The rise of mobile health apps in today's 'mobile-centric' world has been nothing short of phenomenal. And since the inception of Google Fit and its iOS competitor, Apple Health, statistics shows that 2016 will witness an unprecedented 142 million downloads of health related apps while the mobile health industry is set to hit the 3 billion dollar mark. These positive numbers have certainly attracted more developers and health related institutions looking to profit from this ‘gold rush’, but many have overlooked the elephant in the room which is the need to ensure data security.
Like the mobile payment industry—which includes PayPal, Google Wallet, etc.—the health industry also deals with sensitive data containing personal information of patients and individuals who make use of mobile health apps. Which bellies the need to first consider the security your app should provide for its users before bringing that million dollar idea to life. Therefore, to help you do just that, here are some timely tips on ensuring security before designing your first mock-up.
4 Ways to Ensure IT Security for a Mobile Health App
Understand the Ecosystem
Even professionals make mistakes as can be seen from the ethical issues Obamacare web administrators had to deal with for hiring ex-convicts with financial crime records in its data entry departments. Therefore, before getting developers to work on your mHealth project, it is recommended you go through the Health Insurance Portability and Accountability Act (HIPAA) requirements for developers to know the guidelines your health app falls under. Another alternative is to hire an expert to act as a consultant before going ahead with your plans.
Once you have understood the mobile health ecosystem, the next step is outlining the type of data sets the app will collect, store or pass through to other systems and the level of security the app needs to integrate to ensure security. For example, if your app collects and shares insensitive data - diet plans, recipes, exercise schedule etc. - a two factor authentication process is enough to keep users secure but if more sensitive information is shared - medical records, financial details etc.- then certain measures must be taken. It is advised that in addition to the two factor authentication process, a timeout feature and SSL/TSA certificates should be integrated to create secure channels for transferring user information.
The first line of defense for both back-end and front-end is encryption. It is important to note that when an app saves data a random master key and initialization vector (IV) are generated. These two factors which hold the keys to either accessing or securing your data via encryption must be protected by integrating encryption algorithms such as Serpent or Blowfish to secure them.
Consider Preventive Measures to Tackle Reverse Engineering
In August 2015, fireeye reported 11 cases of reverse engineering which affected some of today's top social apps and demonstrated that determined hackers would try everything in their arsenal to access your organization's or your patients' sensitive data. Therefore, considering this possibility and integrating measures to counter reverse engineering is the final tip for today. Developers should make use of both encryption and obfuscation techniques to conceal the original code of the app to be developed. Implementing automatic clearing of the app's cached data also secures and contact de-bugging exercises also reduce the risk of reverse engineering by exploiting the app's memory dumps.
As hackers and cyber-frauds keep changing their exploitation techniques, it is not only important to take these tips to heart before building your mobile health app but it's even more important to stay vigilant and keep track of the cutting-edge IT Security solutions as they are invented.