Showing posts with label tablets. Show all posts
Showing posts with label tablets. Show all posts

Friday, August 7, 2015

Health IT Cyber Thieves have their own "ENIGMA"` machines

Veterans of World War II will remember the efforts to crack the Japanese encryption used for military communication during WWII.
Enigma was invented by the German engineer Arthur Scherbius at the end of World War I.[1] Early models were used commercially from the early 1920s, and adopted by military and government services of several countries, most notably Nazi Germany before and during World War II.[2] Several different Enigma models were produced, but the German military models are the most commonly recognised.
The mechanical/electrical components of the device were easily duplicated. The secret sauce was in the encryption method. 
German military messages enciphered on the Enigma machine were first broken by the Polish Cipher Bureau, beginning in December 1932. This success was a result of efforts by three Polish cryptologists, Marian Rejewski, Jerzy Różycki and Henryk Zygalski, working for Polish military intelligence. Rejewski reverse-engineered the device, using theoretical mathematics and material supplied by French military intelligence. Subsequently the three mathematicians designed mechanical devices for breaking Enigma ciphers, including the cryptologic bomb. From 1938 onwards, additional complexity was repeatedly added to the Enigma machines, making decryption more difficult and requiring further equipment and personnel—more than the Poles could readily produce.
On 25 July 1939, in Warsaw, the Poles initiated French and British military intelligence representatives into their Enigma-decryption techniques and equipment, including Zygalski sheets and the cryptologic bomb, and promised each delegation a Polish-reconstructed Enigma. The demonstration represented a vital basis for the later British continuation and effort.[3] During the war, British cryptologists decrypted a vast number of messages enciphered on Enigma. The intelligence gleaned from this source, codenamed "Ultra" by the British, was a substantial aid to the Allied war effort.[4]
What does this have to do with health information technology and mobile health in particular?
Ask Google, since they are planning regular weekly updates to the android operating system.

Google's comment regarding the 'stagefright' hack, 
"This vulnerability was identified in a laboratory setting on older Android devices, and as far as we know, no one has been affected. As soon as we were made aware of the vulnerability we took immediate action and sent a fix to our partners to protect users...As part of a regularly scheduled security update, we plan to push further safeguards to Nexus devices starting next week. And, we'll be releasing it in open source when the details are made public by the researcher at BlackHat."  How to see if your Android Device is vulnerable to the Stagefright hack ?
Google's Android Blog  "Nexus devices will continue to receive major updates for at least two years and security patches for the longer of three years from initial availability or 18 months from last sale of the device via the Google Store."
In recent months many breaches have been reported by health insurers. In most instances medical records were not accessed other than an attempt to gather consumer identification and credit information. Identity theft is a major concern.
The moral of the story is that security breaches will be present for a long time. Thieves are inventive.

Tuesday, February 24, 2015

Mobile Health App Scams

The U.S. Food and Drug Administration has released guidelines for mobile health apps, and soon will have enforcement power to eliminate scams such as this one.

Smartphone and tablet users should be wary of mobile health apps whether they are on iOS or Android. The potential marketplace is enormous globally.  Euro regulators will also be surveying offerings from vendors as well.


If you’re worried about melanoma, head to the doctor — not the app store. On Monday, the Federal Trade Commission announced it has cracked down on two companies that charged customers up to $4.99 for apps that claimed to help them detect early signs of melanoma.

You get the idea. According to the FTC, the app makers had no evidence to provide support for their apps’ claims that they could assist consumers detect melanoma, which is a form of skin cancer.
The Mole Detective app first appeared in 2012 and was marketed by a U.S. company while MelApp appeared in 2011 from a U.K. firm. The apps sold from $1.99 to $4.99 in the Apple and Google app stores.
A search of Apple’s app store shows both apps have now disappeared, and a search for “melanoma” turned up no results.
The scheme is so far-fetched that the best way to explain it is through these pictures from the FTC, which show how the apps — named MelApp and Mole Detective — claimed to use smartphone cameras to assess skin conditions:
















FTC to regulate sales of mhealth apps

In an announcement Monday, the FTC states marketers of MelApp and Mole Detective acted deceptively in claiming the apps can detect melanoma symptoms based on photographs a consumer uploads to the app. Two of the four companies involved with the apps have agreed to stop making unsupported and unsubstantiated claims.
"Truth in advertising laws apply in the mobile marketplace," said Jessica Rich, director of the FTC's Bureau of Consumer Protection, in the announcement. "App developers and marketers must have scientific evidence to support any health or disease claims that they make for their apps."

The settlement with New Consumer Solutions prohibits the vendor from claiming an app can detect or diagnose melanoma unless the claim is supported by "competent and reliable scientific evidence in the form of human clinical testing of the device." It prohibits the company from making misleading or unsubstantiated health claims about a product or service, and includes a $3,930 fine. The FTC is pursuing a litigated judgment against non-settling defendants Lasarow and his company.
In regard to MelApp, marketing began online in 2011 by Health Discovery, which sold the app for $1.99. The FTC settlement bars the company from the same stipulations cited for New Consumer Solutions. The settlement prohibits Health Discovery from making any other misleading or unsubstantiated claims about a device's health benefits or efficacy, and includes a fine of $17,963.

The FTC decisions were split votes, with a dissenting vote issued by Commissioner Maureen Ohlhausen in both cases.
For more information:
- read the FTC announcement
- read the commissioners' statement in favor of the decision
- read the dissenting commissioner statement

Potential buyers must be aware of scams in mobile health apps.  General health information apps have no regulatory oversite. However remote monitoring and wearable technology will require  certification by the FDA, FTC and other agencies as yet unknown.

The mhealth industry has to deal with  Blurred Lines during this relatively early period of development.

Before the Federal Trade Commission or Food and Drug Administration tackle another mobile health technology investigation, the two federal agencies--both of which are charged with protecting consumers--need to huddle up in a conference room, lock the door and not come out until they produce a clear map of what they're responsible for when it comes to oversight and regulating such tools.
Why? Because right now it's getting quite difficult to figure out who's keeping on eye on the shallow end of the mobile health technology pool and who's watching the deep end. And anyone who's had a pool or spent time at a public pool know that a lack of supervision at either end can lead to potential disaster.

the FTC describes itself as working "for consumers to prevent fraudulent, deceptive, and unfair business practices and to provide information to help spot, stop, and avoid them." The FDA, for its part, describes its focus as being "responsible for protecting the public health by assuring the safety, efficacy and security of human and veterinary drugs, biological products, medical devices, our nation's food supply, cosmetics, and products that emit radiation."

That may be all well and good, but it really doesn't answer the big question: Is the FTC going to be the one and only lifeguard when it comes to the mHealth technology pool. Additionally, what role, if at all, will the FDA play as more mHealth cases come to light?