Why hackers love health apps

Most health apps don't have good privacy or security safeguards.

WASHINGTON—That handy health app on your phone—the one with access to your medical history, your doctor’s name, even your home address—may be vulnerable to hackers. Technology experts discussed the risks at a House hearing July 14 with the Energy and Commerce subcommittee.

The fast growth of information technologies in the health care sector has outpaced the industry’s efforts to safeguard them. A report by IMS Health, a research and service provider for health care professionals, showed that more than 165,000 mobile health (or mHealth) apps were available in 2013. Many of the apps offer access to users’ electronic health records from doctors or hospitals.

Hackers particularly love the kind of medical information stored in health apps because it’s harder to change. A stolen credit card number can be cancelled, but medical histories, and the home addresses and Social Security numbers that often go into medical records—these things are hard to change and can therefore be sold for a higher price on the black market.

Few privacy policies and no regulation

Health apps are popular, but not very private. One-fifth of mobile devices in the United States have a health app installed. A study in the March issue of the Journal of the American Medical Association in March, however, showed that of 271 apps studied, 81 percent did not have privacy policies. Of the 19 percent (41 apps) that did have privacy policies, only four specified that they would seek permission before sharing data with third parties.

The act of selling of data collected by the apps isn’t regulated. Health apps also are not subject to privacy and security regulations in the Health Insurance Portability and Accountability Act (HIPAA).

Nicolas Terry, Indiana University Maurer School of Law Professor and a health care technologies regulation expert, called for Federal regulatory agencies to step in and create patient-information protections for the apps. “The most disruptive mobile health apps are those that are patient-facing,” Terry explained, referring to apps where information is directly available to users. Such a direct app-patient relationship lacks any professional buffer between the user and the information, he said. As a result, traditional regulation of safety, quality, and confidentiality suffer.

“Patient privacy should be well addressed. The selling of this information should be more transparent,” said Diane Johnson, director of the Strategic Regulatory at Johnson & Johnson, a multinational medical products and services provider that offers a number of mHealth apps. Johnson and others stressed that for mHealth app users, it’s a case of buyer beware.

Here's one ray of hope: Data saved in individual devices may be safer than data saved to clouds, said Bettina Experton, president of Humetrix, a health app developer based in Del Mar, California. Users’ information is “highly secure in personal devices,” Experton said. “Your phone can store securely when it’s encrypted. It’s in your hands and under your control.”

Join the PC World newsletter!

Error: Please check your email address.

Tags dataprivacy policiesinfosecappshealthmHealthPrivasechealth appsprivacysecurity in health

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Xuanyan Ouyang

PC World (US online)
Show Comments

Essentials

Lexar® JumpDrive® S57 USB 3.0 flash drive

Learn more >

Microsoft L5V-00027 Sculpt Ergonomic Keyboard Desktop

Learn more >

Mobile

Lexar® JumpDrive® S45 USB 3.0 flash drive 

Learn more >

Exec

HD Pan/Tilt Wi-Fi Camera with Night Vision NC450

Learn more >

Audio-Technica ATH-ANC70 Noise Cancelling Headphones

Learn more >

Lexar® JumpDrive® C20c USB Type-C flash drive 

Learn more >

Lexar® Professional 1800x microSDHC™/microSDXC™ UHS-II cards 

Learn more >

Budget

Back To Business Guide

Click for more ›

Most Popular Reviews

Latest News Articles

Resources

PCW Evaluation Team

Azadeh Williams

HP OfficeJet Pro 8730

A smarter way to print for busy small business owners, combining speedy printing with scanning and copying, making it easier to produce high quality documents and images at a touch of a button.

Andrew Grant

HP OfficeJet Pro 8730

I've had a multifunction printer in the office going on 10 years now. It was a neat bit of kit back in the day -- print, copy, scan, fax -- when printing over WiFi felt a bit like magic. It’s seen better days though and an upgrade’s well overdue. This HP OfficeJet Pro 8730 looks like it ticks all the same boxes: print, copy, scan, and fax. (Really? Does anyone fax anything any more? I guess it's good to know the facility’s there, just in case.) Printing over WiFi is more-or- less standard these days.

Ed Dawson

HP OfficeJet Pro 8730

As a freelance writer who is always on the go, I like my technology to be both efficient and effective so I can do my job well. The HP OfficeJet Pro 8730 Inkjet Printer ticks all the boxes in terms of form factor, performance and user interface.

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?