This summer, two hackers successfully took control of a car – a Jeep Cherokee – by remotely hacking into its computer system and killing the engine; a feat they claimed was possible from a radius of 70 miles. They gained access via an open port in the car’s infotainment system; via its cellular connection.
The potential hacking of automobiles may be a worry for drivers; but not a major concern for healthcare providers and other HIPAA-covered entities. However, the incident does demonstrate the skills of the hackers; and hackers are targeting healthcare providers, insurers and other HIPAA covered entities for the data they hold.
Worse news for healthcare providers comes from the latest hacking of a vehicle; this time via mobile SMS messages. SMS text message hacking is a new method of attack now being exploited by hackers. This is of more direct relevance to healthcare providers. Hacking via SMS channels could be applied to BYOD or company supplied devices.
Your Insurance Company may be Increasing your Risk of Being Hacked!
The latest automobile hacking incident exploit vulnerabilities in the cellular and IP networks used by modern automobile systems. Hackers are now able to use a variety of methods to exploit weaknesses in systems. Security measures are in place, but they are no longer sufficient to protect against the arsenal of tools at a hackers disposal.
The latest SMS text message hacking incident was revealed at this year’s Usenix security conference in Washington, D.C., Hackers were able to gain access to a car’s braking system, and other vital controls, by exploiting a vulnerability in SMS text messages. The car in this instance was a Corvette; however access to the car was gained via a third party device; a dongle.
Some insurance companies have started using trackers on vehicles, with their insurance policies charged on a per mile basis. Unfortunately for the insurers, a dongle plugged into the vehicles to allow tracking information to be sent is how hackers gain access to the car’s controls.
In this SMS text message hacking incident, an OBD2 dongle security vulnerability was exploited. The dongle was distributed by San Francisco-based Metromile Insurance, according to researchers from the University of California San Diego who examined the device.
Security Demonstration Highlights Need to Secure Healthcare Mobile Devices
With the threat level now at the highest it has ever been, and new cyberattacks reported on a daily basis, it is essential cybersecurity defenses are constantly updated. The latest threat of hacking via mobile networks can be taken as a reminder to look at current security measures protecting mobile devices; a common healthcare data security weak point.
A full risk analysis should be conducted to assess for new vulnerabilities that could potentially allow hackers to gain access to the devices, and an action plan set to address any security issues. Risk of exposure of PHI can be virtually eliminated by using a secure texting solution for communication on healthcare devices. It may not be a universal solution to ensure devices are protected from external attacks, but it will ensure that any data transmitted through the system is encrypted and protected.