Intertrust Technologies released a report showing that of the 100 health apps they studied:
- 71% of tested health apps have at least one high level security vulnerability that can be easily exploited and has the potential for serious damage
- The vast majority of health apps (91%) have mishandled/weak encryption which creates risk of data exposure
- 85% of COVID-tracking apps are not storing data securely
- The majority of health apps contain multiple security issues with data storage, leaving unencrypted data open to being read and edited by hackers and malicious apps
- 83% of the high-level threats discovered could have been mitigated using application protection technologies such as code obfuscation, tampering detection, and white-box cryptography
As consumers seek the convenience of apps to help manage their healthcare, the privacy and security of the data is critical. However, many apps have holes in security and may even knowingly share patient data with third parties. According to a report in the Wall Street Journal, some app makers use App Events to share data with Facebook. The social network then uses the data to target ads. None of the apps appear to get user permission to share this private data with Facebook.
The women’s health app Flo recently settled a complaint with the Federal Trade Commission that they shared user information after promising that the data would remain private. Under the terms of the settlement, Flo is prohibited from misrepresenting the purposes for which it collects, maintains, uses, or discloses data and personal information and it must notify affected users about the disclosure of their personal information and instruct any third party that received users’ health information to destroy that data.
The New York Times reports that the American Medical Association, the American Hospital Association and other groups are pressing for federal regulations to protect patient privacy. According to these organizations, without federal restrictions in place, health apps would be free to share or sell sensitive patient data. And the spread of personal medical information could lead to higher insurance rates or job discrimination for affected users.
“Patients simply may not realize that their genetic, reproductive health, substance abuse disorder, mental health information can be used in ways that could ultimately limit their access to health insurance, life insurance or even be disclosed to their employers,” said Dr. Jesse M. Ehrenfeld, an anesthesiologist who is the chair of the American Medical Association’s board. “Patient privacy can’t be retrieved once it’s lost.”
The Federal Trade Commission recommends that consumers take the following advice to protect their data when using health apps:
- Compare options on privacy and choose the app that offers the level of privacy that you prefer.
- Take control of your information by choosing the app settings that best protect your privacy and keeping your app up to date.
Know the risks. Are the services you get from the app worth the possibility of your data ending up in the wrong hands?
