8 Out of 10 Mobile Health Apps Open to HIPAA Violations, Hacking, Data Theft

Bill Siwicki | Healthcare IT News | January 13, 2016

Though the majority of executives surveyed by Arxan said they believe their apps are secure.

A new report shows 84  percent of U.S. FDA-approved health apps tested by IT security vendor Arxan Technologies did not adequately address at least two of the Open Web Application Security Project top 10 risks. Most health apps are susceptible to code tampering and reverse-engineering, two of the most common hacking techniques, the report found.

Ninety-five percent of the FDA-approved apps lack binary protection and have insufficient transport layer protection, leaving them open to hacks that could result in privacy violations, theft of personal health information, as well as device tampering and patient safety issues. The new research from Arxan, which this year placed special emphasis on mobile health apps, was based on analysis of 126 popular health and finance apps from the United States. United Kingdom, Germany and Japan.

There is a disparity between consumer confidence and the attention given to security by app developers, the study found. While the majority of app users and app executives said they believe their apps are secure, nearly all apps Arxan assessed proved to be vulnerable. The situation isn’t much better across the pond, either, where 80 percent of the mobile health apps approved by the U.K. National Health Service and tested by Arxan did not adequately address at least two of the OWASP mobile top 10 risks...