I wrote about “pod slurping” a few weeks ago but cNet News.com did a better job.
CIOs of hospitals and healthcare IT managers need to pay attention to what they said:
A U.S. security expert who devised an application that can fill an iPod with business-critical data in a matter of minutes is urging companies to address the very real threat of data theft.
Abe Usher, a 10-year veteran of the security industry, created an application that runs on an iPod and can search corporate networks for files likely to contain business-critical data. At a rate of about 100MB every couple minutes, it can scan and download the files onto the portable storage units in a process dubbed “pod slurping.”
To the naked eye, somebody doing this would look like any other employee listening to their iPod at their desk. Alternatively, the person stealing data need not even have access to a keyboard but can simply plug into a USB port on any active machine.
There are no reports yet of pod slurping harming healthcare data yet but with the growing number of interns, nurses, patients, and doctors with iPods it’s only a matter of time.
When I worked for the Red Cross a couple of years ago we did a study of how donors could get data out of networked Red Cross blood collection computers and we concluded it would have been easy with wireless connections or wired connections with USB thumb drives.
iPods will make it even easier because they are full computing devices held invisbly in pockets.
Do yourself a favor and make sure you set appropriate policy about the use and connectivity of iPods in your health IT environments.