BreachExchange mailing list archives
Malicious Apps in Healthcare Put Patient Data at Risk
From: audrey () riskbasedsecurity com (Audrey McNeil)
Date: Thu, 7 Apr 2016 18:28:07 -0600
http://www.infosecurity-magazine.com/news/malicious-apps-healthcare-patient/ A new healthcare-focused report from Skycure has highlighted the security risks surrounding the use of mobile devices within the medical profession. The research found that in a single month, one in five (22%) mobile devices used by doctors might be at high risk of malware attacks. This figure nearly doubles to 39% after four months, suggesting the security threats doctors face significantly increase over time. According to Skycure, 27.79 million devices with medical apps installed might be infected with malware, and when you consider that 80% of doctors use mobile devices in their work with 28% storing patient data on them, this is a worrying privacy issue. The US Department of Health and Human Services report that more than 260 major healthcare breaches occurred in 2015, with 9% of these involving a mobile device other than a laptop. âMobile is a huge attack target for cyber-criminals who are after sensitive personal data like patient records,â said Adi Sharabani, CEO of Skycure. âUnlike desktop and network security, mobile security is often the weakest link in the security chain. Healthcare is one place where it is clear that one compromised device puts more than just the device ownerâs data and identity at risk.â Skycure says part of the problem lies with the fact that some mobile devices that could have patient data stored on them are running outdated systems with high-severity vulnerabilities. Similarly, 14% of mobile devices containing such information are likely to have no passcode protection. âOut-of-date operating systems, particularly ones that are no longer supported by the vendor (i.e. Microsoft) are a risk because vulnerabilities in them that were not discovered and patched before they went out of vendor support will never be patched, and so are a permanent invitation to hackersâ Rik Turner, Senior Analyst at Ovum, told Infosecurity. âSystems with no or only weak password protection on them are clearly more at risk than ones with a strong password, though to be honest, even that is not really enough, particularly if sensitive data such as patient records are held on the device,â he continued. âSome form of disk and/or file encryption should be employed to supplement passwords. Quite how to raise user awareness of this issue remains a challenge. One suspects that many users will only truly become aware after the fact, i.e. after they have been breached a first time.â -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20160407/7ad72a27/attachment.html>
Current thread:
- Malicious Apps in Healthcare Put Patient Data at Risk Audrey McNeil (Apr 07)