Are Mobile Browsers Secure? Think About This…

Posted: September 11, 2010 in Diversinet Related Posts, mHealth Industry Posts
Tags: , ,

With smart phones exploding and data usage growing exponentially, there is an assumption in the marketplace that a mobile browser https (SSL on the mobile) session and the user’s name and password will be good enough to protect a patient’s identity and their access to their personal healthcare information.  Here are a few things to think about…

1. Let’s look at the mobile. This little guy is 15 x times more likely to be lost than a laptop.
2.  A very small percentage of people actually lock their phones.  The mobile browser / History and phone application icons are all open for inspection. All your bookmarks are available to review which gives unwanted eyes additional personal information.  All your downloaded documents, like copies of claims or lab tests are in the open. In many cases, all recent browser activity including your user name and all your personal health records and transactions are open for every one to see as these items have been cached. In addition, most bookmarks remember your user name/password and auto-sign you (or the intruder) in directly, to your personal health information.
3. From a communications security standpoint, the standard mobile SSL connection sets up a tunnel between the mobile and the web server. It does not authenticate you or your personal mobile device, it does not make sure you at the right intended site, nor does it provide end-to-end security to the application level.

Considering it takes an average of 130 hours to fix a financial identity when a person is a victim of identity theft imagine what it will take to restore health identity when your identity is compromised using the mobile internet.

There is a better way, the MobiSecure® Health solution downloads personal security credentials and an app to your mobile device that is locked to your specific healthcare organization. It demands a PIN to open the service, executes bi-lateral authentication between the server and the phone, and then performs dual encryption on all information and messages exchanged. No user names, bookmarks, downloads, cached screens, personal information or URL’s are available to prying eyes.

How do you want to access, store and interact with your personal health information?

Advertisements
Comments
  1. Analyst says:

    I know who likes mobile browsers. Fraudsters.

    Health care: A ‘goldmine’ for fraudsters

    NEW YORK (CNNMoney.com) — There’s a group of people who really love the U.S. health care system — the fraudsters, scammers and organized criminal gangs who are bilking the system of as much as $100 billion a year.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s