News

How Kryptowire’s automation helps the NHS Digital Apps Library

How Kryptowire’s automation helps the NHS Digital Apps Library
Digital Health Solutions
Member News

The NHS Digital Apps Library utilized rigorous vetting procedures to ensure the Library’s mobile applications were fit for purpose and met appropriate criteria (i.e., health merits, accessibility, technical stability, security and privacy). They leveraged Kryptowire’s automated mobile application security and privacy testing solution and realized significant benefits in time and cost-savings.

Around the world, end users continue to adopt a mobile-first approach to technology, and the world of healthcare offers no exception. As more patients, caregivers, and professionals rely on phones and tablets to live and work, the need for strategic and proactive mobile application security measures has grown in lockstep. Patient health information has been a prime target for hackers in recent years, with several high-profile security breaches making global news. Rather than play catch-up against bad actors, healthcare application developers, device managers, library hosts, and other cybersecurity stewards should rigorously search for and patch detectable vulnerabilities.

We had the privilege of partnering with the National Health Service (NHS) to help validate their digital apps library, helping safeguard patients, clinicians, health and social care workers across the country. Using our proprietary, end-to-end, closed-loop security engine, we rapidly assessed applications in the library against stringent standards established by the NHS, as well as helped the NHS locate specific, potential issues relating to COVID-19 apps.

Here’s a short overview of how we did it, as well as some lessons learned for healthcare technology leaders. If you want to learn more, download the official whitepaper.

The ask: assess the security and privacy of the NHS Digital Apps Library – and do it efficiently

Prior to working with Kryptowire, the NHS Digital Apps Library managers developed a set of criteria for all applications in its library. A hosted application needs to be safe and secure to use, providing evidence of clinical safety, security, and technical stability.

To facilitate validation, the Library team developed the Digital Assessment Process (DAP), which included a Digital Assessment Questionnaire (DAQ) to be completed by submitting developers. Completed DAQs were assessed by the Library development team and associated personnel, including a clinical panel, security personnel, and technical stability experts.

Although this process proved rigorous, the length of time required to complete a given DAP-based validation varied considerably on reviewer availability, the app’s technical complexity, and the results of initial findings. To continually improve the DAP and reduce the time and cost associated with publishing apps, the NHS engaged Kryptowire to provide a highly-efficient, cost-effective security and privacy solution.

The solution: rapid, automated, standards-based analysis

Kryptowire has developed a proven, proprietary, cloud-based solution for mobile application and device security. Our automated engine utilizes Static Analysis, Dynamic Analysis, Behavioural Analysis, Forced Path Execution, and other proprietary functions to deliver comprehensive, auditable, and repeatable results. The NHS partnered with us to automatically scan Library apps for security and privacy vulnerabilities, provide detailed reporting on identified issues, and to reduce the total time required for an application to clear the validation process.

Following a successful Pilot, the NHSD Apps Library Team utilized Kryptowire to analyze the security and privacy of the Library’s apps.

  • The average time taken for validating the apps’ compliance against stringent standards was 36 minutes.
  • App updates ranged from 2 to 25 times.

All scans were completed against the NHS’s specific standards. To inform NHS decision-making, we provided a dashboard including high-risk results to help triage remediation activity. Evidence provided included issue location, impact, links to relevant standards, and remediation advice. Additionally, on a daily basis, our watchlist facility automatically scanned the app stores to look for updates to the published apps, factoring materially relevant update information into regular reporting.

Key benefits and lessons learned

Beyond improving the security and privacy posture of the Library’s many apps, Kryptowire’s approach saved the NHS significant time and resources, removing considerable amounts of manual review and delivering high speed against stringent standards.

Along the way, we demonstrated several principles relevant to mobile application and device security in the healthcare space:

  • Application validation is essential. Manually validating applications against security and privacy standards, at scale and factoring update timing, is slow, expensive, and less rigorous compared to automated validation.
  • Standards-based reporting improves quality. Creating a validation process that includes and factors a comprehensive range of technical and regulatory standards leads to better outcomes overall.
  • Continuous review of updates is crucial. As development cycles speed up and updates roll out more frequently, an automated way to audit application content against established standards is important for maintaining momentum in the cybersecurity battle.

Discover more about Kryptowire:

Kryptowire’s end-to-end security and privacy monitoring platform helps developers and enterprises, including those in healthcare, take full advantage of modern, mobile technologies without putting their organization or patient’s privacy at risk. Kryptowire’s platform provides closed-loop, automated vulnerability and compliance analysis that prioritizes the protection of sensitive data, supporting security and privacy across end-user devices. Our mission is to make world-class security and privacy capabilities more accessible to innovators and communities worldwide, benefiting patients, teams, and stakeholders and creating a safer, more secure future for all. Learn more at kryptowire.com.

NEWS​

Related News

An innovation helping millions manage the side effects of cancer treatment

19 Dec 2024
A UK business with expertise in cooling and refrigeration has evolved to develop innovative ways to radically reduce the trauma linked to cancer treat...

DMHIC Report: Evaluating Digital Interventions for ADHD Diagnosis and Management for Adults within the UK

17 Dec 2024
Download DHI's "Evaluating Digital Interventions for ADHD Diagnosis and Management for Adults within the UK (Excluding Scotland)" here.

Strata Health Solutions Shortlisted for Best Contribution to the Improvement of Urgent and Emergency Care at the 2025 HSJ Partnership Awards

17 Dec 2024
Strata Health Solutions, NHS England, and East Lancashire Hospitals Trust are thrilled to announce that our Urgent and Emergency Care Digital Front Do...

4C Accelerator – Apply for the free qualification program for MedTech startups

12 Dec 2024
Until January 17, 2025 founders in the MedTech sector can apply for the free & funded “4C Accelerator”. The programm enables founders in the MedTe...

Future4care International Call4Applications 2025 – Now Open!

10 Dec 2024
Are you a digital health startup looking to expand into France and Germany? Don’t miss the opportunity to join Future4care’s one-year, equity-free acc...

AGE-WELL, Canada’s technology and aging network, releases its 2023-2024 Annual Report

10 Dec 2024
Hot off the digital press, the latest AGE-WELL annual report, AgeTech for Aging Well, showcases recent activities and accomplishments from across the ...

Become a member

Join ECHAlliance to amplify your organisation’s message, grow your networks, connect with innovators and collaborate globally.
 
First name *
Last Name *
Email Address *
Country *
Position *
First name *
Last Name *
Email Address *
Country *
Position *