Written by Jan Sismans
Digital therapeutics (DTx) apps have become integral to healthcare, offering innovative solutions that combine behavioral change and drug treatment. As these apps become more popular, the risk of cyberattacks increases, threatening patient data and healthcare services.
The DTx app is essentially a tool to help patients promote self-care and prevent worsening of their condition. However, the information contained within the app makes it an easy target for cybercriminals. For app makers, demonstrating patient care doesn't just start and end with providing the best treatment. This also means protecting patients from harm, including mobile threats.
Why are DTx apps targeted?
Across India, there is evidence that organizations are deploying mobile services to improve patient health outcomes. Notably, startups such as Amaha, Lissun, and Clarity are vying to grab a slice of India's mental health apps market, which is expected to grow at a compound annual growth rate (CAGR) of 15% over the next four years.
While this is an encouraging trend, the ever-evolving threat landscape makes data security a critical concern. Patient data is fully digital, so it's important to protect it. There are many data privacy and data protection regulations around the world that healthcare organizations must comply with regarding protected health information (PHI) and electronic protected health information (ePHI). These regulations are designed to ensure that electronic health records (EHRs) stored in mHealth apps remain confidential and cannot be compromised, altered, or stolen. Regulations such as HIPAA in the US, PIPEDA in Canada, GDPR in the EU, DPA and CLDC in the UK. India released its own version of her in August 2023. Digital Personal Data Protection Act (DPDP).
In addition to protecting data within mHealth and DTx apps, app makers are protecting healthcare professionals from the ubiquitous threat of ransomware, which can prevent them from accessing electronic health records (EHRs) and delay care. You also need to protect your apps.
The takeaway here is that DTx apps are currently at a crossroads. Their security, or lack thereof, not only puts sensitive patient information at risk, but can also put lives at risk.
Navigating the mobile threat landscape
Digital therapy app developers should be aware of and address these five mobile attacks to provide a safe and pleasant experience for patients.
- Theft and loss of electronic medical records
There are three elements to ensuring that sensitive patient data is not compromised, lost, or stolen: (1) Ensure that only authorized users can open the app. (2) encrypt all data within the app, and (3) encrypt the connection between the app and the backend server.
At a minimum, app makers should require patients to enter a username and password every time they open the app. Also, patients should be automatically logged out after a certain period of inactivity. Apps also use biometrics or multi-factor authentication (MFA) to increase access security and protect against attacks that use deep fakes to circumvent biometrics or that can intercept and steal MFA tokens. Must be protected.
The second element of secure data storage is data encryption (data-at-rest encryption). Mobile healthcare and DTx app manufacturers can achieve this by encrypting all data stored in their apps using the AES-256 encryption algorithm. This should include not only patient data in your application sandbox, but also data stored in strings, resources, and in-app settings.
Finally, encrypting all data in transit ensures that patient data being sent and received cannot be intercepted by network-based attacks such as man-in-the-middle. Finally, app makers should use best practices to validate both client-side and server-side digital certificates.
2. Jailbreak and rooting techniques
Malware allows attackers to jailbreak or root your device to gain administrative privileges. Achieving this makes it easy to steal information stored within the application sandbox or SD card, or create vulnerabilities within the operating system. Integrating a jailbreak or rooting detection solution can help app makers stay ahead of these strategies. Additionally, app makers should also include features that prevent attackers from hiding their rooting tools, such as Magisk or Zygist.
3. Spyware, keyloggers and mobile malware targeting patient data in DTx apps
To ensure mobile patient privacy and confidentiality, developers and security professionals must protect patient data and electronic patient health records and information (EHRs) stored locally on devices or mobile apps from unauthorized access or theft. must be prevented. Perhaps the easiest way to do this is to allow only authorized patients to access their records through her mHealth app. It is a powerful mobile malware with proper authentication for mHealth apps and data loss prevention measures such as preventing app overlay attacks, preventing keylogging, preventing copy-paste functionality from apps and encrypting apps. This can be achieved through a combination of defenses. clipboard.
4. Fake version of DTx app
Reverse engineering allows hackers to create a fake version of an app that resembles a legitimate app. These apps are distributed to users and allow attackers to steal personal data, redirect to malicious sites, or trick users into purchasing fake or low-quality products through fake ads. Become.
Healthcare organizations can counter these tactics by implementing app hardening solutions and code obfuscation that make it difficult for attackers to repackage app content. Organizations should also include emulator prevention features that block attempts by attackers to study and imitate app functionality.
5. Prepare for tomorrow's new threats
App makers must remain vigilant and aware of new threats and attacks. MHealth apps are highly attractive to hackers who want to steal sensitive patient information or alter patient data with the intent to cause harm. Hackers and malicious attackers are always looking for new ways to accomplish their goals. Therefore, app makers cannot be satisfied with their apps' existing protections and must have the flexibility to easily upgrade protections as new threats emerge.
The DTx app is an innovative way for healthcare providers to provide care to patients regardless of their location. However, app creators must take great care to ensure that patients are protected from mobile threats. By building recommended defenses into DTx apps, app makers can provide health and peace of mind to patients.
The author is a mobile app security evangelist at Appdome.
follow me twitterFacebook, LinkedIn
