Apple Security Issues Linger, Raising iPad, iPhone Concerns For Hospitals

To date, few hospital IT administrators have made a big investment in supporting Apple devices, though many facilities are testing them out. Most testers have found that neither the smartphone nor the tablet work well as clinical data entry devices, and some have actually ended i-whatever pilots when doctors refused to use them.

But it seems that this is far from the worst problem iPads and iPhones pose for your hospital. In fact, in a recent case, one application downloadable directly from the company’s App Store was compromised to such an extent that it completely exposed the device to attackers.  According to a recent story in Forbes magazine, former NSA analyst and high-profile Apple hacker Charlie Miller sneaked an app onto the Store which, among other things, allowed Miller to execute commands on an iPhone. The program, Instastock, appears only to list stock tickers. (It’s not hard to imagine an app like this popping up on physicians’ iPhones/iPads, is it?)

While this might be old news to some of you, I was surprised to learn that the mobile Safari browser used on iOS devices seems to have some serious security flaws, too.  In fact, Safari doesn’t seem that sound overall. A report published six months ago concluded that while Explorer 9 blocked 100 percent of malicious URLs (with Application-based filtering enabled), Safari 5 blocked just 13 percent.

I am a huge fan of Apple devices, mind you. I think that EMRs would be in place in every hospital in the U.S., more or less, if vendors produced an interface one-tenth as elegant and streamlined as that of Apple products.  And it’s easy to understand why hospital IT leaders might want to go with the times and support the devices physicians already use.

But given the extent of these vulnerabilities, and the fact that Apple seems surprisingly slow to patch them, I’m actually surprised that so many hospital IT departments are continuing to  consider (or even offer) EMR access via iOS devices.  Maybe they’re not being irresponsible — after all, any OS can be hacked in time — but they seem to have one heck of a security challenge on their hands. It would definitely make me nervous.