As iPads spread virally throughout the healthcare industry, IT chiefs are left wondering if these new devices will compromise the security of their organizations. (source) With an increase in malicious attacks and hackers trying to find any way possible to get to sensitive data security on mobile devices this has become a serious concern.
Christina Thielst, vice president at Tower Strategies and author of the blog Christina’s Considerations, talks about the potential risk of using the iPad in a healthcare setting:
- Balance usability, preferences, security, & budgetary concerns
- Register personal devices used in workplace by those with a legitimate business use
- Agree to report if lost or stolen
- Agree to allow remote erase
- Agree to use in accordance Policies
- Require Device Access Password
- Require that No Patient Data be Stored on the device!!
- Central reconciliation of device usage (billing, monitoring, etc.)
- Capabilities for disabling or wiping devices clean (loss or theft)
- Remotely lock devices or change passwords
- Remotely configure/deploy applications globally (rather than one device at a time)
- Flexible security configurations – settings changed on an individual basis from a central management dashboard
- Built-in encryption of all communication streams to prevent data leakage during configuration and deployment processed
- Only permit password protected thumb drives and check-out or account for all with any PHI
She goes on to give us some easy security fixes that you may consider.
1. Use the password, auto-lock, and auto-erase functions smartly.
If your iPad is stolen, this could help information from falling into the wrong hands.
2. Limit access to confidential information to that on VPN’s when in a public place or on unsecured networks, and disable the Blue Tooth function after use.
Be wary of public or open networks.
3. Permanently mark or engrave your iPad to help with identification.
Consider having your name and phone number engraved on the back of your iPad.
4. Only download apps and open files from trusted sources.
The Apple store is an obvious safe choice however if you decide to download an app from other websites just be critical of the source.
5. Consider a mobile device management (MDM) solution for security and convenience.
“Services like Apperian, AirWatch, and MobileIron can create hosted, internal app stores,” said Stopler. “This lets a company make available a curated offering specific to business needs.” And, he added, it ensures security and system integrity can’t be compromised if an iPad is lost or stolen. “With these services, the apps can be shut down remotely and the contents of the iPad (related to work) deleted.”
You can read the rest of her suggestions here on Healthcare IT News.