Healthcare Industry Has Highest Adoption of Apple DEP and VPP

The healthcare industry lives on the bleeding edge of mobility, claiming some of the most innovative and life-changing use cases for mobile technology. Security is a top concern for most industries, but this is especially true in healthcare. From patient records to payment information, healthcare organizations face strict regulation and some of the highest per-incident penalties for improper handling of data. This creates a critical need for these organizations to secure all devices that have access to Patient Health Information.

ClicktoTweetNew! MobileIron Report shares findings on healthcare organizations using VPP and mobile business apps

With this in mind, we were not surprised when the data showed that healthcare organizations lead adoption for Apple’s Device Enrollment Program (DEP) and Volume Purchase Program (VPP).

29% of healthcare organizations use VPP and 22% use VPP, more than any other industries measured, according to the third edition of the Mobile Security and Risk Review published today. Furthermore, 82% of healthcare organizations use more than 10 mobile business apps, higher than the global average of 79%.

Advantages of DEP and VPP

DEP ensures compulsory device management and enables Over-the-Air Supervision for advanced security capabilities, while VPP streamlines app deployment programs. Together, these tools give organizations the control they need to protect confidential patient data and meet compliance regulations while simplifying processes for both IT departments and end users by automatically deploying proactive security controls. DEP and VPP offer security and efficiency benefits that enterprises across all industries should be considering as part of their mobile security and management strategies for additional control of corporate-owned devices.

Healthcare security is due for a checkup

With the pervasiveness of mobile technologies and connected devices, we will continue to see the threat landscape evolve, especially for highly regulated industries like healthcare. While the use of DEP and VPP is a positive security measure being employed by healthcare organizations, there are opportunities for these companies to further improve other areas of security hygiene and to mitigate risky user behavior.

Here’s a deeper dive into how this industry is faring as mass mobility programs become the norm:

  • 37% of healthcare organizations have at least one out-of-date policy
  • 53% of healthcare organizations have at least one missing device
  • 82% of healthcare organizations have more than 10 third party enterprise apps installed
  • 17% of healthcare organizations had at least one compromised device accessing corporate data, the highest rate among the industries measured

However, these aren’t just issues we’re seeing in healthcare. Nearly 30% of companies had at least one outdated policy, 7% lower than the average rate for healthcare companies. With more than half of healthcare organizations reporting at least one missing device, they risk losing more than the cost to replace that device. Missing devices can lead to exposed enterprise data and if the device falls into the wrong hands, the organization can face legal, monetary, and reputational costs.

The good news is that the majority of healthcare companies understand the mobile threats they face and are taking it seriously, with 64% of healthcare organizations enforcing mobile policies. Mobile device management policies secure, manage, and monitor any corporate or employee-owned mobile devices that access business critical data, which is particularly necessary in this industry. Having visibility and control to deploy, manage, and control missing or unused devices will help secure healthcare data.

About the Mobile Security and Risk Review

MobileIron publishes the Mobile Security and Risk Review bi-annually to provide IT security leaders with timely information about the mobile threat landscape and the emerging risks facing their organizations. This data in this report is normalized, anonymous data collected from 7,800 MobileIron customers between October 1 and December 31, 2016. We believe this is the largest set of enterprise-specific mobile device security analytics across the three most popular mobile operating systems: Android, iOS, and Windows.

James Plouffe

Strategic Technologist

About the author

With 20 years of experience, James has provided IT and InfoSec services and insight for customers ranging from mid-size enterprises to the Global 10. He also served as a technical consultant for seasons 1 – 3 of the award-winning “hacker” drama, Mr. Robot, on USA Network.