Patient records increasingly vulnerable due to hacking of mobile apps
Patient data is becoming increasingly vulnerable to electronic attack due to the growing trend towards carrying medical records and information on mobile apps, a new report states.
The State of mobile app security 2014 report, by IT security company Arxan, surveyed the top 20 medical apps using sensitive information, such as patient records, in the Google Play store and found 90% had been maliciously hacked.
NHS England has recently announced plans for a ‘kite marking scheme’ for NHS apps, which could be prescribed by GPs if they meet clinical and security guidelines, but the study found that 22% of the hacked Android apps had been approval by the US Government.
The report states: ‘With regards to medical apps, they are particularly sensitive and are under preliminary scrutiny and guidelines of the Food and Drug Administration (FDA) in the United States.
‘It is clear that the regulatory initiatives are not up to pace with dynamics and challenges of mobile health app industry, as 22% of the hacked apps are on the FDA approved list.’
A spokesperson for Arxan added: ‘It should be noted that users do not need to download apps from third-party sites for app owners to suffer from hacking attacks. IP and decompiled source code can be stolen without the hacker republishing the app on third-party sites. Hackers can also republish hacked apps on official app stores (e.g., under a different app name).’