Research & TrendsNHS-approved mobile apps fail to encrypt patient data, study finds

NHS-approved mobile apps fail to encrypt patient data, study finds

A large number of mobile applications approved by the NHS have been found to leak data about their users, with some completely failing to encrypt patient information sent over the internet, an Imperial College study has found.

A large number of mobile applications approved by the NHS have been found to leak data about their users, with some completely failing to encrypt patient information sent over the internet, an Imperial College study has found.

The study looked into the adequacy of data protection of software listed in the NHS Health Apps Library.

Launched in March 2013, the Library presents a curated list of apps patients and the public can use. Apps are intended to be suitable for professional recommendation to patients but are also available for general use without clinical support.

 

Failure to encrypt data

The study was carried out over a six month period, during which time 79 apps certified as “clinically safe” and “trustworthy” by the UK NHS Health Apps Library were assessed.

Out of those 79 applications, 89 per cent (70/79) relayed information to online services. None of those 70 apps encrypted the data stored locally.

More concerning, two-thirds of apps (23/35) that sent identifying information over the internet did not encrypt it and 20 per cent (7/35) did not even have a privacy policy.

Eight out of ten apps (38/49) of apps that transmitted information and had a privacy policy did not describe the type of personal information that would be included in those transmissions.

Four apps sent both identifying and health information without encryption.

 

‘Systematic gaps in compliance’

The report said there were “systematic gaps in compliance with data protection principles in accredited health apps” which lead to a bigger question of “whether certification programs relying substantially on developer disclosures can provide a trusted resource for patients and clinicians”.

Two apps that used cloud technology had privacy vulnerabilities classified as ‘critical’. The report warns that such design flaws could be intentionally exploited to extract information about the users.

“As long as these vulnerabilities persist, the privacy of users is in jeopardy,” the report warned.

Related Articles

Seven digital government trends to look out for in 2018

Adult Social Care Seven digital government trends to look out for in 2018

4m Austin Clark
UK falling behind in government digitisation according to report

Data Insight UK falling behind in government digitisation according to report

7m Austin Clark
Desire to deliver better customer service is driving the next phase of digital transformation

Digital Transformation & Change Desire to deliver better customer service is driving the next phase of digital transformation

9m Austin Clark
Could immersive collaboration tools optimise public sector work?

Digital Transformation & Change Could immersive collaboration tools optimise public sector work?

9m Austin Clark
Top 10 strategic technologies for Government

Digital Transformation & Change Top 10 strategic technologies for Government

9m Austin Clark
Digital skills and sharing key to public service transformation, survey finds

Digital Skills Digital skills and sharing key to public service transformation, survey finds

9m Austin Clark
UK public sector faces major DNS threat and rising cost of security breaches, survey finds

Cyber Security UK public sector faces major DNS threat and rising cost of security breaches, survey finds

9m Austin Clark
Five reasons cyberattacks succeed

Cyber Security Five reasons cyberattacks succeed

10m Austin Clark