The United States Government Accountability Office (GAO) recently issued a report to Congress called, “Information Security: Better Implementation of Controls for Mobile Devices Should Be Encouraged.” The Report identified these four sources of mobile device attacks:
- Software downloads: Unsuspecting users download malicious applications (apps) made to look like games, device patches, or utilities. Once the software is downloaded on a mobile device, unauthorized persons can access health information or system resources.
- Visiting a malicious website: When a user visits a malicious website, malware is automatically downloaded. The app either downloads automatically or the user must take action (such as clicking on a hyperlink) to download the app.
- Direct attack through the communication network: Some attacks try to intercept communications to and from the device to get unauthorized use of mobile devices and access to sensitive information.
- Physical attacks: Unauthorized persons may be able to access and use health information stored on a lost or stolen device.