Fewer enterprise technologies are growing more rapidly than mobile health (mHealth) software and devices. Healthcare organizations are investing heavily in their mobile devices and applications, a market that will grow from its current size of $10 billion to $31 billion by the year 2020, according to market research firm Research 2 Guidance. Healthcare organizations hope that mHealth will enable their front-line providers to have the access to the information they need wherever they may need it.Criminals have also taken notice. A quick search of the Privacy Rights Clearinghouse data breach database finds that since 2005 there have been 1,889 healthcare data breaches that have been made public consisting of 421,885,347 medical records exposed. Ponemon Institute\u2019s Annual Benchmark Study on Privacy & Security of Healthcare Data estimates that criminal attacks aimed at healthcare data have risen 125% since 2010.When it comes to security, mHealth poses some unique challenges. Many medical devices and apps can\u2019t be patched as swiftly as traditional enterprise systems because device certifications forbid it, clinical environments are chaotic, and many clinical environments are understaffed when it comes to security and IT.\u201cThis is a big problem because the healthcare industry today isn\u2019t even good at securing traditional environments. There\u2019s the potential for security and privacy lapses when the healthcare records move between different providers,\u201d says Amrit Williams, CTO at CloudPassage. \u201cThat breaks the chain of trust. You could have service providers with access using different forms of transporting and encrypting the data. The data may be stored locally, which increases the potential for compromise if the device is lost or stolen."People don't think of hospital equipment as being a source of security issues, but with many of these devices having mobile capabilities and storing data, the potential for hacking is great.Ciaran Bradley, chief product officer at AdaptiveMobile\u201cPeople don't think of hospital equipment as being a source of security issues, but with many of these devices having mobile capabilities and storing data (part of the healthcare Internet of Things), the potential for hacking is great,\u201d says Ciaran Bradley, chief product officer at mobile network security firm AdaptiveMobile. \u201cMany of these devices have only the basics in security - such as password protection or firmware that may or may not have regular updates, leaving diagnostic and other data at risk."The U.S. Food and Drug Administration has taken notice of the weak security in clinical devices, and late last month published draft cybersecurity guidance that is directed at medical device manufacturers and how they can better assess and respond to security related device flaws.Beau Adkins, co-founder and CTO at Light Point Security, says healthcare environments are also facing many of the security hurdles other types of enterprises' face when trying to secure mainstream mobile devices, including relatively immature mobile operating systems when it comes to enterprise device management and security capabilities. \u201cSecurity was not at the top of the list of priorities. Stock Android devices are notorious for coming bundled with what basically amounts to spyware,\u201d Adkins says.There are mitigations of course, Adkins points out, many of which are detailed in depth in this NIST Special Publication 1800-1b Securing Electronic Health Records on Mobile Devices, which stresses detailed risk assessment and appropriate security controls to mitigate risk in these environments.It\u2019s not as if healthcare organizations haven\u2019t tried to keep their networks and mobile apps secure. They have. It\u2019s just that many didn\u2019t go about it well \u2013 at least not initially.Gary Sheehan, chief security officer at technology and security services provider ASMGi, explains most healthcare organizations tried to keep data safe by instituting restrictive use policies. But that\u2019s changing, Sheehan says, as advanced hospitals and health care providers are now embracing innovation, and are relying more on secured and encrypted environments on cloud and mobile platforms to do so. \u201cThere\u2019s a lot to think about to keep everything secure and a healthcare environment compliant, but we\u2019ve seen more and more organizations find it is worth the effort,\u201d Sheehan says.\u201cThe key to creating a successful, secure environment is to build a system that allows doctors and nurses to continue doing exactly what they want to do \u2013 just to put the right tools in place to help them do it the right way,\u201d Sheehan says. \u201cHospitals and organizations can install layers of security into mobile devices, securely use cloud services and track data access usage. The real challenge is making sure the apps used on the phone and within the cloud are both secure and easy to use. Ease of use is critical. If it\u2019s not convenient, people will naturally look to find an easier way or they simply won\u2019t use the technology."Tom Davis, CTO at LANDESK, advises healthcare IT teams what he things they need to do, such as ensuring mobile devices are hardened, that software is patched and up to date, that an accurate enterprise inventory of assets is in place. Davis says that it\u2019s especially important that healthcare organizations centrally manage data and not allow data to be downloaded onto endpoints. In addition, healthcare providers need to remember to continuously educate their employees when it comes to secure mobility and encourage swift data breach notification.\u201cWith data on them, when a loss happens or if someone had unauthorized access, it's best to be informed quickly by the users without penalty to them or fear of action against them. Create the right privacy responsibilities with your mobile employees to lessen the time to notify,\u201d he says.\u201cThe model to move to is to store the data in the cloud where it is encrypted and secure until the mobile app accesses it and not stored locally at all,\u201d says Williams.Sounds simple, but that doesn\u2019t mean it\u2019s easy. And if recent history of healthcare breaches are any indication, it\u2019s going to take some time to mitigate the risk of there continuing to be a great many healthcare breaches.