Healthcare industry has an alarming mobile security gap
The healthcare industry is massively adopting smart mobile devices, but still moves very slowly when it comes to implementing cyber security measures to protect those devices.
“In 2013, 8% of doctors used mobile devices to manage in-patient data. In 2014, the numbers of doctors relying on mobile devices grew to 31%. By 2015, it was 70% of doctors,” Skycure noted in its second Mobile Threat Intelligence report, compiled by taking into consideration worldwide threat Intelligence data based on tens of thousands of devices and millions of monthly security tests from July through December 2015 (both consumer and enterprise devices).
But 28 percent of doctors have patient data stored on their mobile device, and 14 percent of those don’t use a passcode to protect the device (and the data on it). In addition to this, 11 percent of them use older versions of mobile OSes that sport high-severity vulnerabilities.
Also, 65% of doctors share patient data via SMS text message, 46% via picture messaging and 33% via WhatsApp. The latter option might not be so worrisome in light of the recent addition of default end-to-end encryption to the WhatsApp chat, but if either the healthcare professional or the recipient of the message has enabled unencrypted cloud backups of the messages, the information in the messages is not secure from third parties.
“Some healthcare leaders do not fully understand the stark differences between protecting traditional endpoints from mobile endpoints. In short, smart devices are seen by the hacker community as the most vulnerable of gateways to sensitive data (HIPAA-protected patient data) for multiple reasons,” says Skycure CEO Adi Sharabani.
“Traditional cyber security cannot travel with BYOD, COPE and CYOD mobile users beyond the secure IT perimeter–exposing healthcare practitioners to malicious Wi-Fi and cellular network-based attacks and other advanced cyber threats,” he explained.
Add to this the fact that cyber attackers can trick healthcare practitioners into risky user behavior (such as sending passwords and sensitive patient data), as well as a lack of extreme mobile security measures, and you have devices that are ideal targets for hackers who are after patient data.