The answer is yes. Malware can be installed on your phone that can secretly record the microphone, phone calls, access the camera, access passwords on the phone and track the location of a mobile phone.
Citizen Lab states that they found evidence that dozens of individuals were targeted, and their iPhones were compromised by spyware known as Pegasus. For details of the event click here
Very often when we write about malware, we are talking about receiving an email or other communication that entices us to click on a link or an attachment. Clicking on that link or attachment results in malware being installed on the device. The malware in question here is much more sinister in that it is known as a “Zero-Click” attach. In these cases, the malware was sent to the iPhone as an iMessage and automatically installed itself on the iPhones.
Each day new vulnerabilities are being discovered in the technology, and each day our data is more and more at risk. Very often we have heard that apple products are safe and do not pose the same level of risk as other brands. This was true when the cell phone market and computer market was dominated by Microsoft and Android. Now with the large footprint that Apple has both in the cell phone market and on desktops these devices have become a much bigger target for hackers looking to access our data.
An important take away from this incident is that no matter how well we prepare and take steps to prevent events that may compromise our privacy and the privacy of the medical records in our practice, we can never be 100% protected. It has been said it is not a matter of if your medical records will be compromised, it is a matter of when. This is just another example of the level of sophistication that exists and is available to undermine the security we have in place.
When you do have a HIPAA event you need to be ready for an investigation. The fist thing an investigator will ask for is your most current and update HIPAA Security Manual and HIPAA Risk Mitigation Plan. If you can no produce documents that demonstrate you are involved in a good faith effort to protect your records, the government is REQUIRED TO FINE YOU.
If you have not completed your HIPAA Security Manual and Risk Mitigation plan please reach out to TLD Systems. They can assist you with this process. You should consider this to be the first step to reduce your risk of a HIPAA event and a form of insurance to help the office avoid fines that can be in the tens or thousands of dollars.
Michael L. Brody, DPM