Security Market Segment LS
Wednesday, 06 April 2016 10:42

US Healthcare’s alarming lack of mobile security

By

More than 27 million Android devices with medical apps installed also potentially have at least one high-risk malware — yet 65% of doctors share patient data via SMS text message and 33% via Whatsapp.

According to the US Department of Health and Human Services, more than 260 major healthcare breaches occurred in 2015. Of those breaches, 9% involved a mobile device other than a laptop. The risk to patient and personal data in the healthcare industry only grows as more doctors and healthcare employees use mobile devices in their work.

Skycure,  a leader in mobile threat defense, has announced the results of its second healthcare focused Mobile Threat Intelligence report. It found that the number of doctors who use mobile devices to assist their day-to-day practice were exposed to network threats that significantly increase over time. In a single month, 22% of mobile devices are at risk of a network attack and reaches 39% after four months.

In addition to network threats, mobile devices continue to be plagued by malware. More than 4% of all Android devices were found to be infected with malicious apps. Medical app users need to be particularly wary. The Skycure mobile threat defense platform conducted 51 million network tests in 2015 and detected the installation of nearly 13,000 malicious apps - 27.79 million devices with medical apps installed might also be infected with a high-risk malware.

"The mobile phone is the best surveillance device in history,” said Jim Routh, CSO, Aetna. “Each device is a potential attack target for personal data, company data, and, in the healthcare industry, the private medical and health information of patients and customers. It’s imperative that both mobile users and their employers understand the risk and how to stay safe."

Mobile Healthcare at Risk

According to the US Department of Health and Human Services, more than 260 major healthcare breaches occurred in 2015.

Research shows that 80% of doctors use their mobile devices to assist in their day-to-day practice, and 28% store patient data on their mobile device, making their devices prime targets for cyber criminals.

In looking specifically at the health care industry, the Skycure report found:

  • 11% of mobile devices running an outdated operating system with high-severity vulnerabilities might have stored patient data on them
  • 14% of mobile devices containing patient data likely have no passcode to protect them
  • 27.79 million devices with medical apps installed might also be infected with high-risk malware.

 "Mobile is a huge attack target for cyber criminals who are after sensitive personal data like patient records,” said Adi Sharabani, CEO of Skycure. “Unlike desktop and network security, mobile security is often the weakest link in the security chain. Healthcare is one place where it is clear that one compromised device puts more than just the device owner’s data and identity at risk.”

More than two in every hundred mobile devices in every industry are high risk according to the Skycure Mobile Threat Risk Score--meaning they’ve already been compromised or are currently under attack. Nearly 44% are medium to high risk. The Skycure risk score takes into account recent threats the device was exposed to, device vulnerabilities and configuration and user behavior.

Passcodes and OS Upgrades Increase

The report uncovered some bright spots across the mobile landscape. Some users are securing mobile devices - 52% of devices now use passcodes (rose slightly from 48% in Q3 2015). This may be due to new devices activated over the December holidays featuring biometric passcodes. Unfortunately, it still leaves nearly half of devices completely unprotected.

The report also found that users of iPhones and iPads are more protected because they are much more likely to have the most current version of their device’s operating system.

  • At the end of 2015, 88% iOS users had upgraded iOS 9, the most recent major version of the Apple mobile operating system.
  • By contrast, only 3% of Android users were using Android 6.0 or “Marshmallow” at the end of the year. That leaves 97% of Android devices vulnerable to exploits targeting older versions.

Android upgrade adoption is complicated by carrier and device manufacturer release times. Despite its release in October, many Android users still don’t have access to a Marshmallow upgrade.

Many enterprises often have conflicting policies or no policy at all on device upgrades.  This can leave many devices vulnerable to threats, such as the Shared Cookie Store Bug, a vulnerability discovered by Skycure researchers several years ago, yet only addressed in the most recent version of iOS. Skycure also recently reported the discovery of Accessibility Clickjacking, a new type of Android malware that tricks users into giving away admin access to their devices and affects 65% of Android devices - a staggering number of half a billion mobile devices.

Some healthcare leaders do not fully understand the stark differences between protecting traditional endpoints from mobile endpoints. In short, smart devices are seen by the hacker community as the most vulnerable of gateways to sensitive data (HIPAA-protected patient data) for multiple reasons including:

  • Traditional cyber security cannot travel with BYOD, COPE and CYOD mobile users beyond the secure IT perimeter–exposing healthcare practitioners to malicious Wi-Fi and cellular network-based attacks and other advanced cyber threats
  • Hackers can trick healthcare practitioners into risky user behaviour (e.g., sending HIPAA patient data to a fake physician profile actually run by a hacker) that exposes passwords, insurance information, and other sensitive data without detection by traditional cyber security
  • Extreme mobile security measures such as containerization and continuous VPN tunneling are not acceptable with BYOD, COPE and CYOD users due to infringement on privacy and interruption of productivity and collaboration.

Read 5541 times

Please join our community here and become a VIP.

Subscribe to ITWIRE UPDATE Newsletter here
JOIN our iTWireTV our YouTube Community here
BACK TO LATEST NEWS here




WOMEN IN PROCESS MINING VIRTUAL EVENT

Enterprises are looking to integrate AI into process mining to future proof their operations.

The recently formed Australian chapter of Women in Process Mining (WIPM) is hosting a Zoom event from 1pm to 2pm on November 14 on the topic Using AI for Process Optimisation.

WIPM is a community designed for women in process mining; to strengthen their leadership, magnify their influence, and pave the way for process mining together.

The event is being hosted by Chapter Leads Kanika Goel, PhD, Claudia M., and Susana Zavaleta, with special guest speaker Jack Basley from global process mining leader Celonis

Register for the Zoom event now!

REGISTER!

PROMOTE YOUR WEBINAR ON ITWIRE

It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site itwire.com and prominent Newsletter promotion https://itwire.com/itwire-update.html and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV https://www.youtube.com/c/iTWireTV/videos which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinars and campaigns and assistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.

MORE INFO HERE!

BACK TO HOME PAGE
Ray Shaw

joomla stats

Ray Shaw ray@im.com.au  has a passion for IT ever since building his first computer in 1980. He is a qualified journalist, hosted a consumer IT based radio program on ABC radio for 10 years, has developed world leading software for the events industry and is smart enough to no longer own a retail computer store!

Share News tips for the iTWire Journalists? Your tip will be anonymous

Subscribe to Newsletter

*  Enter the security code shown: img0

WEBINARS & EVENTS

CYBERSECURITY

PEOPLE MOVES

GUEST ARTICLES

Guest Opinion

ITWIRETV & INTERVIEWS

RESEARCH & CASE STUDIES

Channel News

Comments