Mobile Device Security is becoming more and more a necessity, as malware for Androids, iPads and iPhones become more prevalent.
Mobile devices are popular in the dental industry. Not only are personal cell-phones being configured to check the office’s email while off-site, many practices are using iPads or Android tablets for patient check-in, or as a visual aid for patient education. With the increased productivity, however, comes an avenue for data breach that needs to be addressed when using these devices. Unfortunately, there are newly identified security vulnerabilities in both iPhones and Androids which need to be addressed as part of your mobile device security policy in order to safely use these operating systems in your dental practice.
Recent iPhone Hack
More then 200,000 iPhones have been recently compromised by a security hack, which targeted phones whose default security measures had been deactivated by the user. A piece of Malware called KeyRaider would seek out and give the credentials for the iPhone’s App Store user data. Additionally, once this data is stolen, the malware locks the phone and disallows recovery. Most importantly, the data gathered by this virus became readily available on the open market, and roughly 20,000 people downloaded the software that lets them steal from the afflicted iPhones.
Most iPhones are not at risk, as “jail-breaking” (bypassing Apple’s security measures) is not a commonly performed task, especially when a mobile device security plan is in place. However, the fact that malware is being developed and that so many users were affected means it’s time to start taking iPhone security seriously, and implementing proper protections when the phone is used to gather or lookup patient data.
Android: Stage Fright
With Android devices, text-message spam can lead to a link that allows hackers complete control over your android device. Stage Fright can reap havoc by allowing an unknown entity to read email, recover data from apps (such as Dropbox), access photos, and turn on your Microphone, GPS, and Camera,all without the user’s knowledge.
Google has put out a patch for Stage Fright, but any patch put out by Google has to be approved, tested, and distributed by the cell-phone provider such as Verizon, AT&T, etc. This means that security patches for Android do not happen on zero-day viruses. If a vulnerability is found, it will take extra time for the patch to go through this secondary step before reaching the device.
Implementing Mobile Device Security
As with any piece of technology, there are vulnerabilities as well as security measures that you can take. If you don’t already have a mobile device security policy in place, it’s time to create one. Make sure you know exactly how each device is configured to access data on your network, and limit the ability to gather emails and other pertinent data from off-site. And of course, for HIPAA compliance, you’ll want your policy documented, signed-off on, and followed to the letter.
All it takes is one employee clicking a bad link to compromise your entire dataset. Here are some rules of thumb to keep your devices secure:
- Use a passcode and implement onboard encryption.
- Consider obtaining a mobile-specific antivirus for your device.
- Instead of configuring your email client on your phone itself, use remote access or webmail to access the email from outside of your phone’s apps.
- Do not store any passwords for auto-logins on your mobile devices.
- Do not modify the default security settings on your device, even if it increases the speed of the device.
- Keep your device updated by manually checking for updates once a month.
- Manage your Mobile Devices through a central dashboard. There is software that allows you to locate, freeze, and destroy any of your managed cellphones from a central console in case the device does get stolen.
The pro’s outweigh the con’s when using mobile devices in your dental practice, but implementing a security policy for those devices is as necessary as implementing security on other PC on your network.