Around 71% of tested healthcare apps have at least one major vulnerability that could lead to data breaches while 5% of COVID-19 tracking apps leak data, Intertrust’s annual security report which tested 100 Android and iOS healthcare apps found, underscoring the risks associated with health apps and the need for software protection technologies to secure sensitive patient data. Â
Around 71% of healthcare and medical apps have at least one major vulnerability that could cause a medical data breach while 5% of COVID-19 tracking apps leak data. This and more such worrying findings are part of Intertrust Technologies’s newly released 2020 Security Report on Global mHealth Apps, which tested 100 mobile healthcare apps (both Android and iOS environments) across telehealth, COVID-racking, health commerce and medical devices to uncover critical security threats in health apps.
As per the report, a vulnerability is classified high if it can be readily exploited and has the potential for significant damage or data loss.
Speaking to Toolbox, Bill Horne, General Manager of the Secure Systems Product Group and Chief Technology Officer at Intertrust said that nearly every healthcare application tested lacked safeguards to detect and stop analysis and reverse-engineering by hackers.Â
Moreover, data breaches cost healthcare providers an average of $7.13 million per breach, the highest in any industry. “Yet, as our assessment indicates, the healthcare industry has failed to scale up its application security practices,†Horne said.
Per the Verizon Data Breach Investigations reportOpens a new window , the healthcare sector was hit with 798 cybersecurity incidentsOpens a new window out of which 521 resulted in confirmed data breaches in 2020.Â
The risk is further amplified if apps lack strong encryption. According to Intertrust’s reportOpens a new window , 91% apps failed cryptographic tests and were found to have weak encryption, giving rise to chances of data exposureOpens a new window , code manipulation, illegitimate command execution and IP theft. “Key protection technologies, such as white-box cryptography, should be used to secure the encryption process,†adds Horne.
See Also: How Are Tech Companies Transforming the Future of Healthcare During COVID-19?
Additionally, 34% Android apps and 28% iOS apps were found to be vulnerable to cryptographic issues that present the most pervasive and serious threats.
The top 5 vulnerabilities in Android mHealth apps:
- Unused permissions: 98%
- Disabled SSL CA validation | certificate pinning: 12% | 68%
- ByteCode obfuscation missing: 78%
- Unprotected export receivers: 78%
- MediaProjection: Android service allows recording of audio, screen activity: 72%
The top 5 vulnerabilities in iOS mHealth apps:
- ZipperDown vulnerability leading to remote code execution attack: 90%
- Sensitive Data NSUserDefaults: 76%
- Sensitive information in property lists: 72%Â
- App transport security: 70%
- Sensitive information in SQLite3 databases: 58%
Source: Intertrust
See Also: 6 Cyber Threats Impacting Healthcare Organizations During Crisis
Data in 60% of Android apps are subject to unsafe access control protocols and is open to attackers as it is stored in Shared Preferences API. This makes them non-compliant to HIPAA 164.312(a)(1)Opens a new window ., “This makes the data easy to extract and exploit. This information should be protected by obfuscation and secure encryption, using technologies like white-box cryptography,†Horne added.
In terms of mHealth applications, most issues were found in health e-commerce apps — 90% had four or more issues per app. Telemedicine/patient engagement apps took the second spot at 86.4%, closely followed by COVIDOpens a new window trackers (84.6%), and medical device apps (81.2%).Â
Here’s a breakdown of issues across healthcare apps:
Issues Per App Type
Source: Intertrust
All apps were analyzed using both static application security testing (SAST) and dynamic application security testing (DAST), based on Open Web Application Security Project (OWASP) guidelines.
Let us know if you liked this news on LinkedInOpens a new window , TwitterOpens a new window , or FacebookOpens a new window . We would love to hear from you!