NIST issues draft guidance for vetting mobile app security

The National Institute of Standards and Technology has issued a draft guide designed to help organizations test for potential security vulnerabilities in mobile applications.

The draft guide offers several tests organizations, including healthcare providers, can use to identify and address security vulnerabilities in a product before they approve the app.

The guide warns that "individuals may be tracked without their knowledge by way of a calendar app, social media app, wi-fi sensor or other utilities that access a global positioning system."

The guide details the following six key recommendations:

  • Acknowledge and be prepared to address the security and privacy risks of mobile app technologies;
  • Train employees on mobile app security and privacy policies;
  • Vet all mobile apps and all updates to existing mobile apps;
  • Adopt a process for quickly vetting security-related mobile app updates;
  • Notify stakeholders about how vetting processes are designed to reduce risk by identifying and mitigating vulnerabilities, even though that risk cannot be completely nullified; and
  • Submit mobile app vetting results to a software analyst to review the findings within the context of the organization's overall mission, security efforts and risk tolerance.

Interested stakeholders can provide comment on the guide through Sept. 18.

Beth Walsh,

Editor

Editor Beth earned a bachelor’s degree in journalism and master’s in health communication. She has worked in hospital, academic and publishing settings over the past 20 years. Beth joined TriMed in 2005, as editor of CMIO and Clinical Innovation + Technology. When not covering all things related to health IT, she spends time with her husband and three children.

Around the web

The tirzepatide shortage that first began in 2022 has been resolved. Drug companies distributing compounded versions of the popular drug now have two to three more months to distribute their remaining supply.

The 24 members of the House Task Force on AI—12 reps from each party—have posted a 253-page report detailing their bipartisan vision for encouraging innovation while minimizing risks. 

Merck sent Hansoh Pharma, a Chinese biopharmaceutical company, an upfront payment of $112 million to license a new investigational GLP-1 receptor agonist. There could be many more payments to come if certain milestones are met.