Shared mobile devices create IAM risk because one device can become multiple users’ access path if credentials are shared or sessions stay open. That breaks accountability, weakens auditability, and increases the chance of inappropriate patient-data access. The risk is not mobility itself, but the identity boundary becoming unclear during real clinical handoffs.
Why This Matters for Security Teams
shared mobile device turn identity into a moving target in clinical environments. The device may be legitimate, but the session, cached token, or app state can outlive the person who originally authenticated. That creates a gap between who is holding the handset and who is authorised to act, which is exactly where audit trails, patient privacy, and access reviews start to fail. NIST’s Cybersecurity Framework 2.0 frames this as an identity and access governance problem, not just a mobility issue.
In healthcare, those gaps matter because devices are constantly passed between nurses, physicians, transport staff, and support teams under time pressure. A saved app session, an unlocked screen, or a weak logout process can make one tablet function like many users’ access path. NHIMG has repeatedly highlighted how unclear identity boundaries and insecure secret handling are recurring failure points in practice, including in its Top 10 NHI Issues and Ultimate Guide to NHIs — Why NHI Security Matters Now. In practice, many security teams encounter misuse only after a clinical handoff has already exposed the flaw, rather than through intentional access design.
How It Works in Practice
The IAM risk comes from combining shared hardware with persistent identity state. A shared mobile device often keeps app sessions alive, stores refresh tokens, or relies on a long-lived login that was created by someone else. If the device is used for medication administration, chart review, or secure messaging, then the next user may inherit access without a fresh identity check. That breaks accountability and can also defeat conditional access logic if the device is trusted but the person is not.
Current guidance suggests treating the person, the device, and the session as separate trust signals. Strong patterns include:
- Per-user authentication at each handoff, not a single login for the whole shift.
- Short-lived sessions with automatic lockout after inactivity or role change.
- Device enrollment controls that bind access to managed endpoints without assuming the endpoint proves the user.
- Step-up authentication for sensitive actions such as viewing high-risk patient data or changing orders.
- Central logging that captures user, device, app, and time so audits can reconstruct who did what.
For healthcare teams, that usually means integrating mobile device management with identity governance, rather than relying on the app alone. Secret reuse is especially dangerous: if a shared app caches credentials or tokens, a single compromised handset can expose multiple workflows. The risk is similar to the patterns NHIMG documents in its IOS app secrets leakage report and the 2024 Non-Human Identity Security Report, which notes that only 19.6% of professionals express strong confidence in securely managing workload identities. These controls tend to break down when shared devices are used offline or in high-turnover wards because session state and user accountability are hardest to preserve under time pressure.
Common Variations and Edge Cases
Tighter device controls often increase clinical friction, requiring organisations to balance fast bedside access against stronger identity proofing. That tradeoff is real, and there is no universal standard for it yet. Best practice is evolving toward workflow-aware controls that minimise disruption while still forcing a clean identity boundary at handoff.
Some environments can tolerate shared devices better than others. For example, a kiosk used only for scheduling is not the same as a handheld used to access medication records. Likewise, a shared device that only opens a role-limited app is less risky than one that provides broad EHR access. The key decision is whether the device can be safely treated as a neutral tool, or whether it has become a reusable access path that needs strict session reset and re-authentication.
Operationally, teams should watch for these edge cases:
- Emergency override workflows that bypass normal logout or step-up checks.
- Apps that fail to clear local cache, attachments, or offline records after sign-out.
- Contractor, float, or agency staff who rotate across wards and inherit sessions too easily.
- Shared devices that mix patient-facing functions with privileged clinical functions.
For deeper reading, NHIMG’s Ultimate Guide to NHIs — Key Challenges and Risks is useful for understanding why persistent access state is so difficult to govern. The strongest programmes treat every handoff as a new access decision, not a continuation of the last user’s trust. That approach is essential where shared devices are used in fast-moving wards and staff cannot reliably confirm who last authenticated.
Standards & Framework Alignment
This section maps relevant standards and security frameworks to the operational risks and controls described in this guidance.
OWASP Non-Human Identity Top 10 address the attack and risk surface, while NIST CSF 2.0 and NIST AI RMF set the governance and control requirements practitioners need to meet.
| Framework | Control / Reference | Relevance |
|---|---|---|
| NIST CSF 2.0 | PR.AC-1 | Shared devices weaken identity verification and session accountability. |
| OWASP Non-Human Identity Top 10 | NHI-03 | Persistent tokens on shared devices create secret exposure and reuse risk. |
| NIST AI RMF | AI risk governance supports context-aware controls for dynamic access decisions. |
Assess shared-device workflows for identity ambiguity, then define compensating controls and accountability.
Related resources from NHI Mgmt Group
Deepen Your Knowledge
Reviewed and updated by the NHIMG editorial team on June 25, 2026.
NHI Mgmt Group — the #1 independent authority on Non-Human Identity, IAM, and Agentic AI security. nhimg.org
