Shared mobile devices in healthcare expose identity and access gaps

At a glance

What this is: This report argues that shared mobile devices are now essential to clinical operations, with efficiency gains only materialising when access, security, and device management are tightly aligned.

Why it matters: It matters because healthcare IAM, PAM, and device teams must treat shared clinical devices as governed identity endpoints, not just fleet hardware.

By the numbers:

• 92% of healthcare IT and clinical leaders agree that mobile devices are critical to bedside care.
• 62% of staff struggle with device accessibility.

👉 Read Imprivata's report on shared mobile devices in healthcare

Context

Shared mobile devices in healthcare are a governance problem as much as an operational one. When access must be fast, clinician-friendly, and auditable at the same time, traditional one-user-one-device assumptions stop holding.

The primary identity question is not whether clinicians need mobile access, but how hospitals can make shared access secure enough for patient data while still reducing friction at the bedside. That places IAM, device compliance, and session accountability into the same control plane.

Key questions

Q: How should healthcare teams govern shared mobile device access without slowing clinicians down?

A: They should make authentication fast, device state visible, and session handoff explicit. Badge tap, single sign-on, and biometric access reduce friction, but they must be paired with audit trails and clean-return workflows so the next clinician does not inherit an open session or stale trust state.

Q: Why do shared clinical devices create identity and access risk?

A: Because the device is reused by multiple people across shifts, so the organisation must prove who had access, when the session ended, and whether the endpoint was reset. If those controls are weak, credential sharing and lingering sign-in sessions become routine workarounds.

Q: How do security teams know whether shared device controls are working?

A: Look for reduced sign-out delays, fewer help desk tickets, lower rates of personal-device workarounds, and a complete record of device custody. If staff still bypass the managed workflow, the programme is losing trust at the point of use.

Q: Who is accountable when a shared device is lost or left signed in?

A: Accountability should sit with the operational owner of the shared fleet, the identity team that governs access, and the clinical manager responsible for shift usage. The control question is whether the organisation can identify the last authenticated user and enforce return and wipe procedures.

Technical breakdown

Shared device identity and session accountability

Shared clinical devices rely on fast authentication, but the real control issue is session ownership. A badge tap, biometric check, or single sign-on flow can establish who is using the device, yet the environment still needs to know when that session begins, ends, and is handed off. Without that, the device becomes a soft trust boundary where shared access can turn into persistent access. In healthcare, that creates exposure for PHI, app sessions, and cached credentials. The technical problem is not mobility itself, but whether the device lifecycle preserves identity continuity across shifts and users.

Practical implication: treat each device handoff as a governed identity event, not just an operational reset.

Mobile access management and device compliance

Mobile access management becomes the bridge between workforce usability and enterprise policy. In this model, the user authenticates while the device remains under central control through provisioning, posture enforcement, loss handling, and remote wipe. That matters because shared devices are not static endpoints in practice. They move between users, rooms, and shifts, which makes policy drift and lost-device handling more important than device ownership. The key architectural point is that identity assurance and device assurance must be enforced together, or else access convenience undermines the security envelope.

Practical implication: enforce compliance checks and lost-device workflows at the same time as user authentication.

Why shared device workflows affect clinical latency

Shared mobile programs succeed or fail on time-to-access. If staff spend minutes signing out, reauthenticating, or searching for charged devices, they will route around the control by using personal devices or sharing credentials. That creates an identity governance failure disguised as a usability issue. The report's workflow examples show why automation matters: device checkout, app access, and return-to-pool processes reduce the incentive to bypass controls. In healthcare, the technical architecture must compress delay without removing accountability.

Practical implication: measure access friction as a security risk, not only as an operational inconvenience.

Threat narrative

Attacker objective: The objective is unauthorized access to clinical systems or patient data through weakly governed shared-device sessions and poor handoff discipline.

1. entry: A clinician or staff member gains access to a shared device through badge tap, biometric authentication, or another approved sign-in method at the start of a shift.
2. escalation: If the session is left open, credentials are shared, or personal devices are used as a workaround, the trust boundary expands beyond the intended user session.
3. impact: Exposed sessions can lead to data access by the wrong person, compliance violations, and device loss without clear accountability.

Breaches seen in the wild

• Cisco DevHub NHI breach — IntelBroker exploited exposed Cisco credentials, API tokens and keys in DevHub.
• IOS app secrets leakage report — iOS apps leaking hardcoded secrets and credentials endangering user privacy.

Read our 52 NHI Breaches Analysis report for a comprehensive view of breaches impacting Non-Human Identities including AI Agents.

NHI Mgmt Group analysis

Shared mobility is now an identity governance problem, not a device procurement problem. The report shows that shared devices can save money and improve workflow, but only when access is accountable across the full device lifecycle. That means identity assurance, session control, and device management have to be designed together rather than treated as separate workstreams. Practitioners should read shared mobility as a governance model that spans clinical operations and access control.

Credential sharing is a symptom of friction, but persistent signed-in sessions are the real control failure. When 74% of devices are frequently left signed in and 79% of staff report credential sharing, the programme has already lost the boundary between convenience and control. The failure mode is not malicious intent. It is a governance design that allows session carryover to survive shift changes. Practitioners should focus on eliminating lingering trust, not just on user training.

End-to-end visibility is the named concept this market now needs. Shared clinical devices require the organisation to know who used which device, when it was handed off, and whether it returned to a compliant state. That is a narrower and more operationally useful requirement than generic asset tracking. The implication is that healthcare identity programmes must extend auditability into the mobile device pool, because accountability without session history is incomplete.

Workflow adoption and security enforcement cannot be traded against each other. The article makes clear that clinicians will bypass controls that slow them down, whether by using personal devices or by sharing access. That means security teams need to treat usability failures as governance failures, not user rebellion. Practitioners should align access design with clinical reality, or risk building controls that staff route around.

This is a Zero Trust and lifecycle issue at the same time. Shared devices only fit a resilient model when authentication, posture enforcement, and return-to-pool processes all happen before the next user inherits the device. In NIST CSF terms, the environment needs stronger access control and recovery discipline; in zero trust terms, each re-entry must be re-established. Practitioners should rethink shared mobility as repeated trust establishment, not continuous trust.

From our research:

• Only 20% have formal processes for offboarding and revoking API keys, and even fewer have procedures for rotating them, according to the Ultimate Guide to NHIs.
• In the same research, 97% of NHIs carry excessive privileges, increasing unauthorised access and broadening the attack surface.
• For a deeper lifecycle lens, NHI Lifecycle Management Guide is the right next resource for provisioning, rotation, and offboarding discipline.

What this signals

Shared clinical mobility is converging with identity governance. Hospitals that treat mobile devices as reusable access endpoints need stronger lifecycle thinking, not just better inventory control. The governance lesson is simple: if access can move from one clinician to another in seconds, the control model must be able to prove who held that access at every handoff.

A useful operating concept here is session handoff accountability: the organisation must know when a shared device changes hands, whether the previous session is closed, and whether the next session starts from a compliant state. That is where device management, PAM-like discipline, and IAM meet.

The broader signal is that shared-device programmes will be judged by both clinical efficiency and auditability. Teams should expect more pressure to align mobile access policies with NHI lifecycle thinking, because the same governance logic applies whenever a reusable endpoint carries multiple identities across a shift.

For practitioners

• Map shared-device handoffs as identity events Record who authenticated, what device they used, when the handoff occurred, and whether the device returned to a clean state before the next shift. That audit trail should be available to IAM, clinical operations, and security teams.
• Remove incentives for credential sharing Reduce sign-in delay with badge tap, single sign-on, and biometric access so staff do not bypass controls through shared passwords or personal devices. Measure how often users abandon managed workflows when access takes too long.
• Tie device compliance to each checkout Require posture checks, lost-mode handling, and remote wipe readiness before a shared device can be reassigned. Device reuse should not be possible until the endpoint is confirmed consistent, updated, and ready for a new user.
• Use the NHI Lifecycle Management Guide for shared pools Apply lifecycle thinking to mobile fleets by defining provisioning, reassignment, and retirement rules for each device class. This helps security and clinical teams treat shared devices as governed identities with ownership transitions.

Key takeaways

• Shared mobile devices in healthcare are now a governance issue, because workflow speed and access accountability have to coexist.
• The report's biggest risk signals are lingering signed-in sessions, credential sharing, and staff workarounds when access is slow.
• Healthcare teams should manage shared devices as lifecycle-bound access endpoints, with clear handoff, reset, and audit controls.

Key terms

• Shared Mobile Device: A shared mobile device is a reusable endpoint used by multiple people across shifts, locations, or tasks. In healthcare, the device must preserve accountability between users while still allowing fast access to clinical applications, data, and workflows.
• Session Handoff Accountability: Session handoff accountability is the ability to prove who used a device, when the session ended, and whether the device returned to a clean state before the next user. It is essential where a single endpoint carries multiple identities in quick succession.
• Mobile Access Management: Mobile access management is the control layer that governs device provisioning, authentication, policy enforcement, and recovery for mobile endpoints. In shared environments, it must align user identity, device posture, and return-to-pool processes to prevent leftover access.
• Clinical Device Pool: A clinical device pool is a centrally managed inventory of mobile devices that are issued on demand rather than owned by a single user. Its security depends on rapid reissue, reliable wipe and reset processes, and strong visibility into custody and compliance.

Deepen your knowledge

NHI governance, agentic AI identity, and machine identity lifecycle are core topics in our NHI Foundation Level course, the industry's only accredited NHI security programme. If you are responsible for identity security strategy or NHI governance in your organisation, it is worth exploring.

This post draws on content published by Imprivata: The 2025 state of shared mobile devices in healthcare report. Read the original.