Increasing Android malware should scare hospital CIOs

A word of warning for all hospital CIOs: Be sure to keep a close eye on clinicians using Android devices and apps. Android malware attacks have doubled, and the number of Android apps with malware has quadrupled in the past six months, according to San Francisco-based mobile security firm Lookout Securities' new "2011 Mobile Threat Report." The result: Nearly 30 percent of Android users will be hit with malware this year.

Primary app-based threats in the first half of 2011--for all platforms, not just Android--include:

  • Malware, or software that can be used to steal personal information from a mobile device, or to replicate a virus by sending unsolicited emails to a user's contact list.
  • Spyware, which collects or uses data without a user's permission. For healthcare, this could put personal health information at risk if users have included PHI in text messages, email, or pictures, or if any patient names are on a user's contact list.
  • Vulnerable apps that can be made to divulge to sensitive information automatically download additional apps, among other negative behaviors. Vulnerable applications typically are fixed by an update from the developer. Part of the challenge for CIOs, though, is getting physicians to incorporate updates to their devices, software and apps. App security fixes often are embedded in updates, and if physicians don't perform regular updates, their smartphones and tablets could be vulnerable, according to the report.

Malware is the fastest-growing threat to your physicians' smartphones, the report indicates. In 2010, spyware represented 66 percent of the app-based threats, and malware 34 percent. In the first six months of 2011, the gap between those numbers has closed considerably, to 52 percent for spyware and 48 percent for malware.

Still, according to the report, the primary threat to mobile devices remains the low-tech, common variety lost or stolen mobile unit.

"The mobile device is valuable not only because the hardware itself can be re-sold on the black market, but more importantly because of the sensitive personal and organization information it may contain," Lookout officials say. In healthcare, it's the latter that should raise CIO's hackles.

To learn more:
- read TMCNet's coverage
- read the "2011 Mobile Threat Report"