The top online security risks for health insurance clients, and those using mHealth self-service tools, are excessive mobile app permissions, websites hosted by external providers and third-party code libraries, according to a report from security vendor RiskIQ.
Mobile app permissions let developers cull personal data from a user device. The typical mHealth app boasts 11 permissions, and of the company apps surveyed, nearly 50 percent gather location data, nearly 20 percent connect to external storage and almost 15 percent access contact lists.
With regard to websites, 31 percent of health insurance sites are hosted by third-parties, which alters the chain of control and can undermine efforts to enforce standardized security policies, according to the findings.
Health payers' code libraries are often developed by third-parties and used to add functionality and shorten app development times, according to RiskIQ. For example, in Google Play, RiskIQ identified 12 separate libraries used in applications belonging to healthcare companies.
Mobile devices and apps growth brings greater risk to patient data, and in response hospitals and healthcare organizations are implementing a variety of systems and safeguards to ward off hackers and ensure the privacy of patient data.
"My team is constantly looking at 'what are the new threats?' and 'what's going on out there?'" Chris Ewell, chief information security officer at Seattle Children's Hospital, recently told FierceMobileHealthcare. Ewell recommends a proactive and risk-based strategy for enhancing security measures.
Ewell is just one of many security experts focused on the mHealth security challenge. IBM's Dan Pelino, who heads up IBM's business in the healthcare and life sciences industries, has cited security, privacy and data protection as the top challenges facing mHealth technology.
How hospitals handle mHealth security
Consumers must be given control over health data, says privacy advocate
mHealth success hinges on security, workflow adaptability