The last few years have seen a glut of new mHealth related products and innovations, but as the number of apps has grown, so to have concerns around the security of the data produced and processed by them.
A recent study suggests that the best way to overcome this is to take a holistic approach to health related cybersecurity. The study is part of a wider project called Trustworthy Health and Wellness (THaW), which aims to protect the medical data of patients as they move online.
“Mobile medical applications offer tremendous opportunities to improve quality and access to care, reduce costs and improve individual wellness and public health,” the researchers say. “However, these new technologies, whether in the form of software for smartphones or specialized devices to be worn, carried or applied as needed, may also pose risks if they are not designed or configured with security and privacy in mind.”
A holistic approach to security
The researchers conduct a number of studies into the digital implications of health and wellness applications, with security a constant focus of their attention.
In addition to conducting research into health security themselves, they are also training the next generation of computer scientists to develop secure applications in the health space.
“In complex environments having to do with health, wellness and medicine, there are a lot of moving parts involving devices, software, wireless and wired communications, and other dimensions, which are rich in challenges for security, privacy and safety,” the team say.
Central to the approach is having a diverse range of talents at their disposal, including from business, health policy, behavioral health and of course, computer science.
The insecurity of apps
With mHealth apps increasingly handling sensitive data (from both clinician and patient), they are largely outside of the regulatory framework provided by the likes of HIPAA.
When the most common health apps in Google Play were analyzed, a number of vulnerabilities were discovered that allow access to the sensitive data contained in the apps.
What’s more, over 60% of these apps would transmit this sensitive data in an unencrypted way, thus making the data vulnerable to theft.
“These issues need attention and are not easily fixable because they require extra effort and security expertise from developers and computational capabilities from platforms,” the authors say. “Steps should be made to encourage mHealth app vendors to assure encrypted network links for communications and the use of third-party storage only when adequate security and privacy guarantees are obtained.”
Of course, this level of (in)security is not something unique to health related apps, nor indeed with apps themselves. For instance, the authors also found significant vulnerabilities in hospitals as well.
The authors warn that a lack of attention to the security aspects of mHealth apps could undermine the incredible potential they have to help society and slow their adoption unnecessarily.
“THaW research is identifying gaps in security and providing practical security solutions,” they conclude. “We are developing novel methods for security and privacy, so we can help usher in an era of effective and secure mHealth solutions.”