News Feature | July 13, 2015

Healthcare App Security 'Concerning'

Katie Wike

By Katie Wike, contributing writer

Establishing A Security Policy

According to a Veracode report, the healthcare industry ranked poorly when it comes to securing app software and protecting user data.

A Veracode report reveals the healthcare industry scored poorly in relation to other industries in reducing application security risks with the only industry scoring worse being government. “Given the large amount of sensitive data collected by healthcare organizations, it's concerning that 80 percent of healthcare applications exhibit cryptographic issues such as weak algorithms upon initial assessment,” the report authors wrote in reference to authentication protocols.

According to Fierce Health IT, healthcare was also ranked near the bottom of the pack when it comes to addressing remediation. Only 43 percent of known vulnerabilities are being remediated and the only sector studied that was doing worse was government.

“The data in this report clearly shows that, by addressing the problem systematically and at scale, enterprises can significantly reduce application risk - not by installing more next-generation firewalls, but by remediating application-layer vulnerabilities to reduce enterprise risk,” the report states.

It’s not the first time the healthcare industry has ranked poorly among others for security. Health IT Outcomes reported last summer healthcare ranked last in cyber security in a report from BitSight technologies. Industries were rated from a low score of 250 to the high score of 900. While industries like finance scored well over 750, healthcare only earned a 660 average.

“In our recent assessment of medical devices used in clinics and hospitals around the country, weak encryption, lack of key management, poor authentication and authorization protocols, and insecure communications were all common findings,” Chandu Ketkar, technical manager at Cigital, said in a statement.