In an odd turn of coincidence, I have been involved in more discussions regarding mobile security this week than I have in the life of the RQS blog. I took it as a sign that I should write about it.

So what does "mobile security" entail? The most obvious security feature is the phone's lock feature. The iPhone features a 4-digit pin, whereas Android features an unlock pattern. The next tier of mobile security consists of applications that can allow the user to remotely lock, change, alarm, and wipe the device. These apps typically function for physical breaches of security, predominantly used when a phone is lost. In the world of sophisticated hacking groups, that's like building a house out of straw against the Big Bad Wolf.

The software-developing-pig-who-built-the-brick-house will focus efforts on data security, which can take several forms. The software code needs to be protected against malfunction, the stored data needs to be protected against manipulation, and data communication must also be protected. Some communication methods and protocols have been specifically designed with the intent of carrying highly sensitive information. The best example of this is NFC or Near Field Communication (sorry to disappoint any 49ers, Packers, or Giants fans out there...).

NFC is an upcoming communication protocol for smartphones. The technology, as stated in the name, is for close-range communication of information, planned to be used to be our eWallets. Google and Apple seem to be priming themselves for this technology with their Wallet and Passbook applications. As the technology will be communicating credit-card information, it must be highly-secure to avoid cyber theft. I was discussing this last night, and a software developer noted that Bluetooth was not designed with that type of security in mind.

Security goes beyond concerns about encrypting electronic health records and concerns of HIPAA violation. I recall reading an article some time ago discussing the need for a greater focus on security for all medical device developers with network-enabled software. Why? The article surmised that the threat of cyber-assassination is real and prevalent. It is because of this reality that IEC 62304:2006 has a specific requirement (5.2.2[e]) to force software developers to consider necessary security measures when developing the Software Requirements Document/Specification (SRD/SRS).

Software developers for mobile medical applications must carefully consider all physical and cyber aspects of security during development. Just as important, they must have a plan for post-market surveillance to ensure their security measures mature against the sophistication of hacking techniques.

-RTK

Image Credit: Stephen Woods on Flikr

We are passionate about your success. Tell us more about your regulatory and quality needs to learn about how we can help.

Book a Consultation

GLOBAL BOTTOM CTA INSTRUCTIONS:

To display custom copy instead of global copy in this section, please go to Show Global Content for Bottom CTA? toggle in the "Contents" tab to the left, toggle it off, save, and then REFRESH the page editor, the custom text will then show up and ready to be edited.

Turning the global content back on will be the same process, go to the toggle and toggle it back on, save and refresh!