mHealth apps do not provide adequate security when sending information

Mobile health (mHealth) applications are becoming an increasingly used avenue for patients and providers to send data, but many apps do not provide proper security when transmitting data, according to a study published in the Journal of Medical Internet Research.

mHealth apps cover a broad range of medical uses from collecting data on sleep to measuring heart rhythms. But the increasing popularity of these apps could be putting patient’s data at risk due to lax security. In this study, researchers examined the security measures in mHealth apps to measure their ability to safely transmit patient data.

Security characteristics pertaining to the transmitting security were used to develop a prototype platform used to test a total of 53 of the most downloaded free apps. Results showed 21 of the apps failed to ensure data security. Additionally, 18 apps leaked private information or were shown to compromise the confidentiality between the app and server, and 17 apps used unprotected connections. Two failed to validate certificates. Many of the apps also allowed analytics or advertising, which further harmed privacy.

“The tests show that many mHealth apps do not apply sufficient transport security measures,” concluded first author Jannis Müthing, BSc, with the University of Applied Sciences and Arts Dortmund in Germany. “The most common security issue was the use of any kind of unprotected connection. Some apps used secure connections only for selected tasks, leaving all other traffic vulnerable.”

""
Cara Livernois, News Writer

Cara joined TriMed Media in 2016 and is currently a Senior Writer for Clinical Innovation & Technology. Originating from Detroit, Michigan, she holds a Bachelors in Health Communications from Grand Valley State University.

Around the web

Compensation for heart specialists continues to climb. What does this say about cardiology as a whole? Could private equity's rising influence bring about change? We spoke to MedAxiom CEO Jerry Blackwell, MD, MBA, a veteran cardiologist himself, to learn more.

The American College of Cardiology has shared its perspective on new CMS payment policies, highlighting revenue concerns while providing key details for cardiologists and other cardiology professionals. 

As debate simmers over how best to regulate AI, experts continue to offer guidance on where to start, how to proceed and what to emphasize. A new resource models its recommendations on what its authors call the “SETO Loop.”