New study by company flogging security software finds security flaws...
Nothing to see here folks, move along please.
One in five doctors’ mobile devices might be at risk of leaking sensitive data due to either malware or poor password security practices, according to a new study. Mobile threat device firm Skycure reports that 14 per cent of smartmobes and tablets containing patient data likely have no passcode to protect them. And 11 per …
"Android upgrade adoption is complicated by carrier and device manufacturer release times, so users in healthcare and elsewhere can't wholly be blamed for this"
Most android users cannot be blamed at all, never mind wholly as they suffer from carrier / handset makers "meh" attitude to upgrades.
Yes, I know there is rooting, using cyanogen etc but root gives a whole host of other issues (even though a rooted phone potentially safer as can run a patched OS, lots of apps will not run on phone if rooting detected, including some medical apps), plus rooting can potentially violate warranties etc depending on what contracts people have,
A real shame there is no legal pressure on the carrier / handset cartels to be forced to provide timely upgrades / patches.
Are we supposed to assume that the risk factor for doctors is different to any other demographic?
Not doctors. The work phones of doctors.
I (used to) carry 2 phones: work and mine. My work phone did all the work-y things. Work calender. Work emails. Work texts. Work phone calls. You get the idea. The phone was given to the next person to do that particular job when I moved on. And the next, probably until it stops working.
My phone covered my personal stuff - texting friends etc even if they were also doctors.
So there was what might be termed a lot of patient data on the work phone, and I had no interest in upgrading/maintaining it. I wanted it to keep working, manage to do the basics (calender/emails etc) and be handed onto the next doctor in a fit state (no selfies; plenty of patient info).
This is a situation where the risk factors are quite different to my personal phone, and by extension those of the general public.
Don't they have security requirements for devices containing medical data, similar to the requirements for PCI compliance? Though I guess you can say you're "fully patched" if you have the latest OS available for your device, nevermind that it is two years out of date with dozens upon dozens of critical exploits left unfixed.
Given all the ridiculous markups in the health care field, surely there's enough money sloshing around for them to create a custom version of Android that takes away the ability to root it, takes away the ability to install any apps except those installed by the reseller, etc. If people are using bog standard Samsung slabs and able to download and run whatever they want from Google Play, I sure wouldn't want my medical records to ever touch such a device!!
If nothing else, using standard Android would no doubt insure my medical data found its way to Google, who I'm sure would be happy to add it to their database that keep on me. If I visited the doctor for high blood pressure, next time I was surfing the web I'd start seeing a lot of ads for Lipitor...
In the past few years it has become abundantly clear that neither iOS nor Android is anywhere near secure enough for any serious work. They're toys. I don't use them in my work, and neither should doctors and nurses.
P.S. - The FBI's difficulty in cracking a dead dude's locked iPhone 5c, and better encryption in new models, does not imply that iOS is secure in everyday use with the encryption key unlocked and apps running. Safe assumption: it isn't.
"Mobile threat device firm Skycure"... uhuh.
An exception to the slowness of updating Android is the Nexus range of kit. Which I use, as it happens.
And as for Apple slabs and phones being likely to be up to date...
I'm not convinced. They tend to have updates waiting when I get to look at them.
Biting the hand that feeds IT © 1998–2019