7

Many physicians, nurses, and technical staff like to carry PDAs to be kept abreast of patient conditions. Various companies want caretakers to view ECGs on their iPads.

Due to the incredibly private nature of medical records and data, if such a device were part of your network, are there any measures on software to actively erase the data in the event of a lost or stolen tablet or PDA? Is this feasible to implement as an add-on if that is not the case?

Gilles 'SO- stop being evil'
  • 50,912
  • 13
  • 120
  • 179
jonsca
  • 343
  • 1
  • 6
  • 21
  • I will point out the obvious solution. Keep these sort of devices within the office, lock them up when not in use, there is no reason you need your office PDA when you are not in the office. – Ramhound May 02 '12 at 17:33
  • @Ramhound These physicians and nurses *do* need their PDAs everywhere when walking around in the hospital, that's really the issue. – jonsca May 02 '12 at 22:06

3 Answers3

8

This is the same problem that banks have. Most major banks have some app you can install on your iphone/ipad/android device that lets you see your balance and perform simple functions. If you have this set up on your phone, and you lose it, whoever finds it may be capable of transferring money out of your account.

Because this is a problem, apple has a feature as part of their mobileme suite that lets you remotely lock and wipe an iphone (and I believe iPad) that has been lost. Random website describing how to do it

At the very least, I'd put a pass code on it so someone has to log in. That won't stop someone from ripping it apart and hooking up the SSD directly, but it doesn't hurt anything.

Tremmors
  • 196
  • 2
  • 1
    +1 Looks like we were writing the same idea at the same time. lol –  Dec 20 '11 at 15:15
8

In addition to encryption as John points out. I would also require remote wipe:

A couple items to look at for encryption:

Chris K
  • 446
  • 2
  • 6
  • 1
    [WhisperSystems is working on a full device encryption and improved pin pad setup for Android devices](http://www.whispersys.com/whispercore.html). Not quite ready for the mainstream right now, but this is the sort of solution that should be considered along with any other hardening setup. –  Dec 20 '11 at 15:14
  • 1
    Is there really a distinction between iPad and iPhone? I.e. Both approaches ought to work on both? – geoffc Dec 20 '11 at 15:19
  • 1
    Just confirmed iPad works with iCloud as well, so I modified the answer. Thanks! –  Dec 20 '11 at 15:20
  • 1
    I'll have to grab WhisperSystems and try it when it's ready for prime time. Thanks! –  Dec 20 '11 at 15:23
4

Your best bet would be to apply encryption to the data and add security measures on the device. There is no ability to make "this device will self destruct in 5 seconds"