Health

First health app store runs into major hurdle: security flaws

Image Credit: Flickr

Happtique is on a mission to build a professional app store for health care. But independent developers spotted security flaws just days after the company authorized its first set of medical apps.

The company has responded to these concerns by suspending its certification registry until further notice.

The flaws were initially spotted by Harold Smith III, chief executive of Monkton Health, who published his findings in a blog post. Smith wrote that he typically reaches out to express his concerns in a private forum. But in this particular case, he felt that Happtique had been slow to respond. “I chose to publicly disclose after waiting eight days in one instance and three in another,” he wrote.

Smith explained that he randomly picked two apps from the 16 apps that Happtique had certified and found that both had issues storing sensitive information as plain text files and one of them wasn’t using HTTPS.

Happtique is attempting to do something very bold in a sector that is riddled with regulation.

The company is taking data security seriously, as its potential customers (primarily hospitals) are concerned that new mobile health apps will put sensitive patient information at risk. 

In an interview, Corey Ackerman, Happtique’s president and chief executive, said the program will remain suspended into the company determines a “responsible course of action.” According to Ackerman, Happtique is currently working with Smith to resolve the flaws. He said that “participating app developers [like Smith] deserve a lot of credit throughout this process.”

“Certification is not a product; it’s an iterative process,” he added. Ackerman believes that feedback from third parties will help the company keep pace with the complexities and rapid advancements of mobile health technology.

We most recently covered Happtique back in September, when the company’s former chief executive Ben Chodor, was called in to Congress to testify about how the Food and Drug Administration (FDA) should regulate health-related applications. In recent months, Happtique has seen some turnover, as it focuses its attention on hospital customers, according to a report in MobiHealthNews.

blog comments powered by Disqus