Apple's iPad: The Good, the Bad and the Ugly

Hospitals handle confidential patient information, so avoiding data breaches is a primary concern.

Good security controls are vital, and we work daily to advance ours. First and foremost, we recognize the high risk of mobile devices and take steps to encrypt laptops, tablets, desktops and mobile phones.

We also have a set security plan in place to prevent data breaches and ensure safety.

1. We play good old-fashioned defense.

We go one step further to protect our mobile devices by using antitheft and recovery software and applying cable locks when possible. Keeping up with new mobile technologies as of late has been very hectic. The introduction of the iPhone, iPad and Android platforms is generating a very large user demand. Securing these technologies against data exposure is at the top of our list for this year.

2. We protect all data equally.

There are many hurdles in implementing digital loss prevention (DLP) in a health care setting, including the diverse user base and the sheer amount of data. Our DLP strategy is to implement technical controls whenever possible and encourage users to act wisely when handling sensitive information. We place an emphasis on protected health information, but we tend to treat all information as highly sensitive, as there is no such thing as good data-leakage. We have controls in place that filter and encrypt emails with sensitive information, and we also use encryption for file transport protocols such as FTP. We centralize our access logs whenever possible, and we run regular access reports that are sent to the various stakeholders.

3. We patch and update. Then repeat.

The malicious code threat seems to be never-ending, so it’s crucial to make sure our virus signatures and system patches are up to date. The majority of our incidents originate from the inside, so we have implemented many technical controls to monitor and respond to those incidents -- before there is any exposure to the patient.

Bottom line: State and federal legislation makes it clear that encryption should be a priority, and we take the law very seriously. We owe it to our patients most of all.