Sunday, February 21, 2010

Healthcare use of iPhone presents hidden risks

It should not be any surprise that any platform that is used to deliver sensitive information, such as healthcare information, must be holistically considered within a Risk Assessment framework. There are two REALLY good blog articles on some not-so-obvious risks that occure when the iPhone platform is choosen. The original blog post by MedPage Today blog  is “iPhone Security Risks and How to Protect Your Data — A Must-Read for Medical Professionals.”   This was further elaborated on by IdentityBlogger in the post SpyPhone for iPhone. 

The basic message is that one can't simply worry about their own application, they must look at how the device might be used by the end-user. In the case of the iPhone it is simply too enticing to pull apps down from the AppStore. Apple does a good job of reviewing these applications, sometimes too good, but all it takes is for one malicious application or poorly-written application to get through to cause data leakage.

For any mitigation of this risk, new risks or costs must be considered. If one tries to lockdown the medical iPhone so that it can't use the AppStore would very much inconvenience the user. Try to isolate the application, and the user might not be able to use legitimate cross-over applications.