Welcome to "Upwardly Mobile," the podcast exploring the intersection of mobile technology, health, and regulation. In this episode, we dive deep into the world of Mobile Medical Apps (MMAs), understanding how the FDA ensures their safety and effectiveness, and why cybersecurity is absolutely non-negotiable in this rapidly evolving landscape.
What You'll Learn:
• The Rise of mHealth: Mobile health (mHealth) apps are revolutionizing healthcare, empowering patients with personalized monitoring, tracking, and therapeutic support1. The regulated medical apps market is projected to reach a staggering $156 billion by 20331.
• Understanding FDA Oversight: The U.S. Food & Drug Administration (FDA) plays a critical role in overseeing device software functions, including mobile medical apps2. Their focus is on software that presents a significant risk to patients if it fails, or software that transforms a mobile platform into a regulated medical device2....
• Defining Mobile Medical Apps: An app is classified as a mobile medical app if it meets the definition of a device under section 201(h) of the FD&C Act, meaning it's intended for use in the diagnosis, cure, mitigation, treatment, or prevention of disease, or to affect the body's structure or function3.... Examples include apps that control medical devices, transform a phone into a diagnostic tool (like an ECG reader or glucose meter), or provide treatment recommendations58.
•
FDA's Risk-Based Approach: The FDA applies a risk-based approach, focusing its oversight on higher-risk software functions that require formal review910. However, for many low-risk apps—such as those that help users self-manage conditions without providing specific treatment suggestions, or automate simple tasks for healthcare providers—the FDA intends to exercise enforcement discretion, meaning they won't typically require premarket review. The FDA does not regulate general consumer smartphones, tablets, or mobile app stores.
• The Criticality of Cybersecurity: For any medical device, including mobile medical apps, cybersecurity is paramount for safety and effectiveness14. As Jessica Wilkerson, a Senior Cybersecurity Policy Advisor at the FDA, emphasizes, "You cannot have a safe and effective device if you don’t have a cybersecure device"414. Mobile app security vulnerabilities pose significant risks, including patient harm, data breaches, privacy compromises, legal consequences, and damage to brand reputation15.
• Emerging Threats and Weaknesses: The mobile medical ecosystem faces serious threats like Man-in-the-Middle (MitM) attacks, which can falsify data or steal protected health information (PHI)16. Runtime tampering using tools like Frida or Xposed allows attackers to modify app behavior, bypass protections, or extract sensitive data17. Common weaknesses found in mHealth apps include static API keys, lack of app attestation, weak runtime protection, and insufficient certificate pinning1819.
• Best Practices for Secure Mobile Medical Apps: To combat these threats, robust security measures are essential. These include App Attestation to ensure only legitimate apps access APIs, Runtime Threat Detection to identify hooking or emulation, Dynamic Secrets and Token Protection to prevent credential exposure, API Hardening, and MitM Mitigation through dynamic certificate pinning1920.
• Industry Insights on Security Gaps: A NowSecure benchmark report revealed that an alarming 95% of healthcare apps failed one or more OWASP Mobile Application Security Verification Standard (MASVS) checks, highlighting widespread issues like insecure network connections, insecure platform interaction, and insecure code quality2122. This underscores the urgent need for developers to adopt secure coding practices and perform continuous security testing22.
Relevant Links & Resources:
• FDA Official Guidance:
◦ Device Software Functions Including Mobile Medical Applications: https://www.fda.gov/medical-devices/digital-health-center-excellence/device-software-functions-including-mobile-medical-applications2324
◦ Policy for Device Software Functions and Mobile Medical Applications - Guidance: https://www.fda.gov/regulatory-information/search-fda-guidance-documents/policy-device-software-functions-and-mobile-medical-applications2526
Popular Podcasts
24/7 News: The Latest
The latest news in 4 minutes updated every hour, every day.
Crime Junkie
Does hearing about a true crime case always leave you scouring the internet for the truth behind the story? Dive into your next mystery with Crime Junkie. Every Monday, join your host Ashley Flowers as she unravels all the details of infamous and underreported true crime cases with her best friend Brit Prawat. From cold cases to missing persons and heroes in our community who seek justice, Crime Junkie is your destination for theories and stories you won’t hear anywhere else. Whether you're a seasoned true crime enthusiast or new to the genre, you'll find yourself on the edge of your seat awaiting a new episode every Monday. If you can never get enough true crime... Congratulations, you’ve found your people. Follow to join a community of Crime Junkies! Crime Junkie is presented by audiochuck Media Company.
The Clay Travis and Buck Sexton Show
The Clay Travis and Buck Sexton Show. Clay Travis and Buck Sexton tackle the biggest stories in news, politics and current events with intelligence and humor. From the border crisis, to the madness of cancel culture and far-left missteps, Clay and Buck guide listeners through the latest headlines and hot topics with fun and entertaining conversations and opinions.