As the healthcare industry reacts to a streak of ransomware attacks against hospitals, a new report sheds light on a looming but poorly-publicized threat: doctor's mobile communications practices. According to the report, 28 percent of doctors store patient data on their cell phones, and 80% of doctors use a mobile device as a tool to assist their daily practice.
The report, published by Skycure, found that 27.79 million doctors use a mobile device that contains a medical app that is infected by high-risk malware. The study found 4.21 percent of Android devices analyzed are infected by malicious apps.
“The magnitude of this was extremely surprising, Skycure Marketing Vice President Varun Kohli told SCMagazine.com. “There is absolutely no visibility.”
Many doctors do not practice basic cyber hygiene. The report found that 14 percent of doctors have patient data on mobile devices but do not even use a password on their device.
According to the study, 65 percent of doctors use SMS to send patient information, 46 percent use photo messaging, and 33 percent of doctors share data through Whatsapp. Patients may be comforted that Whatsapp completed its integration of the Signal Protocol into the company's online messaging service, completing its end-to-end encryption process.
“It does not matter if you have encryption. I still will be able to read all your traffic, if you have joined a compromised network or if your device is compromised,” Kohli said.
In addition, researchers have discovered a treasure trove of vulnerabilities and Trojans that affect SMS text messages, including the Android.Bankosy malware and Asacub Trojan.
The number of infected devices used by doctors is consistent with a February report that found three percent of devices are infected with malware. This figure translates to an average of more than 1,700 infected devices at an enterprise connecting to a network.
Kohli said the report was prompted by a US Department of Health and Human Services report that more than 260 healthcare organizations were breached in 2015. Nine percent of those breaches involved a tablet or cell phone.
