Security for Home Care: protecting clinical data where the perimeter does not exist
Home-based care collects medical records, geolocation and vital signs on tablets and phones inside the patient's home. When one of these devices goes missing, the leak has already left your control. See how Decripte assesses the exposure, deploys device management and shields the home collection app.
Direct answer
To protect a home care operation, start by treating every field tablet, phone and notebook as an untrusted endpoint that carries clinical data outside your perimeter: apply MDM/EMM with mandatory disk encryption, a strong PIN and remote wipe; enforce multi-factor authentication in the home collection app and in the operations center; segregate the medical record in an encrypted backend instead of storing it locally on the device; minimize geolocation collection to what is strictly necessary under the LGPD (health data is sensitive data, art. 11); train the distributed team against phishing; and maintain a SOC 24x7 with an incident response plan to contain ransomware in the center and equipment losses in the field. Decripte performs exactly this exposure assessment, deploys the controls and monitors. Start with the free Threat Management assessment at decripte.com.br/intelligence-center.
24/7
SOC monitoring field endpoints and the center
<=1h
Incident containment SLA
Art. 11
Health data is sensitive under the LGPD
LGPD
Compliance required in home-based care
In summary
- ›The risk in home care is not in the data center: it is in the tablet left in the nurse's car, in the phone without a PIN and in the collection app that keeps medical records in local cache.
- ›Health data is sensitive personal data (LGPD art. 11) and a patient's geolocation reveals routine and address — leaking them causes material and moral harm, an ANPD sanction and the loss of contracts with health operators.
- ›The central defense is device management (MDM/EMM) with encryption, remote wipe and a credential vault, added to a collection app that minimizes local storage and requires MFA.
- ›Ransomware in the operations center paralyzes the visit schedule and access to medical records: a tested immutable backup and segmentation are as critical as the antivirus.
- ›Decripte handles the problem end to end: free exposure assessment, hardening of endpoints and the app, SOC 24x7 and incident response with a containment SLA of one hour or less.
Cibersegurança para Home Care and Home-Based Care
Home-based care collects medical records, geolocation and vital signs on tablets and phones inside the patient's home. When one of these devices goes missing, the leak has already left your control. See how Decripte assesses the exposure, deploys device management and shields the home collection app.
Why home care is a target unlike any other healthcare sector
A hospital has walls. It has a network perimeter, a locked data center, a team concentrated in the same building and an IT team that sees every connected machine. Home-based care is the opposite of that. Clinical data is born in the living room of an elderly patient's home, is typed on a tablet resting on an improvised hospital bed, travels in a car through city traffic and only then reaches the center. The perimeter, in home care, simply does not exist — it has dissolved into dozens or hundreds of devices scattered across the city, each one carrying a piece of the medical record of the most vulnerable patients there are.
This characteristic completely changes the risk calculation. In the traditional model, you protect the center and trust that the data stays there. In home care, the data is permanently at the edge, in motion, in the hands of nursing professionals and caregivers whose priority — rightly so — is the patient, not the cyber hygiene of the device. The tablet that records the evolution of a wound or the administration of a controlled medication is the same one that can be stolen in a car break-in, forgotten at a diner or lent to the employee's child to watch a video.
The endpoint is the new perimeter — and it is unprotected
In home care operators, most of the sensitive data at risk is not on the central server, but distributed across mobile devices that leave the company's physical control every day. Without device management, every lost device is a potential leak whose size the company cannot even measure.
Add to this a commercial reality: the health operators that contract home-based care services are increasingly demanding about the security maturity of their providers. A leaked incident does not just mean an ANPD sanction and reputational damage — it means losing contracts that sustain the entire operation. Security, in home care, has stopped being a cost and has become a condition of commercial eligibility.
What is at stake in each field device
- ›The patient's medical record and clinical evolution (sensitive data, LGPD art. 11)
- ›Home address and visit routine (geolocation)
- ›Prescriptions and administration of controlled medications
- ›Clinical photos of wounds, lesions and procedures
- ›Access credentials to the operations center backend
The real attack surface of a home care operation
To defend home care, you first need to see the attack surface as an attacker sees it — not as an organizational chart, but as a map of doors. It is distributed across four connected fronts: the field devices, the collection application, the operations center and the people. Each front has its own typical flaws, and most real incidents are born at the intersection between them.
Field devices and the collection application
Tablets and phones outside the perimeter accumulate risks: absence of encryption or a PIN, an outdated operating system, personal apps alongside the clinical app, connection to untrusted Wi-Fi networks and the physical risk of loss or theft. The collection app worsens the picture because, in order to operate offline, it caches data locally — and that is where the problems live: cache in plaintext, without expiration, persistent after logout. On the server, poorly protected APIs allow broken authorization (BOLA), in which changing an identifier returns another patient's medical record.
The offline cache: convenience that becomes a liability
The feature that allows the nurse to work without a signal is the same one that turns each device into a repository of medical records. If the local cache is not encrypted, minimal and with aggressive expiration, a lost device delivers clinical data even without any connection — and even if the center was never breached.
The operations center and the people
The center consolidates medical records, schedules and billing; a ransomware attack here does not leak data, it stops the operation — and we are talking about patients in continuous care. Exposed servers, nonexistent segmentation, untested backups and access without MFA are the invitation. The distributed team, which rarely sets foot in an office and communicates through messaging apps, is the ideal phishing target: fake schedule notices, fake app updates, fake HR announcements. Without MFA and without training, a single stolen credential opens the door to the backend.
Quick map of your attack surface
- ✓Do you know exactly how many field devices are active today?
- ✓Do they all have encryption, a strong PIN and remote wipe configured?
- ✓Does the collection app encrypt and expire the local cache of medical records?
- ✓Do the app's APIs verify object-level authorization on the server (anti-BOLA)?
- ✓Does the center have an immutable backup tested against ransomware?
- ✓Is MFA active for all access, in the field and in the center?
- ✓Does the distributed team receive regular phishing simulations?
Is home care and home-based care data already exposed or up for sale? Find out now — for free.
Sem cartão, sem compromisso. Descubra em minutos o que já vazou da sua empresa e qual é o seu risco real.
Compromise of mobile devices: the number one vector
If there were a single risk to prioritize in home care, it would be the compromise of mobile devices in the field. Not because it is the most sophisticated, but because it is the most frequent, the most mundane and the one that most easily escapes management's radar. A tablet does not need to be hacked by a criminal group to become a leak — a car break-in, a bag theft or forgetfulness is enough. The attacker, in this case, is opportunity.
The defense against this vector is almost entirely preventive and revolves around one question: when this device leaves my control, what does it deliver? If the answer is intact disk encryption, a strong PIN that resists attempts, an encrypted clinical cache and the ability to trigger a remote wipe before someone breaks the lock screen, then a lost device is a hardware loss, not a data incident. If the answer is an unlocked device with medical records in an open cache, it is a crisis.
The golden rule of the field device
The device must be a window to the data, never a vault of it. The medical record lives encrypted in the backend; the tablet only displays it under authentication, with the minimum necessary in cache and for the minimum time. That way, losing the device is not losing the data.
This is where mobile device management (MDM/EMM) comes in as non-negotiable infrastructure. It gives the company what it does not have today: a live inventory of each device, automatic enforcement of encryption and lock policies, controlled distribution of the clinical app, detection of rooted/jailbroken or outdated devices, and the remote wipe button that turns a theft into a footnote. In BYOD scenarios, containerization isolates the corporate environment from the personal one, allowing only company data to be wiped.
What MDM/EMM delivers in practice
- ›Live inventory: you know which devices exist and in what state
- ›Encryption and a strong PIN enforced by policy, not by trust in the user
- ›Selective remote wipe: erases the corporate side without touching the personal side (BYOD)
- ›Detection of compromised (rooted/jailbroken) or outdated devices
- ›Controlled distribution and updating of the clinical app
- ›Secure decommissioning: a device that leaves the fleet does not take data with it
Leakage of medical records and geolocation: the harm the LGPD punishes heavily
Not every leaked piece of data weighs the same. The LGPD classifies health data as sensitive personal data (art. 11), which raises the standard of care required and the size of the liability when something goes wrong. In home care, the leak combines two especially delicate ingredients: the patient's clinical condition and their geolocation. Together, they reveal not just that someone is ill — they reveal where this vulnerable person lives, at what times they are alone and when they receive visits. It is information that protects or exposes a life.
That is why the processing of geolocation in home care requires discipline. The LGPD's minimization principle asks that only what is necessary for the purpose be collected. Confirming that the visit occurred at the right address is legitimate; maintaining a continuous and perpetual tracking of patients' and professionals' location creates an enormous liability that, if leaked, would expose entire routines. High-risk processing like this calls for a Data Protection Impact Assessment (RIPD) that documents the necessity and the safeguards.
Geolocation + health = amplified risk
Leaking that someone undergoes home-based treatment is already serious. Leaking the address, the visit routine and the patient's condition of fragility turns a data incident into a risk to the physical safety of vulnerable people. The ANPD assesses exactly this kind of potential harm when sizing a sanction.
When the leak happens, article 48 of the LGPD comes into play: incidents that may cause relevant risk or harm to the data subjects must be reported to the ANPD and to those affected. The difference between a controlled notification and a crisis lies in the ability to delimit the scope precisely and demonstrate diligence. It is the difference between telling the ANPD that 14 specific medical records leaked, contained in less than an hour, with clear controls, and saying that you do not know what leaked or how many patients were affected.
Processing of geolocation under the LGPD
- ✓Collect location only to confirm the visit, not in continuous tracking
- ✓Apply minimization: the minimum precision and retention necessary
- ✓Document the specific legal basis for the sensitive data (art. 11)
- ✓Produce an RIPD for the processing of patients' geolocation
- ✓Define a retention period and secure disposal of the history
- ✓Maintain an incident notification plan ready (art. 48)
Ransomware in the center: when stopping the system means stopping the care
The three previous risks deal with confidentiality — data that leaks. Ransomware in the operations center attacks availability, and in home care this has a particular ethical weight. When the center is encrypted, it is not just a system that stops: it is the visit schedule that disappears, it is the medical record that becomes inaccessible at the very moment the nurse needs to know the correct dosage, it is the continuous care of fragile patients that is interrupted. Availability, here, is patient safety.
Modern ransomware groups operate in double extortion: first they exfiltrate the data, then they encrypt the systems, and they charge both for the decryption key and for the promise not to publish the stolen medical records. A health operator dealing with the sensitive data of hundreds of patients is a high-value target: the pressure to pay is immense because both the operation and the reputation are held hostage.
An immutable backup is the difference between restoring and paying
Against ransomware, the decisive control is not the antivirus — it is the immutable, isolated and regularly tested backup. A backup that the ransomware itself cannot encrypt, and that you have already validated restores, is what allows saying no to the ransom and returning to operation in hours, not weeks.
The defense against ransomware in the center is a combination of resilience and detection. Resilience: network segmentation so that an infection at one point does not spread, hardening of the medical-record servers, the least-privilege principle in access, and the tested immutable backup. Detection: the SOC 24x7 that perceives lateral movement and mass encryption in the first minutes, triggers the response and isolates the machines before the damage is complete.
Resilience of the center against ransomware
- ✓Immutable backup, isolated from the network and tested in a real restore
- ✓Network segmentation to contain lateral movement
- ✓Hardening and continuous updating of the medical-record servers
- ✓Least privilege and MFA on all administrative access
- ✓SOC 24x7 detecting mass encryption in the first minutes
- ✓Continuity plan that keeps care running even with the center down
What would an incident in home care and home-based care cost? See your real risk before it happens.
Sem cartão, sem compromisso. Descubra em minutos o que já vazou da sua empresa e qual é o seu risco real.
How Decripte works: from the free assessment to complete shielding
Decripte's approach to home care is deliberately sequential and self-service: first you see the problem without spending anything, then you decide what to shield. It all starts with the free Threat Management assessment at decripte.com.br/intelligence-center, which maps the external exposure of your operation — employees' credentials leaked in public breaches, assets and systems exposed on the internet, an attack surface you may not have known you had. It is the initial X-ray, at no cost and no commitment.
With the assessment in hand, the structuring advances on the sector's critical points. Decripte assesses the exposure of the field devices, deploys mobile device management (MDM/EMM) with encryption, remote wipe and inventory, and submits the home collection app to a security assessment in the OWASP MASVS and API Security standard — looking exactly at insecure cache, broken authorization and authentication flaws. It is the central angle: home care loses tablets with patient data, and Decripte closes that door.
Decripte's angle in home care
Home-based care operators lose field tablets with patient data in cache. Decripte assesses the real exposure of these endpoints, deploys device management with remote wipe and encryption, and shields the home collection app so that a lost device never again means a leaked medical record.
On top of this foundation, continuous monitoring comes in with the SOC 24x7, observing access to medical records, credential use, fleet compliance and signs of ransomware in the center, without interruption. And when something slips through — because no defense is perfect — Incident Response takes over with a containment SLA of one hour or less, containing the damage and delimiting the scope. In parallel, the Compliance program organizes the house from the perspective of the LGPD in healthcare, from mapping flows to the notification plan.
Start with the free tier, evolve self-service
You do not need a big budget decision to start. Run the free Threat Management assessment at decripte.com.br/intelligence-center, understand your exposure, and then choose the paid plans that make sense at /planos — in an informed way, at your own pace, without intermediaries.
LGPD compliance in home-based care: turning an obligation into an advantage
For a home care operator, LGPD compliance has stopped being an abstract legal exercise and has become a market prerequisite. Health operators, plans and the patient themselves expect evidence that the provider handles sensitive data seriously. The good news is that data protection maturity, well built, becomes a commercial differentiator — the argument that wins the contract against a competitor that still keeps medical records in an uncontrolled spreadsheet.
Decripte structures compliance from what actually happens in the operation. It maps the flows of sensitive data — where the medical record is born, where it travels, where it rests and who accesses it. It defines the adequate legal basis for the processing of health data under article 11. It establishes retention and disposal policies so that data does not accumulate indefinitely. It handles geolocation with the care it requires, including an RIPD. And it assembles the incident response plan that satisfies article 48 before it is needed.
Pillars of the LGPD program for home care
- ›Mapping of the sensitive-data flows (origin, transit, retention, access)
- ›Correct legal basis for the processing of health data (LGPD art. 11)
- ›Retention and secure-disposal policies for medical records
- ›RIPD for the processing of patients' geolocation
- ›Management of data subjects' rights and a service channel
- ›Incident notification plan to the ANPD ready (art. 48)
It is worth being precise about what the LGPD actually requires, without inventing numbers or rigid deadlines where the law does not set them. Article 48 speaks of communication within a reasonable timeframe, regulated by the ANPD, and not a fixed number in the text itself. What it requires clearly is the communication of incidents with relevant risk, the qualified processing of sensitive data and accountability. The correct posture is to be prepared to notify with a precise scope and demonstrable diligence, which is exactly what Decripte's incident response delivers.
Compliance as an eligibility criterion
In home care, demonstrating data protection maturity does not just avoid a sanction — it opens commercial doors. It is increasingly what separates the provider that wins contracts with operators from the one left out for being unable to prove controls.
Anatomy of a real case: the stolen tablet that almost became a national crisis
Real, de-identified example
Anonymized real example (without identifying the client). A mid-sized home-based care operator works with 80 field professionals, each with a corporate tablet running the home collection app. The center consolidates the medical records of about 1,200 active patients, many elderly in palliative care, and bills two health operators. The tablets were distributed with disk encryption, but without a mature MDM policy: remote wipe was not configured, the inventory was an outdated spreadsheet and the app kept medical records in local cache without aggressive expiration. On a Saturday night, a nursing technician has his car broken into in a parking lot; among the items taken, the corporate tablet — logged into the app, with the week's visit data in cache.
Detection
Sunday morning, the technician reports the theft to the coordination by message. The coordination activates Decripte through the incident response channel. The SOC 24x7, which was already monitoring the fleet, confirms in parallel that the device had attempted an access to the backend at 2:47 AM — outside the professional's usual hours and region — a sign that someone was handling the device.
Containment (<=1h)
Within the containment SLA, Decripte triggers the remote lock command and selective wipe of the corporate container on the device (an emergency MDM layer provisioned), revokes the credentials that were logged in on the device, forces the expiration of all that user's active sessions and blocks the workstation's access token. The anomalous access is cut off.
Investigation
The response team determines, from the logs, exactly what was in cache on the device at the moment of the theft: the medical records of 14 patients on the week's route, with clinical evolution and addresses. It confirms that the nighttime access attempt failed after the credential revocation and that no additional data was exfiltrated from the backend. The scope of the incident is delimited: 14 data subjects potentially exposed, without a breach of the center.
Eradication
Decripte identifies the root causes: absence of pre-configured remote wipe, local cache without expiration and an outdated inventory. It deploys complete MDM/EMM across the entire fleet of 80 devices, enforces encryption and a PIN, configures remote wipe on all, reconfigures the collection app to encrypt the cache and expire it aggressively, and enables MFA on all access.
Recovery
The operation returns to normal without interruption of care — the team keeps working while the fleet is remediated in waves. The center was never compromised, so there was no data loss or schedule stoppage. The stolen device, even if unlocked, no longer delivers anything useful after the wipe.
Notification
With the precise scope in hand (14 data subjects, specific data), Decripte supports the company's DPO in reporting the incident to the ANPD and the affected data subjects in accordance with article 48 of the LGPD, with a technical report that demonstrates the fast containment and the deployed controls — a mitigating factor in the regulatory assessment.
Lessons learned
The post-incident becomes a permanent program: SOC 24x7 contracted, an MDM policy with monthly fleet compliance auditing, anti-phishing training of the distributed team, and a device-loss runbook that any coordinator can activate at any time.
Outcome with Decripte
What started as a common car theft could have become a leak of the medical records of vulnerable patients, a headline and a heavy sanction. With Decripte, the incident was contained in less than an hour, the scope stayed at 14 data subjects instead of 1,200, the center remained intact and the ANPD notification was made with evidence of diligence. The company came out of the episode with MDM, SOC 24x7 and an LGPD program — stronger than it went in. This is the outcome that security structuring makes possible. Start your free assessment at decripte.com.br/intelligence-center.
Don’t wait for the incident. Start hardening home care and home-based care today.
Comece pelo diagnóstico gratuito agora e veja em minutos o que já vazou. SOC 24x7 e contenção em até 1h nos planos pagos.
How Decripte responds to an incident in home care
Decripte's incident response combines the physical world (lost device) and the digital (leakage, ransomware) in a single flow, with a containment SLA of one hour or less. These are the typical steps when a home-based care operation activates us.
- Activation and immediate triage: the response channel receives the alert (reported theft, SOC alert, suspected leak) and classifies the severity in minutes, mobilizing the right team.
- Containment within 1 hour: remote wipe of the affected device, revocation of the logged-in credentials, session expiration and isolation of the endpoint or the compromised machine from the backend.
- Investigation and scope delimitation: log analysis to determine exactly which data was exposed, how many data subjects were affected and whether there was exfiltration from the backend or only from the local device.
- Eradication of the root causes: removal of the attacker's access, closing of the breach (insecure cache, weak credential, vulnerable API) and correction of the configuration that allowed the incident.
- Recovery of the operation: restoration from intact backups when there is ransomware, revalidation of the device fleet and return to care without interruption of patient care.
- Support for regulatory notification: production of the technical report that grounds the communication to the ANPD and the data subjects in accordance with article 48 of the LGPD, demonstrating diligence and containment.
- Post-incident and shielding: complete report, lessons learned, deployment or reinforcement of MDM, SOC and controls, and creation of a runbook for future activation by the team itself.
- Continuous monitoring: integration of the learning into the SOC 24x7 to detect the next attempt through the same vector earlier.
How Decripte structures the security of a home care operation
Responding to incidents is necessary, but the goal is to avoid them. Decripte structures the security of home-based care into pillars that cover the endpoint outside the perimeter, the app, the center and the human factor — turning a distributed and exposed operation into a managed and monitored fleet.
Device and mobility management (MDM/EMM)
Provisioning, mandatory encryption, a strong PIN, selective remote wipe, a live inventory and work/personal separation in BYOD. It is the foundation that gives control over each field endpoint, from day one to secure decommissioning.
Shielding of the home collection app
OWASP MASVS and API Security assessment: encrypted and minimal local cache, MFA, server-verified authorization (anti-BOLA), TLS with pinning, screen-capture blocking and geolocation minimization in accordance with the LGPD.
SOC 24x7 and continuous detection
Uninterrupted monitoring of access to medical records, credential use, fleet compliance and signs of ransomware in the center, with event correlation and automatic activation of incident response.
LGPD compliance in healthcare
Mapping of sensitive-data flows, correct legal basis for health (art. 11), retention and disposal policies, RIPD for geolocation, management of data subjects' rights and an incident notification plan (art. 48).
Human factor and security culture
Contextualized phishing simulations, continuous awareness in field-friendly language, an incident reporting channel and universal MFA — defending the link that technology alone does not cover.
Resilience of the operations center
Immutable backup tested against ransomware, network segmentation, hardening of the medical-record servers and a continuity plan so that the center's shutdown never interrupts patient care.
Recommended plans for Home Care and Home-Based Care
SOC 24x7
A fleet of tablets in motion and a center that cannot stop require open eyes at any hour. The SOC detects anomalous access to medical records, use of a compromised credential, non-compliant devices and signs of ransomware before they become a leak or a shutdown.
See plan →Incident Response
Tablet theft, a compromised credential or ransomware in the center are incidents that mix the physical and digital worlds and do not wait for business hours. The containment SLA of one hour or less limits the scope of the leak and grounds the ANPD notification within the LGPD timeframe.
See plan →Compliance
Health data is sensitive (LGPD art. 11) and operators require evidence of maturity. The compliance program maps flows, defines the legal basis, handles geolocation with an RIPD and prepares the incident notification — becoming a criterion of commercial eligibility.
See plan →Pentest
The home collection app and its APIs need to be tested as an attacker would: insecure local storage, broken authorization (BOLA) and authentication flaws are the risks that most leak medical records in the sector. The penetration test finds them before the criminal does.
See plan →Frequently asked questions
We lost a tablet with patient data. What do we do now?
Immediately activate incident response for a remote wipe of the device (if there is MDM), revocation of the credentials that were logged in and isolation of the access. In parallel, determine from the logs what was on the device to assess the notification to the ANPD and the data subjects in accordance with article 48 of the LGPD. Decripte conducts this flow with a containment SLA of one hour or less. To prepare before it happens, start the assessment at decripte.com.br/intelligence-center.
We use the professionals' personal devices (BYOD). Is that safe?
It can be, with the right layer. The solution is containerization via MDM/EMM, which isolates the clinical app and the corporate data from the device's personal space. That way, the remote wipe erases only what belongs to the company, without touching the employee's photos and messages, and the clinical data stays encrypted in a controlled container. Without that layer, BYOD in home care is an elevated risk.
The collection app works offline. Where is the data stored and is that dangerous?
Field apps cache data locally to operate without a signal — legitimate, but the risk is the cache staying in plaintext, not expiring or surviving logout. Decripte assesses the app by the OWASP MASVS and ensures that the local storage is encrypted, minimal and with aggressive expiration, so that the device is a window to the data, not a vault of it.
Do we need to notify the ANPD if a tablet is stolen?
It depends on what was exposed. The LGPD (art. 48) requires communicating incidents that may generate relevant risk or harm to the data subjects, and sensitive health data reaches that threshold easily. If the device was encrypted, with a successful remote wipe and no data exposed, the risk is mitigated. That is why the fast scope investigation is decisive: it defines whether, what and to whom to notify.
How do we protect the field team against phishing if they work spread out?
With three layers: universal MFA (so that a stolen password is not enough), phishing simulations contextualized to the team's day-to-day (fake schedule notices, app updates), and continuous awareness in accessible language, not IT jargon. Decripte structures and measures this program, treating the human factor as a trainable defense.
And if ransomware hits our operations center?
The center is critical: encrypting it paralyzes visits and access to medical records. The defense is resilience — an immutable and tested backup, network segmentation and hardening of the servers — added to the SOC 24x7 that detects mass encryption early and the incident response that isolates and restores. The goal is that the center's shutdown never interrupts patient care.
Does collecting the team's and patients' geolocation bring legal risk?
Yes, if done without criteria. Geolocation cross-referenced with health is highly sensitive data under the LGPD and requires minimization, a specific purpose and, in high risk, an RIPD (impact assessment). Decripte helps design the collection to confirm the visit without maintaining a permanent tracking that, if leaked, would expose the routine of vulnerable patients.
Where do we start without spending much up front?
With the free Threat Management assessment at decripte.com.br/intelligence-center, which reveals your blind spots — leaked credentials, exposed assets, attack surface — at no cost and no commitment. With the result in hand, you decide which paid plans make sense at /planos, in an informed and self-service way.
Sector terms
- MDM / EMM
- Mobile Device Management / Enterprise Mobility Management. Set of technologies to manage the fleet of corporate mobile devices: mandatory encryption, PIN, remote wipe, inventory, app distribution and separation between work and personal space in BYOD scenarios.
- Selective remote wipe
- Command that remotely erases only the corporate data and apps of a lost, stolen or departed-employee device, without touching the user's personal data. A central measure to contain leakage on field endpoints.
- BOLA (Broken Object Level Authorization)
- Flaw listed in the OWASP API Security Top 10 in which the server trusts the identifier sent by the client without verifying whether the user has the right to access that object. In home care, it would allow a professional to pull the medical record of a patient outside their caseload by changing IDs.
- Sensitive personal data
- LGPD category (art. 11) that includes health data. It requires a qualified legal basis and an elevated standard of care. Home care medical records, prescriptions and clinical photos fall under it, as does geolocation cross-referenced with the patient's health condition.
- RIPD
- Personal Data Protection Impact Assessment. Document provided for in the LGPD to describe high-risk processing and the mitigation measures. Recommended when handling patients' geolocation combined with health data.
- OWASP MASVS
- Mobile Application Security Verification Standard, from OWASP. Reference standard for assessing the security of mobile applications, covering local storage, encryption, authentication, network communication and resistance to tampering — the basis for shielding the home collection app.
Decripte protects and responds to incidents in home care and home-based care.
Pentest, 24x7 SOC, incident response with a 1-hour containment SLA and compliance — without building an internal team. Or start free by seeing what has already leaked from your company.
