Publishing Healthcare App Guidance for Developers

By   ISBuzz Team
Writer , Information Security Buzz | May 31, 2015 06:00 pm PST

You may be aware that the British Standards Institution has now published a set of standards to support developers creating health and wellness apps. These standards outline a set of principles which app developers should follow in order to make sure that their products and services can be trusted by healthcare professionals and the public. This code of practice for developing health and wellness apps for potential use in the NHS was developed with the support of the government’s technology organisation Innovate UK.

Increased technology uptake in the healthcare sector provides the potential to improve quality of life for millions but is also expanding the current attack surface. The health sector is opening itself up as a target to hackers, particularly as the value and volume of stolen healthcare data on the black market is increasing.

Comment from Raj Samani, CTO EMEA, Intel Security on the security vulnerabilities involved in the increasing use of apps in the healthcare industry and the role played by the British Standards Institution’s launch of guidelines for app developers.

Fully utilising technology within the healthcare sector has the potential to revolutionise the industry – saving both money and lives through innovative new digitally-connected devices. However there is a very real security concern surrounding such developments. We’ve witnessed various examples of security vulnerabilities, such as app developers transmitting unencrypted health-related user data across international borders. The British Standards Institution’s launch of guidelines for developers is an important first step, but beyond ensuring these companies make users aware of the security risks involved with their devices, we’re still a long way off making sure sensitive health-related data is kept secure.

By Raj Samani, CTO EMEA, Intel Security

Raj SamaniBio: Raj is currently working as the VP, Chief Technical Officer for McAfee EMEA, having previously worked as the Chief Information Security Officer for a large public sector organisation in the UK.

He volunteers as the Cloud Security Alliance Chief Innovation Officer, and Special Advisor for the European CyberCrime Centre, and is on the advisory councils for Infosecurity Europe, and Infosecurity Magazine.  In addition, Raj was previously the VP for Communications in the ISSA UK Chapter, having presided over the award for Chapter communications programme of the year 2008, and 2009, and was inducted into the Infosecurity Europe Hall of Fame 2012.