According to Mac McMillan, CEO of CynergisTek, Inc. (a healthcare information security services and consultant company) there are four core components to his clients’ mobile device security strategies. Patrick Ouellette with HealthITSecurity reported the following:
1) Mobile Device Management (MDM) – One aspect of customer strategy is to have better oversight of employee devices themselves, so they’re looking at mobile device management (MDM) technologies. Considerations include ensuring the right controls (such as pass codes) are on the device and putting the correct policies and procedures in place.
2) Network access control – This level of control includes deploying technology on the network that allows you to interrogate devices that are attempting to connect and identify them as friend or foe. You can disallow devices trying to connect that you don’t know and allow the ones you do know.
3) Changing perception of the perimeter – There is no longer the “four walls of the castle” with the network blocking access, as we now have a very porous perimeter with many ways of coming in and that perimeter is being extended to many different mobile devices. With that realization, we need to think where we want patient data to live and how much data we want on these mobile devices.
4) Mobile applications – How do we access applications and data on the back end? Do we have a direct connection from that mobile device to an app? Or do we go to some Web front end that enables us to (1) protect the data transmission between those two devices and (2) create a gateway to view and use information without retaining it? Many healthcare organizations’ mobile “app store” apps are coming out with containers and access to network.
In other news, a new font installing app could spell trouble, reported The Next Web’s Emil Protalinski. The malicious apps found on Google Play called Android.TechnoReaper were disguised as font installing apps, which appear to offer that functionality once installed on a user’s phone, but also download a file called ikno.apk spyware that monitors SMS, call logs, and location. Jeff Goldman at eSecurityPlanet also wrote an article about the Android malware reporting that both apps have been removed from Google Play. The good news is that the two apps which carry this malware aren’t that popular. One app only had 500 downloads while the second one had 10,000 to 50,000 downloads, which is still pretty low in Android standards.