Late last year the NHS suffered bad press from the discovery of widespread corrupted apps in their now-closed Health app store. However, the technical directors don’t seem to have addressed inherent security flaws, and have recently been found to be approving corrupted apps according to audits carried out by a security provider.According to Norwegian security specialist Promon, the NHS must quickly overcome delays in security improvements if they are to maintain the confidence of their patients.
Tom Lysemose Hansen, founder and CTO of Promon, warned of the ramifications of failing to address the problem: “A leak of private medical records on a large scale is tantamount to a doctor tweeting the medical records of his patients. What could be a serious legal issue should no longer be brushed off by consumers as a ‘beta mode’ operation or the result of technical directors’ short-sightedness.”
Worryingly, all of the NHS-approved apps audited lacked binary protection to prevent the corruption of code, while an overall lack of adequate protection in the transport layer was common among applications. Possible consequences for the consumer come in the form of privacy violations, disguised data collection and the modification of the application code.
The study also highlighted that app executives were largely in the dark when it comes to app security. 84 per cent of IT executives feel their apps are secure, for instance, which is far removed from the truth. Crucially, the report revealed that 76 per cent of health app users indicated they would change providers if they knew the apps they were using were not secure.
Hansen stated: “Evidently app security must be taken more seriously in order to reconcile the different views of the app executives and the consumers, or else they will migrate to another provider. Despite many of the apps boasting privacy policies, the security of users’ data has been plainly compromised. To avoid further damaging claims, the NHS must review and tighten their security policy by introducing self-defending apps.”
Hansen explained, “IT leaders must begin to extend their security remit and ensure that the data held on customers’ devices is just as safe from malware and other threats as the data hosted on their servers. As applications are so often the first port of call for cyber criminals, to approve their security without adequate PEN testing is highly negligent.”
About Promon
Traditional security systems such as antivirus, antispam and antimalware are outdated and no longer able to protect companies and users against security threats and cyber-crime. Promon provides full protection for applications against existing and new malware threats. Promon’s patented method for detecting and blocking security threats against applications enables self-protected apps allowing users risk-free utilisation of a potentially unprotected computer, tablet or mobile telephone. Promon is a global operating company with its head office in Oslo.
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.