Skip to main content

Many healthcare apps have serious security flaws

healthcare
(Image credit: Image Credit: Photo_Concepts / iStock)

Ever since the start of the pandemic, healthcare organizations have suffered a barrage of cyberattacks designed to capitalize on the strain the industry has been placed under.

Both cybercriminals and nation-state actors have targeted the sector, with the goal of extorting healthcare firms for financial gain, but also stealing vital patient data relating to Covid-19 vaccine research.

In most cases, they sent out emails that contained malware or phishing links. However, a new report from application security firm Veracode suggests that many healthcare apps (opens in new tab) also have a range of bugs that could be exploited by hackers.

Analyzing 130,000 apps for the report, Veracode found that three quarters contain at least one flaw. Of that number, a quarter (26 percent) suffer from high-severity flaws that could allow for remote code execution or result in data theft or financial losses.

The company also said it believes the number and sophistication of the attacks is likely to increase. This is partly due to the fact that healthcare (opens in new tab)organizations hold an increasingly large amount of valuable patient data, as well as data related to the creation and distribution of the Covid-19 vaccine.

App developers are urged to regularly update their apps and patch up potential security holes and vulnerabilities. Some apps, a separate report from app assessment firm Orcha has shown, haven’t been updated for as long as two years.

Sead Fadilpašić is a freelance tech writer and journalist with more than 17 years experience writing technology-focussed news, blogs, whitepapers, reviews, and ebooks. And his work has featured in online media outlets from all over the world, including Al Jazeera Balkans (where he was a Multimedia Journalist), Crypto News, TechRadar Pro, and IT Pro Portal, where he has written news and features for over five years. Sead's experience also includes writing for inbound marketing, where he creates technology-based content for clients from London to Singapore. Sead is a HubSpot-certified content creator.