Previous Story
NHS-accredited health apps vulnerable to hacking
Posted On Sep 25 2015
Comment: Off
According to researchers, most of the app that have been clinically-accredited by the British National Health System (NHS) may not have been complying with principles of data protection.
“It was assumed that accredited apps-those that had been badged as trustworthy by organisational programmes such as the UK’s NHS health apps library-would be free of such issues”, said Huckvale. “It doesn’t sit within the expectations of privacy that we have in health”, he said.
The team from Imperial College London and Ecole Polytechnique CNRS, France, reviewed 79 apps that were listed on the “NHS Health Apps Library” in July 2013 and are available on Android and iOS platforms.
The researchers discovered 70 apps transmitted information to online services and 23 of those sent identifying information over the Internet without encryption.
Kit Huckvale, a Ph.D. student at the Imperial College London and co-author of the study, stressed that if these apps were ordinary health apps, they would not have been surprised with these findings.
He said that because medical identity theft is not quickly spotted, as opposed to credit card data theft, attackers can fraudulently issue medical bills or insurance claims.
Apps registered on the service undergo an appraisal process that examines clinical safety and compliance with data protection law and to be listed developers are required to declare any data transmissions and register with the UK’s data watchdog the Information Commissioner’s Office.
The wide selection of health-related apps includes options to help diabetics to calculate their insulin dose, along with apps designed to help people lose weight, give up smoking or cut down on their alcohol consumption. The researchers assessed the apps over a six-month period by inputting fake information, tracking the handling of this data, and examining privacy policies.
The apps that leaked the most data have now been removed from the NHS Health Apps Library.
Four of the apps were also sending information about health and lifestyle – such as bodyweight – without encryption, leaving it vulnerable to hackers.
The study also found 20% failed to have a privacy policy setting out the steps they take to safeguard users’ personal information, although none of the apps were found to transmit information that they promised not to.
The research is published in the open access journal BMC Medicine.
“The study is a signal and an opportunity to address this because the NHS would like to see strategic investment in apps to support people in the future”, he told the BBC. What’s even more worrying is that the apps in the study were all NHS approved.
