How Apple and Opera Mini just exposed your Medical Records to the world

Jared Houck dropped me a note to point me to this article he wrote pointing out a potential security risk when using Apple and Opera Mini:

…. We’re quite sure that the iPhone and iPad see some use in the health care trenches. So, we’re gonna go out on a limb here to suggest that many of those same medical professionals have downloaded the Opera Mini app and used it to check out your medical record. So…what’s the problem here?

The Opera Mini Browser displays web pages quickly by using data compression on Opera’s servers in Norway. Each web page you visit (yes, even those with encryption) is decrypted, compressed, and recompiled into Opera’s proprietary markup language. The information is then re-encrypted and forwarded back to you. While the to-and-fro connection to Opera’s servers is encrypted, the technical mumbo jumbo in the middle is not. Essentially, Opera can see/cache/log everything you do while using the Opera Mini Browser app – including every single medical record viewed through the Opera Mini app on an iPhone or iPad since Tuesday. And to the best of my abilities to understand the data encryption requirements from the Health Insurance Portability and Accountability Act (HIPAA), this is tiptoeing into some pretty dangerous waters.

Read more on Healthcare IT Squad.

About the author: Dissent