimize clinician burnout, enhance communications, and empower healthcare workers to focus on patient care instead of IT.

Watch this free webinar on managing employee devices using Samsung Knox and Zero Trust. Outside patient rooms, mobile devices can also streamline your clinical communications, as explained in this free, comprehensive guide.