News

How Kryptowire’s automation helps the NHS Digital Apps Library

How Kryptowire’s automation helps the NHS Digital Apps Library
Digital Health Solutions
Member News

The NHS Digital Apps Library utilized rigorous vetting procedures to ensure the Library’s mobile applications were fit for purpose and met appropriate criteria (i.e., health merits, accessibility, technical stability, security and privacy). They leveraged Kryptowire’s automated mobile application security and privacy testing solution and realized significant benefits in time and cost-savings.

Around the world, end users continue to adopt a mobile-first approach to technology, and the world of healthcare offers no exception. As more patients, caregivers, and professionals rely on phones and tablets to live and work, the need for strategic and proactive mobile application security measures has grown in lockstep. Patient health information has been a prime target for hackers in recent years, with several high-profile security breaches making global news. Rather than play catch-up against bad actors, healthcare application developers, device managers, library hosts, and other cybersecurity stewards should rigorously search for and patch detectable vulnerabilities.

We had the privilege of partnering with the National Health Service (NHS) to help validate their digital apps library, helping safeguard patients, clinicians, health and social care workers across the country. Using our proprietary, end-to-end, closed-loop security engine, we rapidly assessed applications in the library against stringent standards established by the NHS, as well as helped the NHS locate specific, potential issues relating to COVID-19 apps.

Here’s a short overview of how we did it, as well as some lessons learned for healthcare technology leaders. If you want to learn more, download the official whitepaper.

The ask: assess the security and privacy of the NHS Digital Apps Library – and do it efficiently

Prior to working with Kryptowire, the NHS Digital Apps Library managers developed a set of criteria for all applications in its library. A hosted application needs to be safe and secure to use, providing evidence of clinical safety, security, and technical stability.

To facilitate validation, the Library team developed the Digital Assessment Process (DAP), which included a Digital Assessment Questionnaire (DAQ) to be completed by submitting developers. Completed DAQs were assessed by the Library development team and associated personnel, including a clinical panel, security personnel, and technical stability experts.

Although this process proved rigorous, the length of time required to complete a given DAP-based validation varied considerably on reviewer availability, the app’s technical complexity, and the results of initial findings. To continually improve the DAP and reduce the time and cost associated with publishing apps, the NHS engaged Kryptowire to provide a highly-efficient, cost-effective security and privacy solution.

The solution: rapid, automated, standards-based analysis

Kryptowire has developed a proven, proprietary, cloud-based solution for mobile application and device security. Our automated engine utilizes Static Analysis, Dynamic Analysis, Behavioural Analysis, Forced Path Execution, and other proprietary functions to deliver comprehensive, auditable, and repeatable results. The NHS partnered with us to automatically scan Library apps for security and privacy vulnerabilities, provide detailed reporting on identified issues, and to reduce the total time required for an application to clear the validation process.

Following a successful Pilot, the NHSD Apps Library Team utilized Kryptowire to analyze the security and privacy of the Library’s apps.

  • The average time taken for validating the apps’ compliance against stringent standards was 36 minutes.
  • App updates ranged from 2 to 25 times.

All scans were completed against the NHS’s specific standards. To inform NHS decision-making, we provided a dashboard including high-risk results to help triage remediation activity. Evidence provided included issue location, impact, links to relevant standards, and remediation advice. Additionally, on a daily basis, our watchlist facility automatically scanned the app stores to look for updates to the published apps, factoring materially relevant update information into regular reporting.

Key benefits and lessons learned

Beyond improving the security and privacy posture of the Library’s many apps, Kryptowire’s approach saved the NHS significant time and resources, removing considerable amounts of manual review and delivering high speed against stringent standards.

Along the way, we demonstrated several principles relevant to mobile application and device security in the healthcare space:

  • Application validation is essential. Manually validating applications against security and privacy standards, at scale and factoring update timing, is slow, expensive, and less rigorous compared to automated validation.
  • Standards-based reporting improves quality. Creating a validation process that includes and factors a comprehensive range of technical and regulatory standards leads to better outcomes overall.
  • Continuous review of updates is crucial. As development cycles speed up and updates roll out more frequently, an automated way to audit application content against established standards is important for maintaining momentum in the cybersecurity battle.

Discover more about Kryptowire:

Kryptowire’s end-to-end security and privacy monitoring platform helps developers and enterprises, including those in healthcare, take full advantage of modern, mobile technologies without putting their organization or patient’s privacy at risk. Kryptowire’s platform provides closed-loop, automated vulnerability and compliance analysis that prioritizes the protection of sensitive data, supporting security and privacy across end-user devices. Our mission is to make world-class security and privacy capabilities more accessible to innovators and communities worldwide, benefiting patients, teams, and stakeholders and creating a safer, more secure future for all. Learn more at kryptowire.com.

NEWS​

Related News

We welcome our new England – TheHill Oxford Digital Health and Care Ecosystem! Read the interview with its ecosystem coordinator

3 Dec 2024
We are very excited to welcome another English ecosystem to our network. This time based in Oxford and led by TheHill, embedded within Oxford Universi...

Where’sMyData? – #MyDataOurHealth Campaign Action

2 Dec 2024
My Data Our Health is a global initiative aimed at raising public awareness and influencing politicians to take action on health data governance. We i...

Meet the Global Telehealth Community of Practice team at the Global Digital Health Forum!

28 Nov 2024
The Global Telehealth Community of Practice will be at the Global Digital Health Forum (GDHF) in Nairobi from 4th to 6th December. Please come and fin...

DTH-Lab BMJ Op-ed: Tackling digital harms: why simply banning children from social media won’t protect them

28 Nov 2024
Can we completely ban children from social media to prevent digital harms? "Children have a right to benefit from digital advancements. Instead of foc...

UHC2030, OECD and DTH-Lab Launch Joint Op-ed Unlocking Health Equity in Every Byte

28 Nov 2024
UHC2030 together with the Organization for Economic Cooperation and Development (OECD) and the Digital Transformations for Health Lab (DTH-Lab) are mo...

Meet DTH-Lab’s new Regional Youth Champions 2024-2025

28 Nov 2024
DTH-Lab is pleased to welcome a new cohort of Regional Youth Champions (RYCs). These ten exceptional individuals under 30 will be key partners in the ...

Become a member

Join ECHAlliance to amplify your organisation’s message, grow your networks, connect with innovators and collaborate globally.
 
First name *
Last Name *
Email Address *
Country *
Position *
First name *
Last Name *
Email Address *
Country *
Position *