Over the past decade, apps have gradually become a part of our everyday life. However, not many of us tend to consider the security risks associated with software that records our private data. Mobile healthcare apps are a good example of this dilemma. While such apps can improve healthcare services, they can also make patients’ data vulnerable to hackers. Promoted by many healthcare providers, such apps can be easily downloaded from the Apple App Store or Google Play.
“More health data is going through mobile applications today than it ever has, and it’s continuing to increase,” Rusty Carter, vice president of product management at Arxan Technologies, told The Daily Swig. “The ability to access that information is also very easy.”
According to Adam Piper, a UK-based software developer, healthcare apps have been borne out of necessity to treat more patients in shorter amounts of time. “If I want to get a doctor’s appointment, it has to be today, and by 8.01am all the appointments are gone,” he told The Daily Swig. “A mobile app is the non-insane version of booking an appointment.”
Just last year, a research study of 36 healthcare apps found that over 80 percent were sharing information with Facebook and Google, with only around half of them disclosing this practice to consumers. In addition, the latest report by Verizon Mobile Security stated that 25 percent of healthcare institutions said that in 2018 they experienced a data breach associated with a mobile device.
While data protection is not something app-users usually think about, Carter said that hacking into healthcare apps is relatively easy. “[If the data] was a Unix terminal in a clinical study, it’s much harder [for an attacker] to gain access to,” he said. “Whereas I can download a mobile application and get to work [as an attacker] in figuring out the APIs, figuring out how the application works, and figuring out which vulnerabilities I can capitalize on.”
Carter said that while healthcare app developers sometimes don’t pay enough attention to data security, the data on such apps also needs to be continuously protected. “Protecting mobile apps is far less costly than alternatives such as specialized hardware, and definitely less expensive than the cost of a data breach or hack,” he said. “The cost of protecting mobile apps in human effort is typically one person a day, or two per platform, of total effort depending on the number of pen tests and iterative updates and the complexity of the application.”
According to the website Sundt.UK, consumers of fitness apps should exercise caution when downloading software. The Sundt representative said: “People who are after apps that help them control their health through developing better fitness and nutritional habits need to look only for official apps that give them the greatest likelihood of data security. If the app is recommended to you by your healthcare provider, always ask about its data protection features.”