Mobile health apps are growing in popularity among doctors and patients alike. In a world where people are often too busy or unable to go to an appointment, telemedicine can give people a chance to connect with their health providers. Mobile health apps can assist people with diabetes, heart diseases and an array of other medical health problems in monitoring and managing their symptoms without having to physically go to a doctor.
This area of the medical field is progressing at a fast and steady rate, however, it is not without its risks and dangers. Though there are quite a few limitations of mobile health apps and what they can offer, perhaps the most significant cause of worry is the security of these apps. Unlike physical medical records which can be sealed, online patient histories and confidential information are at risk of being exposed.
Vulnerabilities in Mobile Health Apps
In 2016, Quest Diagnostics was hacked, and the personal information of over 34,000 people was leaked, including names, birthdays, telephone numbers and lab or test results of patients. Though evidence didn’t show misuse of the data, it was a wake-up-call for mobile health apps to improve security measures.
According to HIPPA Journal, not only do many mobile health apps have security vulnerabilities, but even FDA-approved ones are also vulnerable. A study conducted by Arxan Technologies revealed that 84% of FDA-approved medical health apps have security flaws that pose a significant threat of private data being exposed, or the gadget or device being compromised.
The study also found that the problem wasn’t just faced by apps in the United States, but also those approved for use by the National Health Service (NHS) in the UK. The study showed that a health app isn’t safe because it is government-approved and that these apps can be made secure with the right precautionary and safety measures.
The two main issues which were detected by Mi3, an application security company used for this purpose, were as follows.
Lack of binary code protection
According to the statistics collected by Mi3, 97% of apps lacked binary code protection, so they could quickly be reverse-engineered and have their code altered. This severe vulnerability was found in 95% of FDA-approved apps, and it suggested that hackers could reprogram the apps to deliver a lethal dose of medication to any of the people using the app.
Poor transport layer protection
Though there were a lot of other issues detected, the second-biggest weakness – affecting 9% of apps — was a bad or vulnerable transport layer, which meant that confidential and private data could be leaked. This data, when in the wrong hands, can result in fraud and identity theft.
When asked whether they trusted the security of a medical app, 84% consumers said they believed the apps were secure, and 63% said they imagined that developers were doing all they could to ensure the application’s security. Though 80% of consumers said they would change providers if vulnerabilities were made apparent, most believed apps were tested and secured for outside threats.
What Can Be Done?
The query to be answered now is: What do you do to improve these security threats and make sure that the mobile apps are safe for both patient and doctor?
Involve Security Experts
The first thing any developer must understand is that for your customers (patient and physician) to trust you and your app, you need to bring in experts from the start. Your consumers won’t believe your app unless you guarantee a safe and secure product, and the only way to do this is to bring an expert into the mix. Rather than asking for their help with testing of possible security issues once you’re finished developing the app, make them a part of the team from the get-go. If you are using a video calling system for telemedicine, make sure it is HIPAA compliant.
Stay Updated About Security Guidelines
Yes, you may have made sure that your mobile health app adheres to state and federal privacy laws that protect the patients physically and mentally, but does it go deep into cybersecurity? Though the technology is still new, AMA, along with the American Heart Association, Healthcare Information, and Management Systems Society, has formed Xcertia, which is a set of guidelines that lists recommendations and best practices for developers creating mobile health apps.
Mobile health apps can be made more secure, though it requires an additional up-front investment of money and resources. However, the payoff is undeniable; when you consider the cost of breaches and security threats, prevention methods look a lot cheaper.
To explore how Best-in-Class companies protect their vulnerable cloud-based web applications, download this comprehensive report: Security for Your Cloud-Based Web Applications: Why, and How.
James Crook is a passionate blogger who loves to write on health and fitness related topics. Currently, he is a working as a blogger for a telemedicine app ‘Mend Family’. Follow @jamescrook911 for more updates.