Damaged/Lost Iphone in default setup - HIPAA secure?
-
The default configuration of Iphones for a while now is all data is encrypted at rest as long as a passcode is in use on the device (PIN).
Let's assume the "reset iphone after 10 bad attempts" is not enabled (which is default), would you consider the data secure in the following situations?
Lost?
Damanged/unable to be wiped - sent to manufacturer/warranty vendor?
-
@Dashrender If the question is "is it secure by HIPAA standards" then yes. I know of no HIPAA requirement to go beyond encryption.
-
If the question is "Can Israeli quasi-government hacking agencies get your data if necessary", then no. But it was never secure at all.
-
@scottalanmiller said in Damaged/Lost Iphone in default setup - HIPAA secure?:
If the question is "Can Israeli quasi-government hacking agencies get your data if necessary", then no. But it was never secure at all.
LOL - Not sure where the Israeli quasi thing came from - but thanks for the laugh.
-
@scottalanmiller said in Damaged/Lost Iphone in default setup - HIPAA secure?:
@Dashrender If the question is "is it secure by HIPAA standards" then yes. I know of no HIPAA requirement to go beyond encryption.
I agree on the letter of the law.
what about the password protecting said encryption? I don't recall anything stated in the law regarding that - so if your pin is say 1111, aka super easy to guess - would you still consider yourself protected under the requirements?
-
@Dashrender said in Damaged/Lost Iphone in default setup - HIPAA secure?:
so if your pin is say 1111, aka super easy to guess - would you still consider yourself protected under the requirements?
Yes, because the requirement is encryption. It is encrypted.
-
@Dashrender said in Damaged/Lost Iphone in default setup - HIPAA secure?:
@scottalanmiller said in Damaged/Lost Iphone in default setup - HIPAA secure?:
@Dashrender If the question is "is it secure by HIPAA standards" then yes. I know of no HIPAA requirement to go beyond encryption.
I agree on the letter of the law.
what about the password protecting said encryption? I don't recall anything stated in the law regarding that - so if your pin is say 1111, aka super easy to guess - would you still consider yourself protected under the requirements?
Yes, it's a black and white law. Unless the law states the complexity necessary of the pin, then there is no reason to look at the pin. HIPAA is a set of requirements, none of which are "secure".
-
@Dashrender said in Damaged/Lost Iphone in default setup - HIPAA secure?:
@scottalanmiller said in Damaged/Lost Iphone in default setup - HIPAA secure?:
If the question is "Can Israeli quasi-government hacking agencies get your data if necessary", then no. But it was never secure at all.
LOL - Not sure where the Israeli quasi thing came from - but thanks for the laugh.
The world's most advanced hacking toolsets are made by arm's length government contractors in Israel. That's where that tech is currently made pretty much regardless of which governments are using it.
