Tankard warns of new NHS app

1 min read Cybersecurity
This week the government has announced its plans for a free NHS mobile app in order to make accessing health services quicker and easier.

Patients will be able to have remote access to their medical records, make appointments with their GP and order repeat prescriptions.

“The idea of being able to access our records digitally and, to bypass the annoying need to ‘sit on the phone’ for ages trying to make an appointment at your doctors surgery, is fantastic”, says Colin Tankard, Managing Director of data security company, Digital Pathways.

However, as with all things, there are significant threats when it comes to keeping access to information on our phones, safe.

“As always”, says Tankard, “passwords will be a weakness in the process. Text message authentication, widely used by HMRC, would be one way to ensure a level of security.

“The protection of an app on a phone is really only as good as the phones access control. Without secondary authentication it will be vulnerable.

“Using this second tier of access would mean the user needing to log in. Because we are so used to easy access apps, it may be a stumbling block to its introduction.

“I’m afraid, it is a case of security being compromised in preference of ease of use.”

Tankard also cites the use of unauthorised, look alike apps, as another area of concern. These, spoof users into downloading them, in order to gain access to personal data.

“Within AppStore, the problem is not so acute, as Apple closely controls the quality of applications. By default, Apple do not allow any application to have access to the core code of the phone,” adds Tankard.

“This is not the case with Android, as its code is open and access to core files is positively encouraged. Furthermore, the controls in place within the PlayStore are not as robust, so rogue apps can slip through.

“The last time NHS England talked about centralising patient records, there were many concerns expressed, and recently, it has been widely reported in the Press of the sharing of 150,000 patient records, ignoring consent checks.

“Inevitably, this time will be no different”.