The Ugly Side of Healthcare Apps

healthcare app

Smartphone healthcare apps have become an indispensable part of our daily lives not only because they save costs for hospital and minimize complexities of getting an appointment from a doctor, but they increase the interaction rate between the doctor and patient. Healthcare apps bridge that gap between a doctor and a patient, and make it possible to monitor patients remotely. However, healthcare apps have a dark side that many do not know about.

How Vulnerable Healthcare Apps can be?

When you get medical treatment you obviously share some of your very personal and sensitive healthcare records with your doctor… understandably that’s how things work between a patient and a doctor. But when you depend on a healthcare app, there is a definite security risk you get exposed to. You trust your doctor or the hospital but the app you are relying on is a third-party, and how reliable you think they are in terms of keeping guarded the data you share with your doctor (data includes includes the record of your interaction with your doctor, your personal and sensitive data, including your credit card number, social security number, your home address, your doctor’s name and your medical history)? Your data is stored in the cloud server of the app creator (in un-encrypted format). Now the question raises, how secure their server is in terms of keeping your sensitive data? Is FDA-approval of a healthcare app ensures that your data will be kept 100% secure in a third party server? And more importantly what privacy policy (and terms of service) they are under while playing the role of a third-party between a patient and a doctor?

Are healthcare apps secure to use?

Unfortunately, the answer is No. Healthcare apps are not secure enough to use because more than 85% of the FDA-approved healthcare apps lack binary protection and have insufficient transport layer protection, according to a new report from data security company Arxan. These healthcare apps do not store data in encrypted format. It is no secret that present day healthcare apps are seriously vulnerable to multiple security risks from hackers and as well as from app creators. Hackers love to target healthcare apps because such apps stores user’s (patient’s) credit card information, social security number, home address and more importantly a patient’s medical history.

Why would some random hacker be interested in a patient’s medical history?

Because this information can be sold on high price on the black market. Medical history of patient is not only valuable for hackers but even app creators can misuse these information for their monetary gain. In a recently conducted research on healthcare app, it is been discovered that 81% of healthcare apps have no privacy policy. That means if they share (or sell) patient’s medical history to any 3rd party, they are not breaking any rule. And the rest 19% of app has a privacy policy which only says they will not share patient information without patient’s permission, which is beyond sufficient to ensure that user’s data will be kept completely secure from hackers and from any kind of misuse. Overall, it seems like the selling of collected data from healthcare apps is not regulated at all.

Imagine, what if your healthcare app gets hacked and the hacker instructs you (pretending himself to be your doctor) to take a harmful dose of medication, apart from stealing your credit card number, social security number, your medical history, and even your home address. Yes, I know it sounds terrible, but it is very much possible. Although the mobile technology has reduced the number of visits to the clinic, it has unnecessarily opened new gates of security concerns for patients. The record shows that the healthcare industry is struggling to protect its patients’ when in comes to patient’s online security. Over 29.3 million patient health records have been compromised since year 2009.

Healthcare industry must adopt very strong encryption in healthcare apps to win back patient’s trust, until then patients must think twice before using any healthcare app.

Leave a Reply

Your email address will not be published. Required fields are marked *