30 Nov 2017
In today’s world, almost every piece of technology comes equipped with the ability to access the internet. Phones, watches — even refrigerators — are built to connect. While the intent here is to make life a little easier, an unfortunate side effect is that these connections open up new pathways for cyber criminals. For organizations that acquire a large amount of sensitive data — health care organizations, for example — these openings become potentially business crippling pathways through which hackers can steal information. Today, we’re going to discuss what endpoints you need to be paying close attention to and how you can ensure your organization is protected against these threats.
The ThreatIn their October newsletter, the Department of Health and Human Services’ Office for Civil Rights (OCR) warned about the dangers unprotected mobile devices can present to electronic protected health information (ePHI). “As mobile devices are increasingly and consistently used by covered entities, business associates and their workforce members to store or access electronic protected health information, it is important that the security of mobile devices is reviewed regularly, and modified when necessary, to ensure ePHI remains protected,” they wrote. When it comes to cybersecurity, we often only consider networks, desktop computers or work laptops. Mobile devices like phones and tablets, however, can pose just as much risk to an organization’s security as any traditional interface. Let’s imagine that an employee at a health care entity sometimes uses their mobile phone to log into their organization’s private portal through which they can access patient information. Or, maybe a doctor uses an encrypted app on a tablet when meeting with patients. While information is easily accessed in this format, it also is more vulnerable. What if the employee loses their device with that web browser still open or valuable information downloaded? What if the doctor’s tablet is stolen? All of these scenarios can lead to private information falling into the wrong hands, which can cause potentially damaging outcomes like being required to pay regulation fees, patient lawsuits and any accessory costs related to suffering a breach.
Attack AvenuesOther than just outright stealing a device, however, what other tactics do cyber criminals use to access these devices? A few common methods include:
- Ransomware installed on phones via corrupted websites or email links
- Keyloggers — spyware which records all typed characters on a device, allowing hackers to steal your information
- Unsecured mobile networks