Mobile Apps: How to Stay Protected from the Medical Industry’s New Age Security Threat

Mobile Apps: How to Stay Protected from the Medical Industry’s New Age Security Threat

Apps have become an integral part of our lives. Our phones are no longer devices which allow us only to communicate. There is an endless list of things you can do with your smartphone which is made possible by over 6.5 million apps that are available across various platforms.

And with every app comes potential for a data breach.

How Apps Create Compromised Security in the Medical Field

You may have noticed apps asking for permission to access various components of your phone like SMS, contacts, gallery, location etc. While you may absentmindedly continue granting access to these, if the app is unable to hold this information securely, your privacy could be compromised.

And if you have any sort of medical app – health and fitness, exercise tracking, and even accounting and CRM app software, the main security risk comes from this data and confidential patient information being hacked or, even worse, modified.

For example, take an app that saves electronic medical history of patients. If a third party user that were unconnected with the app, and so untracked, were to access the information and change patient details – modify allergy information, for instance – it could put the life of this person at risk.

Many users take application security for granted, and much of this comes down to a perceived level of security that actually doesn’t exist.

The Truth Surrounding Mobile App Security: Perception Vs. Reality

One of the major concerns with app security is that users are unaware of the reality of a data breach.

Arxan’s 5th Annual State of Application Security Report reveals that the majority of users (about 63%) believe that app developers take all the necessary steps to ensure the safety of their apps. A higher proportion of users (about 84%) believes the apps to be safe to use.

However, a survey conducted by the Ponemon Institute on behalf of IBM has revealed a harsh reality.

In a bid to release the apps quickly and reduce expenses, less than half of the app developers thoroughly check for security issues before releasing the app. In fact, one-third of the developers do not check the safety of their app at all.

And while you think all this may be talk isolated to general smartphone apps, the reality is that these flaws in app security are prevalent in all apps – including apps in the medical industry.

What to Look For: The 3 Biggest Security Flaws in Apps

If you work with apps, or are considering app development for your practice, consider these prominent security flaws, first:

  1. Insecure Data Storage: Some apps do not store your sensitive information securely on the device. NowSecure’s Mobile Security Report reveals that 43% users do not lock their phone using a PIN, pattern or password. The data of such users can be at risk if their device is lost.
  2. Insufficient Transport Layer Protection: Some apps use unencrypted connections from the application to third parties. This makes your data vulnerable.
  3. Poor Authorization and Authentication methods: This may result in unauthorized access to your data. Generally, these are controlled on the server side of an app.

And these flaws prove a real threat to your online security.

In fact, Skype, Microsoft’s internet calling and messaging service, is one such example of a highly popular app with consistent security flaws. While Skype encrypts your data in transit, it is believed to be one of the communication apps most susceptible to IGMP snooping.

How to Make Sure Your Apps Remain Secure

While HIPAA compliance is often met for many developed apps, requirements are often outdated and in some cases, insufficient to protect your personally identifiable information (PII).

Borja Martínez, a software engineer at the University of Valladolid, recommends that you include the following practices in a data security policy to increase protection beyond outdated standards such as HIPAA:

  • Center app access control on the patient, making them in charge of accessing or prohibiting access to their information.
  • Demand unique authentication methods – an identity and password known only to the user – that can be linked to a public infrastructure.
  • Use of AES (Advanced Encryption Standard) with a cryptographic key of at least 128 bits to enhance security and confidentiality.
  • Use a symmetric key, such as AES, for at least one authentication code.
  • Present a clear privacy policy to app users that will identify the person who will use the data, their purpose, the privacy methods used, their rights and a means of contact.
  • Use TLS (Transport Layer Security) with 128 bit encryption methods or virtual private networks (VPN) to secure data during transfer.
  • * Data retention: data must only be stored for the necessary amount of time for the established purpose, no longer.
  • * Communication with body sensors: for communication with low-power sensors used in the body, cryptographic methods must be used for the authentication of devices and the distribution of the key.
  • * Alert for security lapses: the developing company must alert the competent authorities as well as users as soon as possible and must help the user to reduce the possible damage caused by such breach.

Mobile App Security: Now You’re Up to Date

To deny the progression of technology towards mobile devices is to leave yourself and your company blissfully open to cyber attack on your data. A resulting data breach can be detrimental to you, and your organization.

But now you have the knowledge to ensure your information remains secure, and your patients details are more likely to stay in safe, encrypted cyber “hands.”


Arman Sadeghi | Founder & CEO, All Green Electronics Recycling

Arman Sadeghi founded All Green Recycling in 2008 after watching a “60 Minutes” expose on the current state of electronics recycling in the United States and the lack of focus on Data Security and Environmental Stewardship. He is a serial entrepreneur who currently owns and operates companies in various industries including IT, Data Security, Business Consulting, Marketing, Photography and more.

Social Media






Previous post

Pieces Of Tech You Didn't Know You Needed

Next post

Tips on Improving Customer Relations



Ive been blogging now for 5 years on various sites for the love of knowledge share. I decided to start my own blog a few years back to share everything from tech to business news. Follow me on twitter for more.