Healthcare Mobile Device Management: Why It Needs To Be Part of Your Security Stack

The good old days of securing everything behind your firewall are long gone. But we still see many organizations who did not get the memo—or worse, saw it and put it at the bottom of their to-do stack.

The global pandemic started to send workers home to work, and many will stay there going forward. The modern-day worker accesses data anytime and anywhere by means of an Internet connection from their wireless phone, their PC running at home, the coffee shop, or cross-country flight, and maybe the office when they go in. All these connections and applications need to be secured and that’s where endpoint management comes in.

Endpoint management—sometimes referred to as mobile device management (MDM)—is made up of tools and policies to secure your data wherever it lives and is accessed. Consider that a doctor may need to access a patient’s personal health information (PHI) from home, a conference, or even a flight. What needs to happen to make that PHI available in a secure fashion, protect the PHI, and conform to HIPAA and other regulations? As we are all painfully aware, cyber-criminals are well-tooled to find and exploit weakness in data defenses. This is true of all those remote devices accessing your data.

The big benefits for organizations who deploy endpoint management are enhanced security around corporate data, improved compliance standards, and control of the data that flows within and out of your healthcare organization.

The big benefits for organizations who deploy endpoint management are enhanced security around corporate data, improved compliance standards, and control of the data that flows within and out of your organization.

How do you set up an endpoint / mobile device management management strategy?

An endpoint management or MDM strategy starts by knowing what devices are being used to access your data and where they’re located. This requires a complete inventory of all assets that have access to your data. Even one missed device can lead to a catastrophic event such as a data breach.

Next, you need to establish security policies around the management of all devices, including internal and remote devices. These rules of the road include what data and applications can be accessed by whom, where they can access it from, and when they can access it.

IT managers now have the information they need to create the endpoint management polices to enforce these rules and control access to company data.

How does endpoint management work?

Endpoint management leverages technologies such as multi-factor authentication (MFA), conditional access, and password-less logon to provide a “secure bubble” around the company data deployed to these endpoints.

• Multi-factor authentication requires users to provide a token or code in addition to your logon name and password to access data and applications.
• Conditional access lets you configure and fine tune access policies with contextual factors such as user, device, location, and real-time risk information to control what a specific user can access, and how and when they have access.
• Password-less logon credentials allow users to sign into their PC or wireless phone without having to provide a logon name and password. Using an authenticator app, FIDO2-compliant security keys, or a tool such as Windows Hello for Business mitigates passwords as an attack vector for social engineering, phishing, and spray attacks.

How does healthcare mobile device management impact your staff and providers?

With endpoint management in place, your staff and providers can no longer share data between personal apps and business apps unless allowed by your policy. When deployed on a personal device such as a PC, laptop, Mac, or iOS/Android phones and tablets, your organization can wipe company data without accessing or impacting personal data. On a company-owned device, the entire device can be wiped.

With endpoint management in place, your staff and providers can no longer share data between personal apps and business apps unless allowed by your policy.

Endpoint management also has benefits such as the ability to push out new and updated applications without user intervention, prevent transfer of data to thumb drives and other non-approved devices, as well as prevent transfer of data via cut and paste as well as printing and screen shots. If a user requires a new application for work, they will need to get admin approval before company data will be available to that app.

What endpoint / mobile device management tools should you use?

Due to the widespread deployment of Microsoft 365, Med Tech Solutions uses the tools provided by the Microsoft Endpoint Manager, which is integrated into the Microsoft 365 suite of products. We provide these services for our clients as well as our internal staff. We especially like having a single console to manage not only Microsoft 365, but also mobile devices and applications using Endpoint Manager.

Endpoint Manager lets us fence in client data on all remote endpoints, be they an employee’s iPhone or Android, or company-issued laptops, tablets, and phones. The process to deploy and manage remote endpoints includes establishing polices and standards, adding devices, managing apps, and responding to notifications. With Microsoft’s ability to manage identity via Azure Active Directory and user permissions to data and devices, Endpoint Manager has proven to be a very capable mobile device management platform.

If you’re worried about endpoint protection, get in touch! At MTS, security is the foundation of everything we do. Our experts can quickly give you the peace of mind you need, while giving your staff and providers the data access they need to support your patients from anywhere. Contact us today!