The official Android app store, Google Play, is home to over 700,000 apps. Among these apps, 32 were found to be infected with a new piece of Android malware called BadNews. Although Google recently removed these apps from the market, they were downloaded over 9 million times!
According to Lookout Mobile Security, Google suspended several accounts associated with the infected apps that contained a malicious SDK. ZDNet reporter Liam Tung covered the recent news stating that, “In violation of Google’s developer terms, the malicious ad network causes the app to impersonate news messages, including fake alerts encouraging the user to install a ‘critical update’ to Russian social network Vkontake, Skype, and other apps.” Lookout’s principal security researcher Marc Rogers said the attackers took their cue from shady affiliate-based marketing websites.
Arik Hesseldahl of All Things D reported Lookout saying, “Enterprise security managers must assume that even very well-designed app-vetting process will not be able to detect malicious behavior that hasn’t happened yet.”
BYOD is catching on in the healthcare community! More and more popular healthcare apps have been developed for convenience and potential cost savings. A recent Cisco study reported by Patrick Ouellette in Health IT Security stated that 88.6 percent of healthcare respondents are using smartphones for work purposes. The top three security risks identified in the study include:
1) Lack of full encryption – Most organizations are at least aware of the fact they should be encrypting all mobile data, especially if there are BYOD policies in place. Encrypting protected health information (PHI) at the database level, transmission level and within specific applications (that are connected to these mobile devices) is obviously critical to securing the data.
2) Mobile network security threats – Employees often access, receive, transmit or store PHI on a mobile device in a public space using an unsecured public wireless Internet network without a second thought. In fact, that same Cisco study said that 53 percent of respondents access unsecured or unknown Wi-Fi networks.
3) Out-of-date BYOD policies and education – Part of solving the BYOD problem for healthcare organizations will be to ensure that their mobile policies are consistent with new HIPAA Omnibus and HITECH regulations. Furthermore, all clinical staff will need to be educated on how to properly use their mobile devices in a secure manner.
Thoughts or comments on this week’s news? Reach the Appthority team on Twitter at @GetAppthority.
Listen to our weekly App-ti-tude test on the #mHealthZone podcast, next Thursday, May 2nd at 9 a.m.PT.