News
Tracking calories, being reminded to take medication or monitoring your heart rate - with the help of health apps, it is now possible to manage your own health digitally. At the same time, however, there are more and more reports of security gaps and vulnerabilities being discovered. This becomes particularly critical when sensitive data is involved.
As a digital assistant, many people can no longer imagine their everyday life without their smartphone. Be it for navigation, quick searches on the web or using your mobile phone as a personal organiser. A similar trend is also emerging in the health sector, as health apps are becoming increasingly popular. However, there are increasing reports of security vulnerabilities. And many a user will have found themselves wondering whether their own data is really secure in the app.
Experts repeatedly discover security vulnerabilities
Time and again, IT security experts come across vulnerabilities, some of which are serious. In the worst-case scenario, cybercriminals could use these to gain access to sensitive data, such as diagnoses of physical and mental illnesses or medication. The gateways that have been discovered in the past include:
Need for action regarding the security of health apps
This clearly shows that there is still some catching up to do in terms of IT security and data protection in the booming health app market. Strict regulations already apply to digital health applications (DiGA) that can be prescribed by doctors. However, health apps that do not fall under these strict requirements are not currently regulated. This means that it is up to the providers to decide which data protection measures are actually taken and implemented. However, the Technical Guideline TR-03161, which was developed by the German Federal Office for Information Security (BSI), brings trust and transparency to the market.
Strengthening trust with BSI TR-03161
The standard serves as a guideline for developers of healthcare applications to create secure solutions and to consider and implement IT security and data protection from the outset. The main aim of TR-03161 is to protect the confidentiality, integrity and availability of medical data collected by (digital) healthcare applications. The standard contains security requirements for mobile applications (TR-03161-1) as well as for web applications (TR-03161-2) and background systems (TR-03161-3). Aspects such as architecture, cryptographic implementation and network communication are considered.
With the help of TR-03161, manufacturers can put their (digital) healthcare application to the test, uncover potential vulnerabilities and improve the security of their own application in a targeted manner. At the same time, this leads to greater trust on the part of users, who know that their sensitive data is in safe hands. After all, the security vulnerabilities that have come to light so far show that Regular app security checks are not only important, but absolutely necessary in order to adequately protect sensitive data.