Philips HealthSuite Health Android App Vulnerability Discovered

The Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) published a medical bulletin concerning a vulnerability which was discovered in the Philips HealthSuite Health Android Application.

The Philips HealthSuite Health Android App records users’ body measurements and health information to allow them to monitor their activities and help them attain their wellness goals. Users of the app are mostly located in the United States, Germany, Netherlands and the United Kingdom.

The app encrypts user data to protect against unauthorized access; however, a security researcher discovered the encryption method used was too simple and, as a result, did not provide the necessary level of protection.

Because of this vulnerability, a hacker with physical access to the app could exploit the weakness and gain access to the data of the app user. Because it is not possible for a hacker to exploit the vulnerability remotely, the risk of data exposure/theft is minimal. The vulnerability is being tracked as CVE-2018-19001 and has a CVSS v3 base rating of 3.5.

Philips is going to release a new version of the application in Q1, 2019. The new version use a more powerful method of encrypting user data. For the time being, Philips’ recommendation is not to use the app on mobile devices that are rooted or jail-broken because they have weakened security and thus the risk is greater.

About Liam Johnson
Liam Johnson has produced articles about HIPAA for several years. He has extensive experience in healthcare privacy and security. With a deep understanding of the complex legal and regulatory landscape surrounding patient data protection, Liam has dedicated his career to helping organizations navigate the intricacies of HIPAA compliance. Liam focusses on the challenges faced by healthcare providers, insurance companies, and business associates in complying with HIPAA regulations. Liam has been published in leading healthcare publications, including The HIPAA Journal. Liam was appointed Editor-in-Chief of The HIPAA Guide in 2023. Contact Liam via LinkedIn: https://www.linkedin.com/in/liamhipaa/