An alarming new report highlighted this week by Healthcare IT News reveals that 84 percent of U.S. FDA-approved health apps (those tested by IT security vendor Arxan Technologies) have not returned favorable results.
All told, this group “did not adequately address at least two of the Open Web Application Security Project top 10 risks.”
Most health apps are susceptible to code tampering and reverse-engineering, two of the most common hacking techniques, the report found. Ninety-five percent of the FDA-approved apps lack binary protection and have insufficient transport layer protection, leaving them open to hacks that could result in privacy violations, theft of personal health information, as well as device tampering and patient safety issues.
“Given the highly distributed mobile environment, healthcare CIOs and provider organizations with mobile apps should bake application self-protection security measures into their apps before releasing them ‘into the wild,’” said Patrick Kehoe, chief marketing officer at Arxan Technologies. “Hardening mobile health apps with application self-protection allows the app to be protected against advanced threats no matter where it goes. In addition to app hardening, beefing up protection of the application programming interfaces, or APIs, that communicate between the mobile apps and back-end servers that contain high-value, high-target health information is becoming essential.”