The NHS health apps that leave your data vulnerable to hackers
NHS-APPROVED health apps that store patients’ personal data are vulnerable to hacking, scientists have warned.
A six-month study of almost 80 mobile phone programs that gather information on everything from drinking levels to sexual health revealed many to be a security risk.
Despite being deemed safe by the NHS, almost a third of the apps sent personal information including full names, passwords and dates of birth over the internet, without encrypting it.
In the wrong hands, the details could be used to access the app user’s emails or even their bank account.
Four apps also sent unencrypted health information, which if intercepted might cause ‘embarrassment or distress’.
The Imperial College London researchers said that although the risk of any one user having their data stolen is small, thefts are on the increase and encryption should be a matter of course.
Worryingly, all of the apps studied have been judged safe by the NHS. They are part of the Health Apps Library, a collection of apps vetted for the health information they provide and for their compliance with data protection laws.
Set up in 2013, the online site is part of a drive by the health service to use advances in technology to cut face-to face appointments.
Launching the service, Tim Kelsey, the national director for patients and information, said: ‘Giving people easier access to their NHS and improving outcomes with technology is something we are strongly committed to.
‘People now use phone apps in almost all walks of life and health is no different. There are somewhere in the region of 13,000 apps out there which profess to give various types of medical advice.’
Some allowed patients access to their health records, he said.
The 79 apps studied were available in July 2013. The site today contains apps that offer advice and information on everything from sleep and weight loss to HIV testing and beating depression.
In some cases, the user will log details of how much they have drunk or eaten, in order to help them keep track of or cut back on their intake.
Other apps require the user to enter sensitive information about their sexual or mental health.
Researcher Kit Huckvale said: ‘The point here is that the apps we looked at were specifically badged as being safe from both a clinical and privacy point of view.’
Dr Huckvale said hacking is most likely to occur when the phones are linked to public wifi in cafes, airports and stations. He added: ‘It’s a low risk but it’s a recognised risk and that’s why you use encryption for banking and things like that.’
The research is published in the journal BMC Medicine.
A spokesman for NHS Choices, which runs the health app library website, said: ‘We were made aware of some issues with some of the featured apps and took action to either remove them or contact the developers to insist they were updated.’