Security Fears as NHS Approves Health Apps

Security experts have raised concerns after the NHS revealed it is set to move into the apps and wearables space, allowing approved software to tap medical data.

Some £4 billion has been set aside for the digital initiative, which will also see a new NHS.uk website where patients can book appointments, access medical records and order prescriptions, according to the BBC.

The site will also allow patients see how their local health services are performing in areas like dementia, diabetes, learning disabilities, maternity, cancer and mental health.

It is the prospect of NHS-approved apps linked directly to patients' medical records which has security experts nervous.

Health secretary Jeremy Hunt said the NHS would be releasing a list of said applications by March next year.

“We will also in the next 12 months be having a competition because we think we need better apps than the ones that are available in the market,” he added.

"We don't want to develop them ourselves but we want them to be developed by entrepreneurs who have the specialist knowledge and creativity to do this. These will link into people's medical records."

The move is said to be part of an initiative to cut costs and improve the standard of healthcare services at the under-pressure NHS.

But Paul Farrington, EMEA solution architects manager at Veracode, expressed concern over the plans.

“Creating a truly digital NHS requires both investment in the latest apps and wearables alongside a rigorous security policy to give patients and healthcare professionals complete assurance that their data is secure,” he argued.

“This is a bold initiative from our world class health service and one which will undoubtedly provide more personalized and efficient healthcare to millions, but there are inevitable risks around privacy and security which must be tackled from the outset.”

Hackers will be more than ready to take advantage of any bugs in the approved apps to access personal information which can be sold on the black market, Farrington added.

“That’s why it’s vital that our NHS ensures approved apps for both patients and professionals are thoroughly tested and secure to enable confidence in the service’s digital journey,” he said.

The NHS doesn’t have a great track record when it comes to protecting patient data.

In fact, it was one of the worst performing sectors in terms of the number of data breaches reported to the ICO last year, contributing to 64% of the total figure in the April 2015-March 2016 period, according to a recent FoI request from Huntsman Security.

What’s Hot on Infosecurity Magazine?