Mobile malware has moved beyond just extracting data—now, it can take over an entire mobile device, according to security firm MobileIron. And too many companies across industries, including healthcare, are not paying enough attention.

“Despite the rise in high-profile mobile malware attacks, anti-malware adoption continues to remain flat, with a global adoption rate of less than 5 percent,” the company warns in a new report.

Bloomberg/file photo

For instance, 17 percent of healthcare organizations have at least one compromised device, and only 12 percent enforce operating system updates. More than half of healthcare organizations have at least one missing device, MobileIron’s study found.

Also See: How to improve your organization’s cybersecurity training

“Enforcing OS updates is one of the easiest and most cost-effective ways to prevent attacks from exploiting holes in older operating systems,” MobileIron advises. “There’s simply no reason not to ensure (operating systems) are consistently updated. Think of the 80/20 Rule; organizations can reap 80 percent benefit with just 20 percent effort.”

Nearly 80 percent of organizations in MobileIron’s global customer base have more than 10 enterprise applications installed, and 18 percent of them use voluntary protection programs that streamline enterprise app deployment to users in a safe manner. The healthcare industry is above average, with a 29 percent rate using voluntary protection programs.

Still, threats keep coming, with new malware in recent months including HummingBad Malware (which infected 85,000,000 devices), Pegasus (capable of intercepting virtually all communications), QuadRooter (detected on an estimated 900,000,000 devices) and The Godless Malware (infected 850,000 devices).

Mobile apps and data have become fundamental to businesses, and the company’s new security report “shows that apps are not only critical to business but that employees around the world rely on these tools for parts of their jobs that were once relegated to the desktop, such as presentations and spreadsheets,” says James Plouffe, lead security architect.