- Close to 90 percent of healthcare executives surveyed for a recent study feel their organization’s apps are “adequately secure.”
Yet 86 percent of the most popular apps used by healthcare provides aren’t that safe.
The survey comes from Arxan, a global developer of application protection services. For its 2016 State of Application Security report, the company interviewed 318 healthcare individuals with security oversight or insight on mobile apps, broken down to 80 executives and 238 app users, from the US, UK, Germany and Japan.
To compare the app users’ perception with reality, Arxan tested 71 of the most popular mHealth apps from the four countries for security vulnerabilities, drawing upon the top 10 mobile risks identified by the Open Web Application Security Project (OWASP).
The survey found that while 87 percent of executives and 78 percent of users felt their apps were secure, 86 percent of the apps tested were vulnerable to at least two of the 10 OWASP risks, even if those apps had been approved by the FDA or the UK’s National Health Service. Almost all of the apps tested (97 percent) lacked binary code protection and could be reverse-engineered or modified, the survey found, while almost 80 percent had poor transport layer protection and could be used for data or identity theft.
While both executives and users within healthcare felt their apps were secure, they also had some reservations. Three-quarters of the executives and only half the users said “everything is being done to protect my apps,” the survey found, while almost half of the executives and 55 percent of the users felt their apps would “likely be hacked within the next six months.”
The final question in the survey show the divide between the perceived value of app security and the healthcare system’s commitment to better safety measures.
According to the survey, about 80 percent of app users said they’d change providers if the provider’s app was not secure or a similar app was more secure – and more than three-quarters of the healthcare executives surveyed felt their patients would do the same thing. Yet half of all organizations surveyed in 2015 by IBM Security and the Ponemon Institute reported have no budget allocation for protecting mobile apps.
“Mobile apps are often used by organizations to help keep customers ‘sticky,’ yet in the rush to bring new apps to market, organizations tend to overlook critical security measures that are proving crucial to consumer loyalty,” Patrick Kehoe, CMO of Arxan Technologies, said in a press release accompanying the company’s report. “Our research … demonstrates that mobile app security is an important element in customer retention. Baking in robust mobile app security is not only a smart technology investment to keep the bad guys out, but also a smart business investment to help organizations differentiate from the competition and to achieve customer loyalty based on trust.”