back to article Call the doctor... no, call security. Docs' mobiles are hopelessly insecure – study

One in five doctors’ mobile devices might be at risk of leaking sensitive data due to either malware or poor password security practices, according to a new study. Mobile threat device firm Skycure reports that 14 per cent of smartmobes and tablets containing patient data likely have no passcode to protect them. And 11 per …

  1. This post has been deleted by its author

  2. StaudN

    Surprise Surprise

    New study by company flogging security software finds security flaws...

    Nothing to see here folks, move along please.

  3. tiggity Silver badge

    Android upgrades

    "Android upgrade adoption is complicated by carrier and device manufacturer release times, so users in healthcare and elsewhere can't wholly be blamed for this"

    Most android users cannot be blamed at all, never mind wholly as they suffer from carrier / handset makers "meh" attitude to upgrades.

    Yes, I know there is rooting, using cyanogen etc but root gives a whole host of other issues (even though a rooted phone potentially safer as can run a patched OS, lots of apps will not run on phone if rooting detected, including some medical apps), plus rooting can potentially violate warranties etc depending on what contracts people have,

    A real shame there is no legal pressure on the carrier / handset cartels to be forced to provide timely upgrades / patches.

  4. This post has been deleted by its author

    1. Adam 52 Silver badge

      The risk factor for doctors is different. That's why their insurance premiums are bigger than other demographic groups.

      Likelihood is higher because the are a valuable target and have access to drugs, and liability is higher because they have access to patient confidential data and drugs.

      1. This post has been deleted by its author

    2. Darryl

      Re: Or is this another attempt at shock headline journalism?

      No, it's an attempt to sell mobile device security using shock headline press releases

    3. DocJames

      Are we supposed to assume that the risk factor for doctors is different to any other demographic?

      Not doctors. The work phones of doctors.

      I (used to) carry 2 phones: work and mine. My work phone did all the work-y things. Work calender. Work emails. Work texts. Work phone calls. You get the idea. The phone was given to the next person to do that particular job when I moved on. And the next, probably until it stops working.

      My phone covered my personal stuff - texting friends etc even if they were also doctors.

      So there was what might be termed a lot of patient data on the work phone, and I had no interest in upgrading/maintaining it. I wanted it to keep working, manage to do the basics (calender/emails etc) and be handed onto the next doctor in a fit state (no selfies; plenty of patient info).

      This is a situation where the risk factors are quite different to my personal phone, and by extension those of the general public.

  5. Anonymous Coward
    Anonymous Coward

    I'm surprised HIPAA would even allow use of Android devices

    Don't they have security requirements for devices containing medical data, similar to the requirements for PCI compliance? Though I guess you can say you're "fully patched" if you have the latest OS available for your device, nevermind that it is two years out of date with dozens upon dozens of critical exploits left unfixed.

    Given all the ridiculous markups in the health care field, surely there's enough money sloshing around for them to create a custom version of Android that takes away the ability to root it, takes away the ability to install any apps except those installed by the reseller, etc. If people are using bog standard Samsung slabs and able to download and run whatever they want from Google Play, I sure wouldn't want my medical records to ever touch such a device!!

    If nothing else, using standard Android would no doubt insure my medical data found its way to Google, who I'm sure would be happy to add it to their database that keep on me. If I visited the doctor for high blood pressure, next time I was surfing the web I'd start seeing a lot of ads for Lipitor...

  6. Anonymous Coward
    Anonymous Coward

    Put down the iTHingy and do your job

    In the past few years it has become abundantly clear that neither iOS nor Android is anywhere near secure enough for any serious work. They're toys. I don't use them in my work, and neither should doctors and nurses.

    P.S. - The FBI's difficulty in cracking a dead dude's locked iPhone 5c, and better encryption in new models, does not imply that iOS is secure in everyday use with the encryption key unlocked and apps running. Safe assumption: it isn't.

  7. joed

    not just phones

    that doc (?) also needs a surgical mask basic safety guidelines/reminder

    1. DocJames

      Re: not just phones

      and a hair tie.

      (I think it isn't actually a doctor pic, it's a generic "woman doing science" pic)

  8. Adrian Midgley 1

    "Mobile threat device firm Skycure"... uhuh.

    An exception to the slowness of updating Android is the Nexus range of kit. Which I use, as it happens.

    And as for Apple slabs and phones being likely to be up to date...

    I'm not convinced. They tend to have updates waiting when I get to look at them.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2022