iOS 8 Reduces HIPAA Risks but Changes Authentication Process
What if everyone that walked into your medical facility were potentially broadcasting unencrypted information to anyone interested that could pose a HIPAA risk for your facility? This is currently a reality, through the mobile MAC (media access control) address signal that every smartphone, tablet, and wearable device provides.
Apple’s iOS 8 changes, which are almost certain to be copied by Google’s Android, will solve this problem, reducing dangerous information breaches for your facility, but creating other headaches. Your healthcare IT’s job is about to get harder.
UPS Healthcare wants you to know what to expect and would be happy to marry their responsiveness and ease of use with your upcoming headache to provide you a solution before the problem arises.
Thieves, Stalkers, and Hackers, Oh My!
The risk of our current system is that your medical staff, your patients, and your medical facility’s visitors can all be tracked. This poses a significant security privacy risk. MAC addresses can be used in conjunction with many other database interactions, such as security cameras, to associate it with:
- Faces
- Clothing
- License plates
Rogue employees and cyber thieves could use this information in a very intrusive manner and put everyone within your hospital, facility, or clinic at a significant risk.
The Safeguard Solution
Apple’s iOS 8 change will transform the way MAC addressing interacts with Wi-Fi scans. They will now be using “randomly, locally administered” MAC addresses. According to Apple, this means “The MAC address used for Wi-Fi scans may not always be the device’s real- universal- address.” (Apple PDF, page 18)
According to Healthcare IT New’s article iOS changes will address HIPAA risk, “As a practical matter, using this kind of a randomized bogus address approach will make tracking people via mobile devices impossible or, at best, impractical, depending on the level of randomization used and how often – if ever – the true MAC address is broadcast.”
Making your Job More Difficult
Hospital staff often rely on MAC addresses for authentication. Currently, MAC addresses allow staff to connect to healthcare networks before requiring a password or PIN authentication. In short, this means that with Apple’s iOS 8 changes, doctors and other staff who are already pressed for seconds in their day will have to sign themselves in each time.
Yes, this will increase medical professionals’ complaints and magnify your IT staff’s headache- but only for a short time. Your facility can simply reconfigure your firewalls and switch to a different authentication system for your staff, such as using tokens or cookies.
Prepare for a Seamless Transition
Let UPS Healthcare work with your medical organization to pre-empt the gripes and headache by creating your transition plan today. We can work with you to select the best way to authenticate staff that will not be affected by the upcoming iOS 8 change in the months ahead. This will allow you to revel in the security benefits of this change and rest in the solace of knowing HIPAA risks have been minimized.