The deadly combination: healthcare data and mobile apps

It’s a potentially deadly combination: healthcare data and mobile apps.  In fact, one of the world’s largest diagnostics service providers had its security wall breached as a result of a mobile app exposing medical data. So, it has happened.

Reportedly, around 34,000 customers had personal and medical information accessed during the breach. The information included customers’ names, dates of birth, health records and some telephone numbers.

Thankfully, the breach did not include any financial details like bank account numbers, sort codes and NI numbers. But it raises serious doubts over whether the healthcare industry is really secure enough to combine with the mobile app industry. Is it just too risky?

In the big story we know about, the breach came through a mobile application called ‘MyQuest by Care360’. The app allowed users to make doctor’s appointments, access their lab results, and basically view and share all medical and health information in one app. unfortunately, hackers found a way to target the app’s weaker security to gain access.

As with all breaches, companies and authorities always seem to say “we will tighten up our security” after a breach has happened.

However, they need to be more vigilante and have a strong cybersecurity set up in the first place to prevent a breach from happening at all; especially when combining healthcare data and mobile apps. In England and Wales, all persons, companies and authorities need to follow strict rules when it comes to accessing and storing personal information. Under the principles set out in the Act, information must be kept safe and secure from unauthorised third parties accessing it.

The company at the heart of this breach, Quest Diagnostics, has an international reach. They fell short in the two thriving areas that hackers target: medical data and mobile apps. Both can be a risky business when it comes to protecting data, but the law is the law. The U.K.’s Information Commissioner’s Officer (ICO) has the power to investigate serious data breaches under the Data Protection Act and can impose monetary penalty fines of up to £500,000.00.

Data breaches can cause a lot of damage, especially since it is difficult to see how far a leak goes, let alone stop them. Sensitive information such as medical records should always be safely stored as it is very private information. It poses the question: are we ready to live in a world where combining healthcare data and mobile applications can work?

The answer, at least for now, seems to be “no”.