Mobile health apps leak sensitive data through APIs, report finds

February 24, 2021

The threat to APIs is real as Gartner predicts that by 2022 API attacks will no longer be infrequent but will become the most frequent attack vector for application breaches. (Pinkypills/Getty Images)

“Recovering hacker” Alissa Knight calls personal health information the most valuable data on the dark web. The Knight Ink cybersecurity researcher says, “It's 10 times more the price of a credit card for a single PHI record.”

Knight partnered with mobile security company Approov to hack 30 mobile health apps to highlight the threats they face through application program interfaces (APIs). The findings were published in a recent report, “All That We Let In.”

All of the apps were found to be vulnerable to API attacks, and some allowed access to electronic health records (EHRs). The 30 apps collectively expose 23 million mobile health users to attacks, Knight reported. Of the 30 apps tests, 77% contained hardcoded API keys, of which some do not expire, according to the report, and 7% had hardcoded usernames and passwords.

Ben Denkers, Senior Vice president, Security and Privacy Services at of CynergisTek provided commentary for this piece, focused on a recent report from cybersecurity researcher Alissa Knight and mobile security company Approov, which hacked 30 mobile health apps to highlight the threats they face through APIs. The findings were published in a recent report, “All That We Let In.”

Click here to read the full story.

Previous Article
Workplace violence: Key considerations for healthcare entities
Workplace violence: Key considerations for healthcare entities

Marti Arvin discusses difficulties working in the healthcare industry and additional environmental stressor...

Next Article
Seven Strategies From The Pandemic To Protect Healthcare From Ransomware
Seven Strategies From The Pandemic To Protect Healthcare From Ransomware

Caleb Barlow discusses the rise of ransomware attacks in healthcare and breaks down seven strategies that c...