15 August 2013
David Howell explores the threat posed to the NHS by unsecured mobile devices and how better management of mobile devices could enhance security across its IT estate
Now more than ever, we find ourselves living in a mobile age. After all, mobile makes life easier, it keeps people connected, and this has led to the slow creep of mobile technology into nearly every single aspect of our lives. What started as a predominantly consumer trend has now crossed into other adjacent spheres, and this of course impacts organisations and services whose purpose is to serve the state.
As a frontline public service, the NHS should not only be acutely aware of the opportunities posed by the new age of mobility, but also the inherent threats. For instance, while a mobile-first attitude can increase efficiencies and lower costs (something that the NHS is keen to achieve in the current climate) it can also compromise the security of your organisation. For the NHS, that could have serious implications for the well-being of its patients, not to mention result in damaging headlines like we witnessed this week after it was fined £200,000 losing 30,000 patient records.
So what exactly is the threat? Think back to the last time you waited for an appointment at the doctors. I guarantee that either you or somebody around you used a mobile device during that time, maybe to pass the time on Facebook, download a game or perhaps to catch up on work emails. To the NHS, all of these mobile devices are potentially insecure. If allowed to connect to the NHS network they risk the uncontained spread of malware, viruses or other digital nasties which could potentially disable Windows-based medical equipment. That is precisely why network access points, such as Wi-Fi routers, should be secured. However, the tricky thing about the age of mobility is that it's not just your patients that you have to worry about. Just like the rest of us, NHS employees such as cleaners, nurses and surgeons all rely on mobile devices to get things done and again, just like the rest of us, many use devices which are unsecured.
Consider the human body for a moment. Every day, it comes into contact with millions of different types of bacteria, germs, viruses. Usually these are stopped by its outer perimeter – the skin – but imagine for a moment that the human body didn't have that external perimeter, and that external forces were able to enter it freely, at a whim. This is the reality of the risk facing the NHS. After all, it can hardly stop patients at the gates, so the solution to the problem of unsecured mobile devices needs to be much more intelligent. Just as perimeter security is a basic requirement in the modern business, the ability to properly manage mobile devices, for work or otherwise, should be fundamental to every IT strategy.
Innovative technology solutions like mobile device management, or MDM, should be an enabling force to tighten up network security across the NHS, enhancing the opportunities posed by mobility and creating a positive, secure and more efficient health service.
So who is using MDM already and how exactly does it work? BMI Healthcare is the UK's largest independent healthcare provider, with 69 hospitals and treatment centres, over 10,000 employees and 6,500 IP enabled devices across the UK. It required a centralised management solution to ensure visibility and understanding of the entire IT landscape, including mobile devices connecting to its network. This means that at any given time, the IT department needed the ability to see equipment including medical equipment across its estate and to manage the required software and security updates, enabling users to continue operating within a secure environment with maximum availability of systems.
BMI Healthcare moved to a model where regular fixed and mobile desktop management activities were quickly and easily taken care of. These included processes such as installation of periodical software updates, weekly patch management, delivery of service packs to any Windows-based device including medical equipment, standardising desktop interfaces, administering company wide security policies and restricting the use of unsecured foreign devices, such as USB sticks and portable hard drives.
In addition to server and desktop management, BMI Healthcare also gained the ability to manage mobile devices, such as smartphones and tablets in real-time – strengthening security across the estate.
BMI Healthcare was able to use the solution to conduct an audit of its entire Windows estate and run the necessary reports to comply with healthcare industry regulatory standards. Automating these crucial, yet conventionally manual IT functions freed up the IT team to focus on other business critical IT disciplines and projects – such as network monitoring and security event management.
Since implementation, the project has delivered annual IT infrastructure management cost savings of at least 70 per cent, improved security, automated patch management and increased visibility across BMI's entire IT environment.
Technology has set high expectations with the mobile generation – they rely upon it to make their lives more efficient and to enable them to feel constantly connected. However, these expectations do not cease when they cross into the workplace, and these unsecured devices pose a real threat to the security of NHS networks, regardless of whether they belong to patients, visitors or NHS staff. Without a perimeter to protect it, prioritising mobile device management is a crucial move for the NHS and will help safeguard valuable systems, services and most importantly patients from unnecessary danger.