The rise of malicious attacks directed at mobile devices should give those charged with overseeing BYOD policies pause in light of the third annual mobile threats report released by Juniper Networks Mobile Threat Center (MTC).
“The report isn’t written specifically for the healthcare industry, but the threat can remain the same. We understand that those threats are extremely important when you think about the rise of mobility for the healthcare industry,” says the Director of MTC Troy Vennon.
The increased adoption of mobile devices has not gone unnoticed by criminal looking to turn a profit by infecting these devices with malware and other sophisticated forms of cyber-attacks.
“Health information is arguably the most sensitive information that mobile device users will be accessing from those tablets and smartphones,” explains Vennon. “We know that healthcare providers, doctors, and hospital practitioners are using mobile devices regularly. It’s reported that 93 percent of physicians at this point are using some sort of mobile device daily, and we know that patients are also using mobile devices to access their sensitive health information on a regular basis.
According to this year’s report, the number of smartphones to be sold in 2013 is likely to eclipse 1 billion devices, which represents a nearly 200-percent increase over the previous year. This growth in the adoption of mobile devices has been mirrored by the proliferation of malware, which grew by as much as 614 percent over the same time span with malicious applications totaling 276,259.
Healthcare organizations looking to minimize the threats to protected health information posed by personal mobile devices ought to consider carefully how the various operating systems running on these devices present different levels of risk.
While Apple and its iOS are viewed as the industry leader in terms of innovation and design, Android and its various Google operating systems make up a sizeable portion of all the smartphones shipped in the past year, with Android devices accounting for more than two-thirds of all smartphones in 2012 and estimated to exceed 1 billion in 2027.
Because of its larger presence, Android has attracted the attention of cyber criminals who have found it a rather simple task to take advantage of Android and its open ecosystem for applications and app development. Between March 2012 and March 2013, 92 percent of all detected mobile malware threats documented by MTC targeted Android, which when compared with previous years — 47 percent in 2011, 24 percent in 2010 — shows just how seriously malicious attackers have set their sights on the platform.
As the report makes clear, the focus on Android devices does not necessarily mean that Apple, its iOS, and iOS App Store are more secure:
Apple device security is handled exclusively by Apple, with no insight on malicious application statistics and detection capabilities made available to the public. This forces consumers and enterprises to put all of their mobile security “eggs” in one basket, so to speak. Android, on the other hand, has seen significant innovation in security products available to users– both free and paid.
That being said, the threat posed to iOS increases significantly in cases where end-users have decided to jailbreak their Apple devices.
Of the kinds of attacks perpetrated against mobile devices, the majority (48%) come in the form of SMS Trojans that take advantage of a user’s contacts and sends spam text messages to contacts. The second most popular category of malware threats is the fake install in which a well-known app (e.g., Facebook, Angry Birds, Skype) is repackaged to contain malicious content that in some cases could lead the device to become controlled remotely by hackers and expose weaknesses in wireless networks to which the device and others are connected.
Read the complete report here (registration required).