MOVO-X
Loading MOVO-X…
A kiosk that reads patient IC data and registers check-ins is a high-value target for data breaches and identity theft. Getting the security right is both a legal requirement (PDPA) and a patient trust issue. This guide covers the key measures.
All data transmitted between the kiosk and your servers must be encrypted with TLS 1.3 (not TLS 1.0 or 1.1 — both are deprecated). Patient records in the database must be encrypted at rest (AES-256 is the standard). MOVO-X enforces both by default.
The kiosk device itself should store the minimum patient data necessary. NFC read data (name, IC number, photo) should be transmitted to the server and immediately purged from the kiosk memory — never cached to local storage. The kiosk should only hold a session token, not patient data.
Kiosk hardware security: bolt the kiosk to the floor or wall, use a tamper-evident case, disable USB ports (prevents data exfiltration via thumb drives), and apply a screen privacy filter (prevents shoulder surfing). Lock down the Android OS to kiosk mode — patients should never be able to access the Android home screen.
Reception staff should have the minimum access needed for their role. Only system administrators should have access to patient records. Admin access should require two-factor authentication (2FA). Log every admin login with IP address, timestamp, and actions taken.
Display a privacy notice before reading the IC card. The notice must be in Bahasa Malaysia (primary) and English (secondary). It must state: what data is collected, how it is used, and how to exercise data access rights. Log the consent timestamp for each check-in.
Run a monthly security review: review audit logs for unusual access patterns (off-hours access, bulk data exports), verify TLS certificates are valid, check for pending software updates (apply promptly), and conduct a quarterly penetration test of the kiosk and web application.
Train reception staff to immediately report a kiosk that shows unexpected behaviour (blank screen, unusual messages, disconnected NFC) — these can be signs of a hardware-level attack.
Never store credit card or payment data on the kiosk or in the same database as patient records — use a separate PCI-DSS compliant payment processor.
The PDPA requires you to notify the Malaysian Personal Data Protection Commissioner of data breaches within 72 hours. Have a breach notification procedure documented and tested before you go live.
MOVO-X is in the process of achieving ISO 27001 certification. In the interim, we operate under ISO 27001 controls documented in our Information Security Management System (ISMS). Our ISMS documentation is available to enterprise customers and tender evaluators on request.
Patient data is retained for the duration defined by your clinic's data retention policy (minimum 7 years is standard for medical records in Malaysia). After retention, data is securely deleted (overwritten, not just flagged for deletion). Patients can request their data at any time.
Yes. MOVO-X conducts annual third-party penetration tests. The executive summary of the latest test is available to enterprise customers under NDA. Critical and high findings are remediated before deployment.
MOVO-X deploys AI kiosk and queue management systems for clinics and hospitals across Malaysia and Southeast Asia. Talk to our team about your specific setup.