Dr. John Halamka recently posted a very useful guide advising medical professionals on how to secure their iOS devices on his widely read blog “Life as Health Care CIO“.

The important points were:

1. Make sure you’re running the latest iOS version
2. Use the “Find My iPhone” service, in case the device is lost. This will require downloading the free app from the Apple App Store and setting up a new Mobile Me account
3. Use the iPad autolocks

He also provided specifics on the passcode feature, such using a long passcode and choosing “erase data” if there are numerous unsuccessful attempts to unlock the device.

Not surprisingly, he recommended that if an iPad (or iPhone) were stolen, you should immediately “remote wipe” the device using the Find my Iphone app on another iOS device or from me.com.

With these settings, he suggested:

if the iPad is stolen, was locked at the time, and the thief does not have unencrypted access to any other device that had previously synced with the iPad (a Mac/PC), the data can be considered “safe”.

There were also a few interesting other tidbits of security information. For example,

  • certificates to bypass passcode screen are saved on computer when iPad is sync’ed
  • the hardware encryption used to protect the filesystem are based on an encryption key known to Apple who routinely unlock devices for law enforcement with a court order
  • expect knowledgeable attackers to remove the SIM card immediately to prevent remote wiping

[source: John Halamka, Life as Health Care CIO, Feb 16, 11]