Moblie healthcare apps at high risk of malicious attacks

A new healthcare-focused report has found that commonly used mobile healthcare apps are at risk of malicious attacks.

The second Mobile Threat Intelligence report, based on worldwide mobile data from mobile threat specialist Skycure and third-party sources, says that the percentage of doctors who use mobile devices to assist their day-to-day practice are exposed to network threats that significantly increase over time. In a single month, one in five mobile devices will be at risk of a network attack. This figure nearly doubles after four months.

In addition to network threats, mobile devices continue to be plagued by malware. More than four percent of all Android devices were found to be infected with malicious apps.


High risk

Medical app users need to be particularly wary, as the report found 27.79 million devices with medical apps installed might also be infected with a high-risk malware. The Skycure mobile threat defence platform conducted 51 million network tests in 2015, and detected the installation of nearly 13,000 malicious apps.

In looking specifically at the healthcare industry, the Skycure report found:

  • Eleven percent of mobile devices running an outdated operating system with high-severity vulnerabilities might have stored patient data on them.
  • Fourteen percent of mobile devices containing patient data likely have no passcode to protect them.
  • 79 million devices with medical apps installed might also be infected with high-risk malware.

More than two in every hundred mobile devices in every industry are high risk according to the Skycure Mobile Threat Risk Score – meaning they’ve already been compromised or are currently under attack. Nearly forty-four percent are medium to high risk. The Skycure risk score takes into account recent threats the device was exposed to, device vulnerabilities and configuration, and user behaviour.


Passcodes and OS upgrades increase

The report did uncover some bright spots across the mobile landscape. Some users are taking steps to secure their mobile devices. For example, the percentage of devices with passcodes enabled rose slightly to 52 per cent in the last quarter of 2015 from 48 per cent in Q3 2015. This may be due to new devices activated over the December holidays featuring biometric passcodes. Unfortunately, it still leaves nearly half of devices completely unprotected.

The report also found that users of iPhones and iPads are more protected because they are much more likely to have the most current version of their device’s operating system.

  • At the end of 2015, 88 per cent of iOS users had upgraded iOS 9, the most recent major version of the Apple mobile operating system.
  • By contrast, only three percent of Android users were using Android 6.0 or “Marshmallow” at the end of the year.
  • That leaves 97 per cent of Android devices vulnerable to exploits targeting older versions.

“Mobile is a huge attack target for cyber criminals who are after sensitive personal data like patient records,” said Adi Sharabani, CEO of Skycure. “Unlike desktop and network security, mobile security is often the weakest link in the security chain. Healthcare is one place where it is clear that one compromised device puts more than just the device owner’s data and identity at risk.”

Related reading