iOS 8 Will Alleviate HIPAA Security Risk

hipaa security mobile phonesiOS 8 uses randomized MAC address broadcasts securing the user’s privacy. But before iOS 8 is out, MAC address broadcasts are still a threat to privacy security. 

Mobile MAC (Media Access Control) address signal gives us updated, unencrypted, presence and location from our mobile phones and gadgets. Today, it is possible to keep track of anyone connected to your smartphone or tablet using address signals to exactly pinpoint their location. However, given Apple’s coming changes on how they handle MAC address broadcasts, this won’t be the case for long. And when Apple does it, you can be sure that Google’s Android will do the same.

The way Wi-Fi scans interact with MAC addressing will be changed dramatically in Apple’s iOS 8. The shift to “randomly, locally administered” MAC addresses will result, to MAC addresses used for Wi-Fi scans being not always the exact location of the device. Practicality in question, there is a lost point in using random addresses to track people via their devices. Depending on the level of randomness used, MAC address broadcast will, at best, be impractical.

But before Apple releases the new software, there are still weeks and months for security privacy to stir up a real threat. An additional month before most users upgrade, maybe two for the others, and another month or two for Google’s Android to adapt the idea.

There is enough leeway for privacy security breaches to occur even before iOS 8 makes it to the market. For instance, there is the potential for a turncoat member of the hospital staff to track people via their records. We’re not talking about tracking doctors and hospital staff in the hospital, as that can be easily done once they log into the system. It’s more a matter of cyber thieves or hackers who could easily victimize anyone with a mobile device.

A specific MAC address would be tracked over time, this, eventually, causing a great deal of hassle. For example, in retail, retailers work with vendors who have a network of other retailers. This allows those companies to create detailed reports of every location visited by a MAC address. By overlaying it with purchase records, that address can be related with specific purchases, that then can be traced to specific persons if paid using payment or loyalty cards. Not only that, there are other database communications, such as security cameras in the mall, hospital and parking lots. Even face and clothing can be associated with that MAC address.

Facial recognition softwares started to be used by most vendors initially to identify shoplifters. Eventually, the need evolved to attaching names and purchase records to shoppers who pay with cash. Hospitals may not have the same business incentives for such identification program, but an employee with malicious intent could use the MAC address in an equally intrusive manner.

Daniel Wood, a security penetration tester who specializes on Apple devices says, “This is one of the better things Apple is doing with the upcoming version iOS 8.” With the new MAC address randomization that Apple is launching, privacy risks are mitigated.

“When you have Wi-Fi turned on with your iPhone/iPad, it is constantly polling the network airwaves for access and broadcasting the device identifier. It [iOS 8] will prevent, to an extent, the tracking of users when they are walking in range of wireless access points,” Wood added.

Another security penetration tester, Godfrey Nolan, said this move will highly affect vendors trying to track consumers. “Moving MAC addresses would stop the marketing people tracking you like they do on the web,” said Nolan.

Initially, this randomization will make IT jobs in healthcare more tedious. Healthcare networks that use MAC addresses for authentication before asking for password or PIN will find the change majorly problematic. A medical security systems provider, Acentec, explains that employees won’t automatically connect if the MAC address is randomized, they will have to sign themselves in.

Acentec’s CEO, Jeff Mongelli further explains, “Those networks that are relying on MAC will be forced to rely on something else, like an encrypted key, which will be a little more difficult to pick off,” he said. “That would be a good thing, from an improving security perspective. From an IT guy’s perspective, that’s a lot of work. They’ll have to reconfigure their firewalls. I think you could make the argument that this will add security, making mobile devices more secure. It will make trying to track people that much more difficult.”

Looking for great healthcare IT services in Florida?  Our healthcare IT security experts are here to ensure your patient records are 100% secure and your practice is compliant with all the HIPAA requirements.  Call (954) 717-1990 or email us immediately at sales@laninfotech.com.

Fort Lauderdale Computer Networks
Network Services in Fort Lauderdale
Network Consulting in Fort Lauderdale
Fort Lauderdale Data Backup
Data Security Fort Lauderdale
 
Client Feedback

“LAN Infotech has been an exceptional resource for our organization. They provide consistent knowledgeable network engineers, round the clock monitoring and are invaluable in our IT infrastructure decision-making process. Their level of customer service has been top-notch and exceeds our expectations – we look forward to a continued partnership with LAN Infotech.”

—Janice M. Pennington
Vice-President of Finance & Administration
National Multiple Sclerosis
Society South Florida Chapter
read more»

Featured IT Services Fort Lauderdale Articles

LAN Infotech Recognized as Leading Microsoft Marketing Partner Worldwide

The team of IT specialists from LAN Infotech are thrilled to announce that they have been recognized on Fifty-Five and Five’s Inbound Marketing Excellence Report as one of the top 250 Microsoft mark

Read more

Featured IT Services

IT Consulting Advice for Fort Lauderdale: Taking Care of Your Employees Is Taking Care of Your Business!

Quid Pro Quo An IT consulting firm in Fort Lauderdale will usually advise that you get what you give. This is the core principle which defines most working relationships. The employer gives the em

Read more

Featured IT Services

IT Services Business Advice: Do You Really Need a Management Consultant in Fort Lauderdale?

Eliminate the Middleman IT services in Fort Lauderdale need not cost an arm and a leg to provide services your own organization could source internally. You want a consultation agency willing to he

Read more

Featured IT Services