Appthority Reports Security Threat Behind Health Apps & Records

July 4, 2018  Source: MobiHealthNews 262

Appthority, the mobile app security firm revealed that a security threat affecting more than 3,000 mobile apps exposes around 4 million protected health records such as prescription details and sensitive chat messages. These records include 2.6 million plaintext passwords and user IDs, 25 million GPS location records, and 50,000 financial records, and the threat resulted due to back-end servers not being secured, in this particular case, it was a Google Firebase cloud database neglected from being secured. This improper security affects many healthcare organizations across many countries, especially health and fitness apps.

The authors of the report said, “Firebase is one of the most popular backend database technologies for mobile apps but does not secure user data by default, provide third-party encryption tools, or alert developers to insecure data and potential vulnerabilities; To secure data properly, developers need to specifically implement user authentication on all database tables and rows, which rarely happens in practice. Moreover, it takes little effort for attackers to find open Firebase app databases and gain access to millions of private mobile data app records.”

The authors further added, “This is of particular concern because healthcare data is far more valuable to hackers than other types of data; Medical information can be worth ten times more than credit card numbers on the deep web. Fraudsters can use this data to create fake IDs to buy medical equipment or drugs, or combine a patient number with a false provider number and file fictional claims with insurers.”

Appthority has informed Google about this vulnerability with the list of affected apps and database servers. Meanwhile, Appthority recommends enterprises to take the necessary initiatives for recognizing vulnerability and stay aware about exposure resulting from downloaded health apps.

By Ddu
Share: