The CISA has just issued an ICS Medical Advisory alert on the Qardio Heart Health app for vulnerabilities that may result in exposure of private personal information to a cyber attacker, and that successful exploitation of these vulnerabilities could allow an attacker to obtain sensitive information, cause a denial-of-service condition, or other implications. All of which are bad.
George McGregor, VP, Approov had this to say:
“This recent vulnerability shows once more that mobile apps are the weakest link in the healthcare ecosystem and that it’s not just consumer access to PHI that is the issue.
“Medical practitioner apps are increasingly used from personal devices, outside the security provided by campus networks. In addition, mobile apps have become a key means of access and control for every new medical device.
“This is why the upcoming HIPAA Security Rule (https://www.regulations.gov/document/HHS-OCR-2024-0020-0001) must be updated to explicitly target known mobile app attack surfaces and eliminate the risks to US Healthcare posed by the proliferation of Healthcare apps.”
Given how much we all have become reliant on apps to manage our health in some way, this is not good news. But at least there is some good news coming in the form of the HIPAA rule that is inbound. Hopefully that will make something like this an edge case.
Like this:
Like Loading...
Related
This entry was posted on February 14, 2025 at 12:31 pm and is filed under Commentary with tags CISA. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
CISA issues Medical Advisory on Qardio Heart Health app
The CISA has just issued an ICS Medical Advisory alert on the Qardio Heart Health app for vulnerabilities that may result in exposure of private personal information to a cyber attacker, and that successful exploitation of these vulnerabilities could allow an attacker to obtain sensitive information, cause a denial-of-service condition, or other implications. All of which are bad.
George McGregor, VP, Approov had this to say:
“This recent vulnerability shows once more that mobile apps are the weakest link in the healthcare ecosystem and that it’s not just consumer access to PHI that is the issue.
“Medical practitioner apps are increasingly used from personal devices, outside the security provided by campus networks. In addition, mobile apps have become a key means of access and control for every new medical device.
“This is why the upcoming HIPAA Security Rule (https://www.regulations.gov/document/HHS-OCR-2024-0020-0001) must be updated to explicitly target known mobile app attack surfaces and eliminate the risks to US Healthcare posed by the proliferation of Healthcare apps.”
Given how much we all have become reliant on apps to manage our health in some way, this is not good news. But at least there is some good news coming in the form of the HIPAA rule that is inbound. Hopefully that will make something like this an edge case.
Share this:
Like this:
Related
This entry was posted on February 14, 2025 at 12:31 pm and is filed under Commentary with tags CISA. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.