Report: Patient info at risk due to rampant API vulnerabilities among major mobile health apps

A recent report revealed significant security vulnerabilities in mobile health apps, including the exposure of users’ sensitive health and identity information. The investigation involved reverse-engineering 30 apps and testing their APIs. The report highlighted issues such as hard-coded API keys and passwords, lack of certificate pinning, and vulnerabilities to attacks. These findings are concerning considering the increasing digitization in healthcare and the growing threat of cyberattacks. The report emphasized the need for stronger security measures to protect patient data in mobile apps.