Want To Protect Your EHR From Hackers? Secure Those Mobile Devices

Ephraim Schwartz | mHealthNews | August 28, 2014

Hackers used malware to penetrate Community Health Systems' firewall, and once inside, they made off with some 4.5 million medical records — a staggering but not surprising number to cyber security professionals.  While the uninformed may ask how such a thing could happen, the probable cause is user error. And with so many malicious apps on the market, it’s no wonder.  “The most likely path for the malware to get in is via the usual phishing attack that tricked someone into going to a compromised website,” said John Pescatore, a senior analyst at the SANS Institute. Pescatore said he has no inside information but that this is the most frequent explanation.

And that puts EHRs at risk. If one mobile device is compromised, the EHRs on the server are going to be vulnerable, according to Armando Orozco, mobile security expert and senior malware intelligence analyst for Malwarebytes.  Hackers use mobile devices “as a launch pad,” Orozco added.  

Unlike the old days - the early to mid-'90s - when software was either purchased at a store or sent via the IT department, users today go to the Apple App Store or Google Play Store and download. For very few dollars every kind of application imaginable is available.  Unfortunately, unlike the old days, what users don’t know is where the software came from and where it is really going...