BACKGROUND IMAGE: stock.adobe.com
Today it would be hard to find someone in healthcare not using a smartphone or mobile device regularly. While a significant amount of usage is for personal use, there has been a steady increase in using mobile devices to access hospital and patient data. As a result of this increase, hospital IT departments are seeing a significant need to modernize their security practices in order to protect the new attack surface. But as mobile device security in healthcare becomes more of a priority, hackers and other cybercriminals are accelerating their attacks and attempts to compromise those devices.
Mobile device attacks are on the rise
The demand for instant access to information for patient care and other work-related activities has helped increase the adoption and use of mobile devices. EHR systems are supporting those demands by offering access to patient health information through mobile apps.
However, the increase in hospital information access through mobile devices has raised the risk of data breaches, mainly due to the fact that not all mobile devices are as protected as desktops and other devices in the healthcare facility. Hackers and cybercriminals are taking advantage of the limited mobile device security in healthcare by looking for new vulnerabilities to exploit. In fact, recent statistics by Malwarebytes highlight that targeting mobile devices in recent years has seen a steady increase. The antimalware software company discovered that there was a massive spike in detections of Android cryptominers at the end of Q1 2018.
Many of today's biggest threats to mobile device security in healthcare continue to be cryptominers, which are considered the latest trend that criminals are using to target mobile users. The attack usually results in using the unsuspecting victim's mobile device as a way to mine cryptocurrency. This causes the device to see an increase in processor and memory use and can cause it to become slow to use and unreliable. Another type of attack involves phishing attempts in which a user opens an attachment on their mobile device and Trojan-ransomware is loaded into the mobile device, allowing hackers to take control over the device and potentially steal data such as sensitive personal information and credentials.
Advanced security tools help lock down devices
The increased interest in targeting mobile users has forced IT to consider more advanced security tools that are capable of adding new protections for mobile devices against these new types of cyberattacks. While in the past the use of mobile device management helped hospital IT manage and lock down devices to protect health data, they are not sufficient when it comes to protecting against Trojans, malware, spyware, viruses or ransomware that attack mobile devices.
To address gaps in mobile device security in healthcare, hospitals are rolling out new security tools that add an additional layer of protection to mobile devices. These new tools work the same way as antivirus, web filtering, antispyware and antimalware work for workstations and servers. Some of the popular mobile device cybersecurity tools in the marketplace include: Avira, Avast Mobile Security, AVG, Bitdefender, Malwarebytes and Kaspersky.
It may be hard to believe that mobile devices are as vulnerable as PCs, especially when vendors like Google and Apple screen the applications being deployed to their app stores and are constantly updating their software with security patches. Unfortunately, some cybercriminals are able to find new vulnerabilities in those devices and even publish malicious apps that evade some of the vendors' rigorous tests. Hospital IT departments will need to ensure that strategy they have in place for mobile device security in healthcare takes into consideration the protection of both employee- and hospital-owned mobile devices.