Most healthcare apps have weak security, report finds
A recent assessment of some of the most popular mobile healthcare apps has revealed serious security vulnerabilities across the board. Among them are Covid-tracking apps, of which 85 per cent were found to leak data.
Software firm Intertrust Technologies analysed 100 apps using testing based on the Open Web Application Security Project mobile app security guidelines.
Among the categories evaluated, telemedicine apps as well as health commerce apps were the most vulnerable when it came to high level security issues, a concern given the increased reliance on telemedicine since the pandemic began.
The assessment found that 71 per cent of tested medical apps have at least one high level security vulnerability - defined as high because it can be readily exploited and has the potential for significant damage or loss.
Weak encryption was found in 91 per cent of the apps, putting them at risk of data exposure and intellectual property theft. Data storage is also an issue, with 60 per cent of tested Android apps storing information in SharedPreferences, which leaves unencrypted data readily readable and editable by attackers and malicious apps.
So why are vulnerability issues so common? Bill Horne, VP and GM of Intertrust Secure Systems, tells us it's simply to do with the way the apps are designed. "Much of it has to do with the way the app stores and handles sensitive data. It is important that security best practices be employed during the application design phase. For example, 91 per cent of apps tested had mishandled or weak encryption. But even once the app is past the design phase, many of these issues can be fixed by the developers and security engineers, it’s a matter of time and tools."
A major worry is the discovery that most of the Covid tracking apps tested are not storing people's data safely, at a time when populations are being encouraged to use the tool. "This not something new" Horne says. "A security flaw in Qatar’s contact tracing app potentially exposed the sensitive data of more than one million users, while the Indian government’s contact tracing app initially leaked location data, and the UK’s NHS had to abandon its contact tracing app due to multiple security issues discovered during its trial run. Misconfigured databases, poor encryption, insecure data storage and access are a few reasons why this sensitive data is relatively easy to extract."
For the user, the consequences can be very serious depending on the type of information hackers can get hold of. "Healthcare records and personal information are being sold on the black market for as much as $1000 per record - this is an enormous motivation. For organizations, the consequences are regulatory violations and fines, service disruption, and IP theft. On the consumer end, this means lack of privacy, possible identity theft, even threats to their personal safety if location data is stolen, or if connected device apps are tampered with or data altered."
While it may not be possible for an app to ever be 100 per cent secure, layers of protection can be added that make it too difficult for hackers to access data. "There are numerous security solutions that can help strengthen apps, but everything begins with the internal priorities and approach of organisations" Horne says. "Most organisations still take a very reactive approach towards security. They need to be more proactive. A strong security policy for software development ensures that security best practices are employed from the beginning."
"Additionally, there are products like application protection that protect source code, white-box cryptography solutions that strengthen and protect cryptographic keys, data protection solutions and network security solutions, that when combined, create multiple levels of security to make it really difficult for a hacker to break in."
Skin Analytics wins NHSX award for AI skin cancer tool
An artificial intelligence-driven tool that identifies skin cancers has received an award from NHSX, the NHS England and Department of Health and Social Care's initiative to bring technology into the UK's national health system.
NHSX has granted the Artificial Intelligence in Health and Care Award to DERM, an AI solution that can identify 11 types of skin lesion.
Developed by Skin Analytics, DERM analyses images of skin lesions using algorithms. Within primary care, Skin Analytics will be used as an additional tool to help doctors with their decision making.
In secondary care, it enables AI telehealth hubs to support dermatologists with triage, directing patients to the right next step. This will help speed up diagnosis, and patients with benign skin lesions can be identified earlier, redirecting them away from dermatology departments that are at full capacity due to the COVID-19 backlog.
Cancer Research has called the impact of the pandemic on cancer services "devastating", with a 42% drop in the number of people starting cancer treatment after screening.
DERM is already in use at University Hospitals Birmingham and Mid and South Essex Health & Care Partnership, where it has led to a significant reduction in unnecessary referrals to hospital.
Now NHSX have granted it the Phase 4 AI in Health and Care Award, making DERM available to clinicians across the country. Overall this award makes £140 million available over four years to accelerate the use of artificial intelligence technologies which meet the aims of the NHS Long Term Plan.
Dr Lucy Thomas, Consultant Dermatologist at Chelsea & Westminster Hospital, said: “Skin Analytics’ receipt of this award is great news for the NHS and dermatology departments. It will allow us to gather real-world data to demonstrate the benefits of AI on patient pathways and workforce challenges.
"Like many services, dermatology has severe backlogs due to the COVID-19 pandemic. This award couldn't have come at a better time to aid recovery and give us more time with the patients most in need of our help.”