Last week the U.S. Department of Health and Human Services (HHS) warned of security products that inspect HTTPS traffic potentially exposing Protected Health Information (PHI) via man-in-the-middle (MITM) attacks. The warning focuses on HTTPS interception products that decrypt, inspect, and re-encrypt web traffic. There’s also, however, a mobile MITM vector that HIPAA-covered entities need to
I’ve helped a number of organizations decipher HIPAA but found clear information hard to come by. I tried to remedy that for the mobile app development community with this blog post about HIPAA and mobile apps.