Mobile Security vs. Mobile Convenience

It is estimated that approximately 110 million or one fourth of the US population was potentially affected by the recent Target data breach. We are still waiting to learn more about the scope of the damage done in the recent Neiman Marcus cyber attack. Starbucks has just patched a vulnerability in its iOS app that was storing user data, including usernames and passwords available in clear text.

Encryption, authentication and collaboration go a long way to preventing such breaches. Clear text has long been an open invitation for cyber-criminality. Password authentication may seem like a time-waster for some users when moving from App to App, but far better than losing your financial identity to cyber criminals – talk about inconvenient and time consuming!

Read the rest of this entry »


IMPORTANT INFORMATION REGARDING THIS BLOG

Page and pray will soon be a distant memory

Earlier this month I attended the mHealth Summit 2012 near Washington D.C. where leaders from government, the private sector, industry, academia, providers, and not-for-profit organizations from across the mobile health ecosystem came together to advance collaboration in the use of wireless technology. CellTrust was there with T-Mobile, Samsung and SOTI launching the new SmartPager™ Replacement solution and HIPAA Compliant Communication Integration Server.

Pager replacement kept coming up as a major issue facing the US healthcare community. There are over 2.5 million healthcare pagers still being used in association with over 80% of US hospitals. “Page and pray” – has become the healthcare industry mantra. Why? Because paging has never been a reliable solution, even in its heyday. There are a number of limitations beginning with the single strength signal with a limited radio distance, and no redundancy, retry, or delivery for “out of range” devices. There is also no form of confirmation or message delivery status, and pager companies do not have unique logins or audit logs. When a healthcare professional does finally receive a page they still have to contact a messaging service.

Read the rest of this entry »


IMPORTANT INFORMATION REGARDING THIS BLOG

HIPAA breaches soar as 20 million patients’ data is lost

‘The primary mission of healthcare is to save people’s lives and we secondarily ask them to protect patient data, but with limited resources, the explosion of mHealth apps rushing to the market and the tendency to BYOD (bring your own device), healthcare providers are facing significant challenges to secure their mobile patient health information just as government regulators are ramping up audit processes and cracking down on non-compliance to HIPAA/HITECH regulations.’

The US Department of Health and Human Services (HHS) Office for Civil Rights (OCR) is responsible under the Health Information Technology for Economic and Clinical Health (HITECH) act which was signed into law on February 17, 2009, to promote the adoption and meaningful use of health information technology and enforces both the privacy rule and the security rule. Subtitle D of the HITECH Act addresses the privacy and security concerns associated with the electronic transmission of health information, in part, through several provisions that strengthen the civil and criminal enforcement of the The Health Insurance Portability and Accountability Act of 1996 (HIPAA).

Read the rest of this entry »


IMPORTANT INFORMATION REGARDING THIS BLOG

Collaboration – can it help us secure the mobile ecosystem?

In my last post I shared my perspective on how governments can’t be expected to secure each of our individual mobile devices.  Instead, I suggested, they are there to encourage us to use the tools out there to do so.

FBI Director Robert Mueller shared with global security professionals at the RSA conference in San Francisco earlier this year his perspective – “We are losing data. We are losing money. We are losing ideas and we are losing innovation. And as citizens, we are increasingly vulnerable to losing our information.  Together we must find a way to stop the bleeding.“

Counterterrorism is still the agency’s top priority, but the agency has retooled to prepare for Internet-based aggressors and the FBI has set up cyber squads in each of their 56 field offices, with more than 1,000 specially trained agents, analysts, and forensic specialists dealing with anything from mortgage and healthcare fraud to child exploitation and terrorism.

Read the rest of this entry »


IMPORTANT INFORMATION REGARDING THIS BLOG

The mobile wild wild west

Just as I was heading to Barcelona for the Mobile World Congress things began to heat up on mobile security across the pond.

A phone-hacking scandal, which began back in 2005 resulting in the closing of one of Britain’s most beloved newspapers in existence for 168 years,  continued to generate steaming headlines.  A UK government enquiry, is unearthing the exploits of several private investigators who, on behalf of publications throughout the country, managed to acquire the voice and text messages of approximately 6,000 celebrities, sport stars, politicians, and victims of crime.

Read the rest of this entry »


IMPORTANT INFORMATION REGARDING THIS BLOG

Mobile Code Red is on the Horizon

One of the worst cyber attacks the world has experienced began on July 13, 2001 when the Code Red worm was released.  By July 19, 2001 it had infected 359,000 computers around the world including many government infrastructures. 2,000 new hosts were infected each minute with 43% of all infected hosts occurring in the United States.  It was a first-of-its-kind attack at that time.

My team and I were at PatchLink in the middle of this cyber storm and were fine tuning our product designed specifically to stop such attacks.  Years before I anticipated this type of security attack which was common but small in scale.  Unfortunately, we could not get the IT security media to pay any attention, or understand the magnitude of such cyber-attacks, until Code Red hit!  People thought that if they had a firewall and anti-virus they would be protected, not knowing that Code Red would bypass them both as if they didn’t even exist!

Read the rest of this entry »


IMPORTANT INFORMATION REGARDING THIS BLOG