Personal Health Information, Mobile Health & Health Apps, Privacy & Security
What are the risks associated with mobile device apps?
An article from the Cybersecurity and Infrastructure Security Agency (CISA)
This is an article from the Cybersecurity and Infrastructure Security Agency (CISA). CISA is the Nation’s risk advisor, working with partners to defend against today’s threats and collaborating to build a more secure and resilient infrastructure for the future. CISA provides extensive cybersecurity and infrastructure security knowledge which can assist people in applying better personal health information risk management.
Provided in the CISA article are recommendations to be followed when considering installing a new Health App and privacy and security considerations for apps that have already been installed on your device.
Here are examples of a couple things to consider before installing a new app:
- Avoid potentially harmful apps (PHAs) – Reduce the risk of downloading PHAs by limiting your download sources to official app stores, such as your device’s manufacturer or operating system app store. Do not download from unknown sources or install untrusted enterprise certificates. Additionally—because malicious apps have been known to slip through the security of even reputable app stores—always read the reviews and research the developer before downloading and installing an app.
- Be savvy with your apps – Before downloading an app, make sure you understand what information the app will access. Read the permissions the app is requesting and determine whether the data it is asking to access is related to the purpose of the app. Read the app’s privacy policy to see if, or how, your data will be shared. Consider foregoing the app if the policy is vague regarding with whom it shares your data or if the permissions request seems excessive.
Use the link below to access the full article on the CISA website
More links
- A link to the original article on the CISA alert website.In support of the CISA’s cybersecurity mission, NCCIC acts a hub for information and expertise. We are a global exchange for cyber and communications information, sharing what we receive back to the cybersecurity community.