Risk-free Healthcare Mobility: Understand mobile risks, enhance security, and master it

Healthcare providers, healthcare delivery organizations (HDO) and healthcare professionals (HCP) increasingly use mobile applications (“apps”). Mobile apps empower them to effectively optimize communication among patients, healthcare providers and their care givers. They also deliver better outcomes: Allow the monitoring of patient’s conditions around the clock, the personalization of their healthcare and improve the accuracy of diagnostics and treatments. Furthermore, organizations using apps are incentivized with lower costs in workflow management.
Providers leverage mobile apps to achieve those goals, but ultimately, they are also fully responsible to manage access to vital healthcare data without compromising data security.

38% already suffered a mobile security compromise

According to Verizon’s Mobile Security Index (MSI) 2020 report, mobile security compromises are at an all-time high now in the healthcare industry. 38% of those surveyed suffered a mobile security compromise. That is a staggering year-over-year increase of 52% (MSI 2019: “only” 25% were compromised)!

The same study also says that healthcare organizations are worried:

  • 88% said that they are concerned that the highly confidential nature of patient data makes them a target for cybercriminals.
  • 85% said they feared that a security compromise could seriously compromise patient care.

Indeed, that fear of personal or medical data being compromised is not unfounded. The Verizon’s Data Breach Investigations Report 2020 states that in case of an attack

  • 77% of personal data and
  • 67% of medical data

are compromised.

Your call for action:
Understand mobile risks, enhance security, and master healthcare mobility

At Build38 we believe that in a changing digital landscape, app security is not a luxury. It is a necessity. Your developers should focus on what they are best at: delivering business value and world-class Healthcare apps, while Build38 provides mobile app security. Build38’s Trusted Application Kit (T.A.K) is a highly secure, holistic and easy to integrate mobile app security framework.

It all starts with better understanding your mobile risks. Get to know where you stand today. Strengthen your policies and compliance posture. Explore your options and get the right solution.

Contact us! Simply write us an email info@build38.com or visit our website www.build38.com.


Build38 und Pryv Partnerschaft, um mobile Sicherheit und Datenschutz für digitale Gesundheitsanwendungen zu vereinfachen

Lausanne/Schweiz, München/Deutschland, 5. Mai, 2020 - Der in der Schweiz führende Anbieter von Software für den Schutz der Privatsphäre und die Verwaltung persönlicher Daten, Pryv SA, und Build38 GmbH, globaler Anbieter von Lösungen zum Schutz mobiler Anwendungen, kündigten eine strategische Zusammenarbeit an, um der wachsenden Nachfrage nach Sicherheit und Einhaltung der Datenschutzbestimmungen für die digitale Gesundheits- und Versicherungsbranche gerecht zu werden.

Sicherheit mit App-Hardening und Privacy-by-Design-Backend haben für Anbieter im Bereich Digital Health höchste Priorität.

Betrug, Verletzung der Privatsphäre, Cyberattacken, unbefugte Datenerfassung, gesetzwidrige Verarbeitung und Hacking von verbundenen medizinischen Geräten und mobilen Anwendungen sind nur einige der Bedrohungen, die sich aus der Digitalisierung des Gesundheitswesens ergeben. Ein Hack, der für Einzelpersonen katastrophal enden kann, ist aber ebenso bedrohlich für Unternehmen, die mit Bußgeldern und Rufschädigung rechnen müssen. Bedrohungen können minimiert werden, wenn von Anfang an angemessene Datenschutz- und Sicherheitsmaßnahmen getroffen werden. Der Schutz digitaler Kanäle ist auf vielen Ebenen von unschätzbarem Wert, rettet Leben und verhindert erhebliche finanzielle Verluste.

"Smartphones und Tablets sind in unserem Privat- und Arbeitsleben unverzichtbarer Begleiter und somit auch ein wertvolles Ziel für Angreifer", so Dr. Christian Schlaeger, CEO von Build38. "Die Flexibilität mobiler Geräte wird auch im mobilen Gesundheitsbereich die Akzeptanz von Apps weiter vorantreiben, noch mehr mit der gerade verabschiedeten DiGA-Initiative der deutschen Bundesregierung. Build38 und Pryv versetzen Unternehmen in die Lage, die Produktivitätsvorteile mobiler Geräte zu nutzen und gleichzeitig die Risiken für die Sicherheit und den Schutz der Privatsphäre zu minimieren“.

"Die Entwicklung der Datenschutz- und Sicherheitsebenen für die digitale Gesundheitsanwendungen ist eine äußerst anspruchsvolle Aufgabe, die jedoch unerlässlich ist, um das Vertrauen der Nutzer zu gewinnen und die Einhaltung der Vorschriften zu erreichen", sagte Pierre-Mikael Legris, CEO von Pryv. Sie bietet Innovatoren im Bereich der digitalen Gesundheit eine rigoros getestete Standardlösung, die es ihnen ermöglicht, einfach und schnell vertrauenswürdige und skalierbare Produkte zu entwickeln", sagte Pierre-Mikael Legris, CEO von Pryv.

Das Angebot von Pryv und Build38 fördert die Einhaltung der strengen bestehenden und auch künftigen Datenschutz- und Cybersicherheitsbestimmungen. Entwicklungsteams benötigen damit keine speziellen Sicherheitskenntnisse oder Datenschutzexpertise. Somit können Unternehmen sich auf ihre Kernkompetenz konzentrieren, während sie Sicherheits- und Datenschutzbestimmungen einhalten, die Markteinführung beschleunigen und das Engagement der Benutzer durch Vertrauen und Transparenz fördern.

 

Über Build38:

Build38 ist ein globaler Anbieter von Lösungen zum Schutz mobiler Anwendungen. Sein Trusted Application Kit (T.A.K.-Lösung) kombiniert KI-Plattform und stärkstes App-Shielding für Anwendungen, welches mobile B2B- und B2C-Kanäle vor Betrug schützt und die Einhaltung von Vorschriften erleichtert. Es ermöglicht ebenso neue Anwendungsfälle wie auch neue digitale Geschäftsmodelle. Build38 schützt Anwendungen in verschiedenen Branchen, darunter Automobil, Finanzen, öffentlicher Verkehr und Gesundheitswesen. Build38 hat seinen Hauptsitz in München und unterhält Niederlassungen in Barcelona und Singapur.

Kontakt:
Torsten Leibner
Head of Product Management and Technology & Co-Founder
torsten.leibner@build38.com
T: +49 170 9389064
www.build38.com

 

Über Pryv SA:

Pryv macht die Verarbeitung persönlicher Gesundheitsdaten so sicher und vertrauenswürdig wie Online-Banking.

Pryv.io ist ein solides Fundament, auf dem Sie Ihre eigene digitale Gesundheitslösung aufbauen, damit Sie persönliche Daten erfassen, speichern, weitergeben und rechtmäßig nutzen können. Es wird mit "must-have consent"- und Auditing-Werkzeugen geliefert, um die Einhaltung bestehender und künftiger Vorschriften zu gewährleisten. Die Software wurde für eine schnelle Integration entwickelt, so dass Sie die Daten Ihrer Benutzer vom ersten Tag an richtig verwalten können. Sie wird mit einer schlüsselfertigen IoT-Konnektivität, einem sicheren Speichertresor, einem feingranularen Zustimmungsmanagement und umfassenden Prüfungsfunktionen geliefert, die das IT-Risiko und die Entwicklungskosten radikal senken und die Zeit bis zum Nutzen verkürzen, während gleichzeitig strengste Datenschutzanforderungen (GDPR) erfüllt werden.

Kontakt:
Evelina Georgieva
Co-founder & CBDO
evelina@pryv.com
+41788767016
www.pryv.com


Build38 and Pryv Team Up to Simplify Mobile Security and Privacy for Digital Health Companies

Lausanne/Switzerland, Munich/Germany 5 May, 2020 – The Swiss leading provider of privacy and personal data management software, Pryv SA, and Build38 GmbH, the global provider of mobile application protection solutions, announced a strategic collaboration to address the growing demand for security and privacy compliance for the Digital Health and InsurTech Industry.

Security with app hardening and privacy-by-design backend are a top priority for Digital Health Providers

Fraud, privacy violations, cyberattacks, unauthorized data collection, outlaw processing, and hacking of connected medical devices and mobile applications are just a few of the threats arising from the digitalization of the healthcare industry. A hack, that can be disastrous for individuals, is just as harmful for businesses, who will face regulatory fines and damage to their reputation. Such threats can be minimized by implementing adequate privacy and security measures right from the very start. Protecting digital channels is invaluable on many levels, saves lives and prevents significant financial losses.

“Smartphones and tablets are the primary access point for both our personal and work life, and a valuable target for attackers,” said Dr. Christian Schlaeger, Build38 CEO. “Business agility provided by mobile devices will continue to drive adoption in the mobile health sector, even more now with the announced DiGA initiative of the German government. Build38 and Pryv empower businesses to embrace the productivity benefits of mobile devices while addressing the security and privacy risks.”

“Developing the privacy and security layers of Digital Health applications is a highly demanding task, yet essential to gain users trust and achieve compliance.” said Pierre-Mikael Legris, CEO at Pryv “This partnership is a game changer for digital health innovation. It provides digital health innovators with a rigorously tested off-the-shelf solution, allowing them to easily and rapidly develop trustworthy and scalable products.”

 The offering by Pryv and Build38 foster compliance with the most stringent existing and forthcoming data protection and cybersecurity regulations. No dedicated security knowledge or privacy-expertise is required by development teams. Companies can focus on their core competency, while de-risking security and privacy compliance, winning time-to-market and fostering user-engagement through trust and transparency.

 

About Build38:

Build38 is a global provider of mobile application protection solutions. Its Trusted Application Kit (T.A.K) solution combines AI-platform and strongest app shielding technology which protects B2B and B2C mobile channels from fraud and reduces your compliance risk exposure. It also enables new use cases and opens the market for new digital business models. Build38 protects applications across various industries including automotive, financial, public transport and health care. Build38 is headquartered in Munich with global offices in Barcelona and Singapore.

Contact:
Torsten Leibner
Head of Product Management and Technology & Co-Founder
torsten.leibner@build38.com
T: +49 170 9389064
www.build38.com

 

About Pryv SA:

Pryv makes health personal data processing as secure and trustworthy as online banking.

Pryv.io is a solid foundation on which you build your own digital health solution, so you can collect, store, share and rightfully use personal data. It comes with must-have consent and auditing tools to keep you compliant with existing and forthcoming regulations. The software has been developed to accommodate rapid integration, allowing you to properly manage your users’ data from day one. It comes with turnkey IoT connectivity, a secure storage vault, fine-grained consent management, and comprehensive auditing capability that radically cut IT risk, development costs and accelerate time-to-benefit while addressing the GDPR and the most stringent data protection requirements.

Contact:
Evelina Georgieva
Co-founder & CBDO
evelina@pryv.com
+41788767016
www.pryv.com


“Digitale Gesundheitsapps (DiGA)“ – Apps auf Rezept vom Arzt
DiGA stellt App-Sicherheit in den Vordergrund

Bereits heute nutzen viele Patienten sogenannte „Gesundheit-Apps“, die beispielsweise dabei helfen, Arzneimittel regelmäßig einzunehmen, Blutzucker- oder Bluthochdruckwerte zu dokumentieren. Seit November 2019 ist bekannt, dass es diese Apps demnächst auf Rezept gibt. Das heißt auch, dass damit ca. 73 Millionen Versicherte in der gesetzlichen Krankenversicherung einen Anspruch auf eine Versorgung mit DiGA haben, die von Ärzten und Psychotherapeuten verordnet werden können und durch die Krankenkasse erstattet werden.

Rechtlicher Hintergrund

Mit dem Beschluss des „Gesetz für eine bessere Versorgung durch Digitalisierung und Innovation“ (Digitale-Versorgung-Gesetz – DVG) am 7. November 2019 ist die Digital Gesundheitsapp auf Rezept der Realität deutlich nähergekommen.
Ferner hat das Bundesgesundheitsministerium am 8. April 2020 die zum Gesetz passende „Digitale-Gesundheitsanwendungen-Verordnung (DiGAV)“ verabschiedet (veröffentlicht im Bundesanzeiger am 20.04.2020). Parallel dazu hat das Bundesinstitut für Arzneimittel und Medizinprodukte (BfArM) die DiGA-Leitlinie („Das Fast-Track-Verfahren für digitale Gesundheitsanwendungen (DiGA) nach § 139e SGB V“) zur Diskussion veröffentlicht. Die DiGA-Leitlinie beschreibt im Detail, welche Anforderungen an die digitale Gesundheitsapp (DiGA) gestellt werden. Bereits am 5. Mai 2020 soll der Leitfaden in einer finalen Version bereitgestellt werden.

DiGA ist ein Medizinprodukt

Auch für die DiGA gelten, wie für andere Medizinprodukte auch, Vorschriften. Die wichtigsten Anforderungen und Eigenschaften an DiGA (ein Medizinprodukt) sind hierbei:

  • DiGA ist ein Medizinprodukt der Klasse I oder IIa (gemäß MDR, bzw. MDD) sein.
  • Die Hauptfunktion der DiGA beruht auf digitalen Technologien.
  • Der medizinische Zweck wird wesentlich durch die digitale Hauptfunktion erreicht.
  • Die DiGA unterstützt die Erkennung, Überwachung, Behandlung oder Linderung von Krankheiten oder die Erkennung, Behandlung, Linderung oder Kompensierung von Verletzungen oder Behinderungen. Der Hersteller hat positive Versorgungseigenschaften nachzuweisen.
  • Die DiGA wird vom Patienten oder von Leistungserbringer und Patient gemeinsam genutzt.
  • Die DiGA darf erst nach einem erfolgreichen Antrag beim BfArM auf Rezept ausgestellt werden.

Technische Anforderungen an DiGA

Allein die Einstufung der DiGA als Medizinprodukt macht es erforderlich, dass laut MDR (Anhang I, 17.2) explizit eine „State-of-the-art“ Software-Entwicklung zu erfolgen hat, auch in Bezug auf die IT-Sicherheit.

DiGAV (Anlage 1) als auch DiGA vertiefen diese Anforderungen und beschreiben (teilweise sehr detailliert) technische Anforderungen, wie eine Digital Gesundheitsanwendung zu entwickeln ist. Die Themenbreite reicht dabei vom Datenschutz (DS-GVO; BDSG) über BSI Standards zum IT-Grundschutz (Managementsysteme für Informationssicherheit (ISMS), IT-Grundschutz-Methodik, Risikomanagement) bis hin vom BSI veröffentlichten Technischen Richtlinien (Kryptografie, Identitäten). Eine weitere Verschärfung zum 1.1.2022 ist bereits heute vorgesehen, und damit werden auch DiGA App-Anbieter immer mehr gezwungen sein, bei der Entwicklung das Augenmerk auf starke App-Sicherheit zu haben und auf einen verlässlichen Sicherheits-Partner zurückgreifen zu können.

Build38 und DiGA

Die App erhält gleichzeitig die geforderte Härtung. Unsere Produkte werden permanent den neuesten Sicherheitserkenntnissen und Anforderungen angepasst, so dass auch DiGA Anbieter jederzeit die erforderliche Sicherheit garantieren können.
Auch bei der Erfüllung der Zusatzanforderungen für digitale Gesundheitsanwendungen mit hohem Schutzbedarf können wir weiterhelfen: Wir haben bereits mit verschiedenen Kunden Penetrationstests erfolgreich zusammen durchgeführt.

Haben wir Ihr Interesse geweckt? Schreiben Sie uns unter info@build38.com oder besuchen Sie uns www.build38.com.


The Need for Secure eHealth Apps

eHealth apps – your daily companion

In the healthcare sector, too, the range of apps has risen rapidly in recent years. Effectively, they have become everyday companions at work and at home. Already in 2017 roughly 325,000 mobile health apps were counted in app stores, and in 2018 a whopping 400 million of those apps have been downloaded. All those apps measure our fitness, give health tips, analyze physiological data, measure vital signs or calculate the dosage of medications.

More users come along with higher risk of data breaches and higher attractiveness for fraud

Connected health devices and wearables, such as glucometers and cardiac monitors, also collect a treasure trove of data from millions of people every day. Unfortunately, they are often unsecured and open to hacking, potentially exposing patients to adverse effects on their health. Healthccare providers and insurers must expect considerable legal, financial and operational consequences. Health insurance companies are modernizing their approach, providing digital access to insurance cards and medical records. The data breach risks associated with these are, of course, a major concern that needs to be addressed from the outset.

All companies in the fields of medicine and health insurance are faced with the challenge of providing top medical services. Digital services for patients are now being added, which on the one hand must comply with the strictest security and data protection regulations and be resistant to cyber attacks, which can be both costly to mitigate and dangerous for patients. The stakes are higher here than in almost any other field – it really is a matter of life and death in some cases.

Threats to your digitization efforts

The main threats arising from the digitalization of the healthcare industry are fraud, privacy and HIPPA (USA)/GDPR (EU) violations, ransomware and cyberattacks, unauthorized data collection, and hacking of connected medical devices and mobile phone applications. The only way to combat such threats is by implementing adequate security measures right from the very start. In particular, in app development, this means incorporating security measures during the develophment phase and not retrofitting security at the end.

Medical and health insurance professionals can meet this challenge by making online security a priority. Investing the time and resources required to protecting digital channels could prove invaluable on many levels, saving lives and preventing significant financial losses in the future. Since most health information is being digitalized for optimal mobile use, app security is at the forefront of this. Online security depends on being able to verify the identity of the patient and making sure that they are the only ones who are accessing their health information.

Call for action: Protect your eHealth app from growing risks and threats

It is Build38’s strong believe that in a changing digital landscape, app security isn’t a luxury. It is a necessity. Your developers should focus on what they are best at: delivering business value and world-class eHealth apps, while Build38 provides mobile app security. Build38’s Trusted Application Kit is a highly secure, holistic and easy to integrate mobile app security framework.

For the eHealth field, all this means that app users and service providers can rest easy in the knowledge that their highly sensitive data is safe. Patients can use the available digital services in comfort and ease, while medical professionals and insurers can be confident that the risks commonly associated with such services, such as fraud and cloning, are prevented.

In detail: how we can help

Build38’s approach to mobile app security is based on a unique triple-protection approach for compromise detection and continuous hardening: ensuring the integrity of device, app and security.
The SDK and cloud can detect changes to the device’ secure execution environment, and in case of compromise or an ongoing attack, it can render its own function useless immediately. At the same time the app is secured by various In-App protection mechanisms, and while in use it is protected by RASP-technology (Runtime Application Self Protection). The protected data is never visible in clear nor can it be extracted from the device at runtime. When the same data is in motion the Secure Channel and Certificate Pinning prevent Man-in-the-middle (MITM) attacks.

For more detailed information on Build38’s mobile app security please read our whitepaper “Digitalisierung im Gesundheitswesen und Gefahren durch unsichere Apps" (in German) or the same whitepaper in English "Hacking Healthcare - why unsecure apps are bad for patients and providers".


The impact of PSD2 on your financial app

PSD2 and what it means to your company

2019 is set to be a game-changing year for retail banking and FinTechs! As the PSD2 (Revised Payment Service Directive) becomes implemented and finally enforced on 14 September 2019, banks’ monopoly on their customer’s account information and payment services is becoming history.
In short, PSD2 enables both consumers and businesses, to use third-party providers to manage their finances. Soon you may be using your favorite social network to pay your bills, making peer-to-peer transfers and analyze your spending, while still having your money safely placed in your current bank account. PSD2 will fundamentally change the payments value chain and customer expectations.
Through PSD2, the European Commission aims to improve innovation, reinforce consumer protection and improve the security of internet payments and account access across the EU.

PSD2 and its implications on mobile security

The PSD2 guidelines set security requirements for payment services providers across the EU and will provide enhanced protection of EU consumers against payment fraud on the Internet. Specifically, the PSD2 security requirements for mobile apps are referred to in the Regulatory Technical Standards (RTS), for example, paragraph 26 and articles 9, 27 and 28.
RTS requires that the mobile app is running in a secure environment. This means that the integrity of the mobile device should be guaranteed and in case of compromise mitigation measures are taken. The same integrity and mitigation principles apply for the mobile app, too. Risk mitigation measures include the destruction, deactivation and revocation of the service. PSD2 also has a strong focus on data protection: data (e.g. certificates) shall be protected at rest, and when data flows between the mobile app and the service provider, the mobile apps should ensure the security of communication sessions and should avoid misdirection of communication.

Build38 makes your digital mobile channel PSD2 compliant
Your developers should focus on what they are best at: delivering business value, while Build38 provides mobile app security. Build38’s Trusted Application Kit (T.A.K) is a highly secure, holistic and easy to integrate mobile app security framework. It enables you to deliver PSD2 compliant mobile apps.
Build38’s approach to mobile app security is based on a unique triple-protection approach for compromise detection and continuous hardening: ensuring the integrity of device, app and security.
T.A.K can detect changes to the device’ secure execution environment, and in case of compromise or an ongoing attack, it can render its own function useless immediately. At the same time the app is secured by various In-App protection mechanisms, and while in use it is protected by RASP-technology (Runtime Application Self Protection). T.A.K protected data is never visible in clear nor can it be extracted from the device at runtime. When the same data is in motion the Secure Channel and Certificate Pinning prevent Man-in-the-middle (MITM) attacks.
It is Build38’s strong belief that in a changing digital landscape, app security isn’t a luxury. It is a necessity.
For more detailed information on Build38’s mobile app security please have a look at our whitepaper.


Build38 Recognized in Gartner 2019 Market Guide for In-App Protection

Munich, Germany, July 5, 2019 – Build38 GmbH, leading vendor of In-App protection and enabler of passwordless authentication solutions has been recognized as Representative Vendor in the Gartner July 2019 “Market Guide for In-App Protection” report. Gartner states, that “by 2022 at least 50% of successful attacks against clickjacking and mobile apps could have been prevented by using in-app protection.”

Build38’s Trusted Application Kit (T.A.K) secured mobile apps diagnose and protect themselves at runtime with Build38’s next generation RASP technology. T.A.K delivers valuable insights to service providers so that they can react on upcoming threats and fraud in real-time. To the end-user of your apps T.A.K remains invisible and non-intrusive, yet it gives your users a high level of trust and security.

T.A.K is a platform solution and an SDK for Android and iOS that allows a quick and easy development of highly secured and protected mobile apps. It is integrated into mobile apps within hours, therewith saves development costs and shortens the crucial time to launch the mobile app.

The Trusted Application Kit (T.A.K) is used globally and deployed by financial institutions, enterprise services, insurance companies, and the automotive industry.

Gartner recommendations is that “security and risk management leaders responsible for application security choose in-app protection for critical and high-value applications that run within untrusted environments and move software logic on the front end. The most common use cases will be mobile apps, single-page web apps (especially consumer-facing ones) and software on connected devices.”

“We hear almost daily that mobile apps need by far better protection than most people are aware of. We believe that Build38 helps customers to propel your app security to a new level of operational excellence. We believe this report acknowledges that In-App protection (application shielding) is a necessity to fight the growing numbers of attacks and fraud cases. We know that App security is not a luxury anymore, it is a must!” says Build38 CEO Dr. Christian Schlaeger. “We are convinced that our Trusted Application Kit, included in this Market Guide report is the most holistic solution in the market. We believe it provides a broad range of In-App protection features for the app and delivers risk- and fraud detection and prevention information to the service provider”.

 

Gartner subscribers may access the report here: https://www.gartner.com/document/3947048

Gartner, Inc., "Market Guide for In-App Protection" by Dionisio Zumerle, Manjunath Bhat, 3 July 2019.

Disclaimer: Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

 

About Build38

Build38 is a global provider of mobile application protection solutions. Its Trusted Application Kit (T.A.K) represents a new generation of app-hardening technologies that protects apps from known and unknown attacks and opens the market to new digital business models. Build38 protects applications across various industries including automotive, financial, public transport and health care. Build38 is headquartered in Munich with global offices in Barcelona and Singapore. The company is a spin out of Giesecke + Devrient and ranks among the best IT Security startups in Germany. For further information about Build38 visit www.build38.com.