Estimated reading time: 2 minutes, 58 seconds

Combating Cybersecurity Risks in mHealth Technology

Cybersecurity for mHealth apps and health IT is a growing concern for patients, providers, and healthcare organizations, especially given the rapid growth in global mobile app usage among the public.

Reports from Arxan Technologies, a provider of application software solutions, and analysts like Gartner technology research have noted the existing and rising threat for app-hacking among both free apps and industry specific apps. That includes healthcare and medical mobile technologies.

Arxan’s third annual State of Mobile App Security report illustrates that 97% of the top 100 paid Android apps and 87% of the top 100 paid Apple iOS apps have been hacked. In addition to hacking of popular and free apps, the 2014 report also revealed evidence of widespread hacking across industries including financial services, healthcare and medical, and retail merchant apps.

In the healthcare/medical category, apps on the iOS platform seemed to be less vulnerable than those on Android: 100% of the iOS apps were indicated as “not hacked” in the report while 90% of Android platform apps in the category were hacked.

Of those apps hacked, 22% were FDA approved. How is the FDA addressing the existing threats and potential risks for hacking among these technologies that store mHealth data?

The FDA, along with other agencies, has been addressing the issues of mobile apps, cybersecurity, and health IT. First, you should understand that the FDA is focusing its oversight on a small subset of mobile apps that are medical devices and present a greater risk to patients if they do not work as intended. While many mobile apps meet the definition of a device, most of these carry minimal risks to patients and consumers.

For these low-risk apps, the FDA is exercising enforcement discretion, meaning the FDA is not requiring manufacturers to submit the device to the FDA for review before they enter the market. Mobile medical apps that undergo FDA review will be evaluated according to the same regulatory standards and risk-based approach that the agency applies to other medical devices.

The FDA is taking steps to strengthen medical device cybersecurity by clarifying expectations for manufacturers to manage cybersecurity risks for medical devices. The regulatory agency recently issued final guidance for manufacturers, recommending that manufacturers reduce the vulnerability of their medical devices to cybersecurity breaches by carefully considering possible cybersecurity risks while designing medical devices, and developing a plan to manage system or software updates.

Additionally, the work being done by the FDA, Office of the National Coordinator for Health IT, and the Federal Communications Commission aims to clarify each agency’s role with respect to health IT. In April 2014, the three agencies released a proposed health IT framework, the primary focus of which is lower-risk health IT products, including those that run on smartphones or tablets, that perform health management health IT functions.

The framework calls for the creation of a public-private Health IT Safety Center to serve as the forum for developing health IT best practices and help the industry continue to create innovative, reliable and safe technologies.

Note: Arxan’s 2014 “State of Mobile App Security” report and supporting Infographic. The findings were based on an analysis of 360 apps, including 100 top paid and the same 20 popular free apps from each platform, as well as apps in the financial services, retail/merchant, and healthcare/medical categories (20 apps per platform).

Growth in Mobile App Downloads - Statista

Karen M. Rider, M.A. is a freelance writer with special interests in wellness, health psychology, healthcare trends, and integrative medicine. Karen provides copywriting and content development for healthcare and wellness practitioners as well as education and public service organizations. 

Read 4592 times
Rate this item
(0 votes)

Visit other PMG Sites:

PMG360 is committed to protecting the privacy of the personal data we collect from our subscribers/agents/customers/exhibitors and sponsors. On May 25th, the European's GDPR policy will be enforced. Nothing is changing about your current settings or how your information is processed, however, we have made a few changes. We have updated our Privacy Policy and Cookie Policy to make it easier for you to understand what information we collect, how and why we collect it.