So should we expect a critical mass of consumers to walk away from organizations because their mobile health apps
do not have the level of security protection they expect? Based on these research findings, perhaps. When put to the
test, the majority of mobile health apps failed security tests and could easily be hacked. Among 71 popular mobile
health apps tested for security vulnerabilities, 86% were shown to have at least two OWASP Mobile Top 10 Risks

Such vulnerabilities could allow the apps to be tampered and reverse-engineered, put sensitive health information in the
wrong hands and, even worse, potentially force critical health apps to malfunction. Surprisingly, US Food and Drug
Administration (FDA)-approved apps and formerly UK National Health Service (NHS)-approved apps were among the
vulnerable mobile health apps tested, indicating that there is more work to be done by governing bodies to better
understand the cybersecurity threats to mobile apps and improve the minimum acceptable security standards or
regulations for mobile app development.

Source: State_of_Application_Security_2016_Healthcare_Report.pdf