Call the doctor... no, call security. Docs' mobiles are hopelessly insecure – study

One in five doctors’ mobile devices might be at risk of leaking sensitive data due to either malware or poor password security practices, according to a new study.

Mobile threat device firm Skycure reports that 14 per cent of smartmobes and tablets containing patient data likely have no passcode to protect them. And 11 per cent of those running outdated operating systems with high-severity vulnerabilities may have stored patient data on them.

More than four per cent of all Android devices were found to be infected with malicious apps. Skycure estimates that 27.79 million devices with medical apps installed might also be infected with high-risk malware.

According to the US Department of Health and Human Services, more than 260 major healthcare breaches occurred in 2015. Of those breaches, a small but significant minority – nine per cent – involved a mobile device other than a laptop.

Skycure’s second Mobile Threat Intelligence report is based on worldwide mobile data from Skycure and third-party sources. The firm's mobile threat defence platform conducted 51 million network tests in 2015, and detected the installation of nearly 13,000 malicious apps. The report is based in part on millions of monthly security tests from October through December 2015 and includes both consumer devices and devices under management by Skycure in enterprise organisations. Data crunched as part of the study also includes Skycure’s proprietary Mobile Threat Risk Score, which acts as a credit score to measure the risk of threat exposure for mobile devices.

Looking outside healthcare industry specifically, the study also found that the percentage of devices with passcodes enabled rose slightly to 52 per cent in the last quarter of 2015 from 48 per cent in Q3 2015. The slight increase, which still leaves nearly half of devices completely unprotected, may be due to new devices activated over the December holidays featuring biometric passcodes, according to Skycure.

The report also found that users of iPhones and iPads are more protected because they are much more likely to have the most current version of their device’s operating system than their Android counterparts.

At the end of 2015, 88 per cent of iOS users had upgraded iOS 9, the most recent major version of the Apple mobile operating system. By contrast, only three per cent of Android users were using Android 6.0 or “Marshmallow” by the end of 2015, a shortcoming that leaves the vast majority of Android devices vulnerable to exploits targeting older versions of the OS.

Android upgrade adoption is complicated by carrier and device manufacturer release times, so users in healthcare and elsewhere can't wholly be blamed for this. ®