“Gartner Listed - mobile application security guide”

January 9, 2017

mHealth app at Quest Diagnostic compromises 34,000 records

The mHealth apps developer Quest Diagnostics had a data breach leading to the health records of 34,000 people being breached. The cause of the breach was a vulnerability in the company’s mHealth apps, MyQuest, which is used as a client on web, Android and iOS devices.

According to a statement issued by the company, “On November 26, 2016 an unauthorised third party accessed the MyQuest by Care360 internet application and obtained Protected Health Information (PHI) of approximately 34,000 individuals. The accessed data included name, date of birth, lab results, and in some instances, telephone numbers. The information did not include Social Security numbers, credit card information, insurance or other financial information. There is no indication that individual’s information has been misused in any way.”

Quest Diagnostics said that the customers affected by the breach had been notified and the company is investigating the breach along with taking preventative to stop further breaches. It said, “Quest is taking steps to prevent similar incidents from happening in the future, and is working with a leading cybersecurity firm to assist in investigating and further evaluating the company’s systems. The investigation is ongoing and the unauthorised intrusion has been reported to law enforcement.”

The MyQuest app, formerly known as Gazelle, was released in 2010. When first introduced, it made headlines for putting up lab test results in a mobile app before they even appeared online. A one of its kind mHealth app for patients, it lets them schedule appointments, get lab results, integrate data from wearable sensors and keep a record of their medication timings.

With data breaches like this on the rise in healthcare, mHealth apps need more mobile app security testing and to understand how to become HIPAA compliant when holding critical patient data. When a mobile app is the reason for a data breach on this scale healthcare companies need to focus on their security and privacy otherwise there is a risk of fines and loss of consumers trust.

Codified Security is here to help make your mHealth apps secure and keep you compliant with HIPAA. For mobile app security testing try out Codified Security.