A number of NHS-accredited medical mobile apps have been found to be sending unencrypted sensitive information, leading to fears that personal health data may be at risk from cyber-attack.
Research from Imperial College London analysed a total of 79 applications available as part of the NHS England's Health Apps Library that were certified as clinically safe and trustworthy.
However the results indicated otherwise, with many showing vulnerabilities.
Furthermore, half of the mobile applications tested were found to transmit user account details without encryption.
What's worse, the research uncovered evidence that personal data, including names, date of births and contact details were sent over the internet as plain text.
The implications of the findings could leave the app developers in legal trouble, according to the Imperial College London analysis.
"A failure to implement appropriate technical safeguards of personal information does not only imply a failure of accreditation, it may also represent a violation of data protection law in the UK," it warned.
According to Ollie Whitehouse, technical director at global information assurance specialist, NCC Group, in the digital age there is an expectation that sensitive information should be securely held.
"Health data is one of the most personally sensitive aspects of our lives where people have a high expectation of privacy. If, as the research shows, this data is being transmitted clear-text over the Internet there is risk of interception," he said.
"Much like UK government defines security performance profiles for things like smart meters, doing so for medical apps would be a prudent step."
The findings come despite efforts in the NHS to increase the use of apps in order to try and improve public healthcare and engage with patients in more modern, digital ways. Recently V3 revealed how the first apps to be tested under this initiative are being developed in conjunction with the Department for Health.
BT wants to make the public switched telephone network history within eight years
Personal data being purloined by third parties via Facebook Login API
MacOS and iOS are better off apart, says CEO Tim Cook
Or they'll no longer be entitled to updates and bug patches