iPad 2 - are they still considered secure?

Dashrender

OK Hive mind - I'm looking for opinions.

An iPad 2 - released in 2011, and not updated since iOS 9.3.5 in August 25, 2016.

Would you consider this a secure device today?

Dashrender

I'm primarily asking in regards to HIPAA.

Most of us will say that Windows 7 is not secure today (aka not HIPAA compliant) because MS is no longer supplying updates for it.

With that in mind - I'd say - HELL NO the iPad 2 is not secure, and if PHI is touching it at all, forget-about-it!

JaredBusch

@dashrender said in iPad 2 - are they still considered secure?:

OK Hive mind - I'm looking for opinions.

An iPad 2 - released in 2011, and not updated since iOS 9.3.5 in August 25, 2016.

Would you consider this a secure device today?

iPad 2 is no longer updatable, so no. It is not a secure device.

travisdh1

@jaredbusch said in iPad 2 - are they still considered secure?:

@dashrender said in iPad 2 - are they still considered secure?:

OK Hive mind - I'm looking for opinions.

An iPad 2 - released in 2011, and not updated since iOS 9.3.5 in August 25, 2016.

Would you consider this a secure device today?

iPad 2 is no longer updatable, so no. It is not a secure device.

This

Obsolesce

@dashrender said in iPad 2 - are they still considered secure?:

Would you consider this a secure device today?

They are pretty shiny and slippery, so I doubt they are secure enough to ensure an unbalanced table leg doesn't slip off of it.

scottalanmiller

@jaredbusch said in iPad 2 - are they still considered secure?:

@dashrender said in iPad 2 - are they still considered secure?:

OK Hive mind - I'm looking for opinions.

An iPad 2 - released in 2011, and not updated since iOS 9.3.5 in August 25, 2016.

Would you consider this a secure device today?

iPad 2 is no longer updatable, so no. It is not a secure device.

This is really all that there is to consider.

scottalanmiller

@dashrender said in iPad 2 - are they still considered secure?:

I'm primarily asking in regards to HIPAA.

More importantly than "is it secure" would be "does it meet HIPAA requirements?"

In both cases, the answer is "no". It is a HIPAA violation to use one for PHI.

Dashrender

@scottalanmiller said in iPad 2 - are they still considered secure?:

@dashrender said in iPad 2 - are they still considered secure?:

I'm primarily asking in regards to HIPAA.

More importantly than "is it secure" would be "does it meet HIPAA requirements?"

In both cases, the answer is "no". It is a HIPAA violation to use one for PHI.

Well, people are now making excuses - the data collected on them isn't PHI therefore we don't need to worry about it. /sigh.

Obsolesce

@dashrender said in iPad 2 - are they still considered secure?:

@scottalanmiller said in iPad 2 - are they still considered secure?:

@dashrender said in iPad 2 - are they still considered secure?:

I'm primarily asking in regards to HIPAA.

More importantly than "is it secure" would be "does it meet HIPAA requirements?"

In both cases, the answer is "no". It is a HIPAA violation to use one for PHI.

Well, people are now making excuses - the data collected on them isn't PHI therefore we don't need to worry about it. /sigh.

Then the negligence law takes place which is more strict than hipaa iirc @scottalanmiller

Dashrender

@obsolesce said in iPad 2 - are they still considered secure?:

@dashrender said in iPad 2 - are they still considered secure?:

@scottalanmiller said in iPad 2 - are they still considered secure?:

@dashrender said in iPad 2 - are they still considered secure?:

I'm primarily asking in regards to HIPAA.

More importantly than "is it secure" would be "does it meet HIPAA requirements?"

In both cases, the answer is "no". It is a HIPAA violation to use one for PHI.

Well, people are now making excuses - the data collected on them isn't PHI therefore we don't need to worry about it. /sigh.

Then the negligence law takes place which is more strict than hipaa iirc @scottalanmiller

sure - but I don't need to really worry about it - no PHI, so no HIPAA, and it's on the guest network.. so /meh.. no different than any tom/dick or harry bringing in an old IPAD and attaching to guest wifi.

scottalanmiller

@obsolesce said in iPad 2 - are they still considered secure?:

@dashrender said in iPad 2 - are they still considered secure?:

@scottalanmiller said in iPad 2 - are they still considered secure?:

@dashrender said in iPad 2 - are they still considered secure?:

I'm primarily asking in regards to HIPAA.

More importantly than "is it secure" would be "does it meet HIPAA requirements?"

In both cases, the answer is "no". It is a HIPAA violation to use one for PHI.

Well, people are now making excuses - the data collected on them isn't PHI therefore we don't need to worry about it. /sigh.

Then the negligence law takes place which is more strict than hipaa iirc @scottalanmiller

That's true. If people claim something isn't under HIPAA, it becomes prosecutable the traditional way which is harder to prove, but has WAY more teeth and is much more expensive in court.

scottalanmiller

@dashrender said in iPad 2 - are they still considered secure?:

@obsolesce said in iPad 2 - are they still considered secure?:

@dashrender said in iPad 2 - are they still considered secure?:

@scottalanmiller said in iPad 2 - are they still considered secure?:

@dashrender said in iPad 2 - are they still considered secure?:

I'm primarily asking in regards to HIPAA.

More importantly than "is it secure" would be "does it meet HIPAA requirements?"

In both cases, the answer is "no". It is a HIPAA violation to use one for PHI.

Well, people are now making excuses - the data collected on them isn't PHI therefore we don't need to worry about it. /sigh.

Then the negligence law takes place which is more strict than hipaa iirc @scottalanmiller

sure - but I don't need to really worry about it - no PHI, so no HIPAA, and it's on the guest network.. so /meh.. no different than any tom/dick or harry bringing in an old IPAD and attaching to guest wifi.

That's exactly the opposite. If it is no PHI, then no HIPAA to limit your exposure. Your risks are not limited only by the court's perceived level of damage. There's no federal "protect the doctor's law" to cover you if the doctors manage to convince someone that it's not PHI. Then it's just customer data, and that's when things get really hairy.

That's our whole point.... doctors want HIPAA because that is their insurance against real lawsuits.

scottalanmiller

@dashrender said in iPad 2 - are they still considered secure?:

@scottalanmiller said in iPad 2 - are they still considered secure?:

@dashrender said in iPad 2 - are they still considered secure?:

I'm primarily asking in regards to HIPAA.

More importantly than "is it secure" would be "does it meet HIPAA requirements?"

In both cases, the answer is "no". It is a HIPAA violation to use one for PHI.

Well, people are now making excuses - the data collected on them isn't PHI therefore we don't need to worry about it. /sigh.

Then the answer is simple... in no way, in no universe, does using an iPad 2 constitute defensible due diligence. No semi-reasonable court would look on that as anything but an intentional lack of effort at the cost of customer data being put at risk.