1. Securing medical apps
in the age of COVID
How to close security gaps
and meet accelerated demand
David Maher
CTO and EVP
Andrew Snyder
Technical Solutions Director

2. 2
Presenters
David Maher
CTO and EVP
With more than three decades experience in secure computing, David Maher
serves as CTO of Intertrust and works on Distributed Trust Management
systems. Prior to Intertrust, Maher was Chief Scientist for AT&T Secure
Communications Systems, Head of the Secure Systems Research
Department, and security architect for AT&T’s Internet services platform.
Maher received a Bell Labs Fellows Award and holds dozens of patents in
secure computing. He has authored publications in the fields of mathematics
and computer science and has consulted with the National Science
Foundation, NSA, NIST, and the Congressional Office of Technology
Assessment.
Andrew Snyder
Technical Solutions Director
As Technical Solutions Director, Andrew Snyder works directly with
Intertrust customers to ensure they complete initiatives securely,
effectively, and on-time. He brings years of experience in the finance and
app connected medical device space, with specific expertise in applying
cryptographic and anti-tamper technologies to obtain regulatory approval
and keep applications and critical data safe. Prior to Intertrust, Andrew
spent more than 15 years in the Software and IT space, with an emphasis on
mobile technologies.

3. 3
COVID-19 has drastically altered the medical app landscape
• Accelerated patient and provider adoption
• Accelerated development
• 12% YOY increase in number of medical apps
(excluding consumer health and fitness)
YOY Increase in medical apps
available worldwide
(excluding health & fitness)

4. 4
Some background
• mHealth apps can be roughly grouped into four categories
(excluding consumer health and fitness)
• Dramatic growth in telemedicine apps
Health commerce Medical device apps Telemedicine and
patient engagement
COVID-tracking apps

5. 5
Analysis results: today’s mHealth apps are at
risk
71%
of apps have a high-
severity vulnerability
of apps fail
cryptographic tests91%
83%
of high-level threats could have been
mitigated using in-app protection
34%
of Android
apps and
of iOS apps are vulnerable to
cryptographic key extraction28%

6. 6
Polling questions

7. 7
What does this mean for mHealth app
developers and healthcare organizations?
• Data theft and privacy issues
• HIPAA and other regulatory violations
• Theft of proprietary algorithms and other IP
• Patient health risk
• Operational disruption
Example: Insulin delivery app

8. 8
Healthcare threat trends
• HHS reports a 50% YOY increase in
breaches of hospitals and healthcare
providers' networks
• 82% of hospitals suffered a “significant
security incident” in the past 12 months
• Ransomware attacks on healthcare
organizations nearly doubled from
Q2 to Q3 alone
• Verizon 2020 Security Index found mobile
related healthcare compromises jumped
by 52%, accounting for 38% of incidents

9. 9
Healthcare app risks
• Innovation at expense of security
• The ‘creative’ user
• Multiple types of hacking attacks

10. 10
Sample healthcare app attack flow

11. 11
Building a more secure medical app
• Mobile device and OS mechanisms not enough
• Secure app design practices
• Layered protection
• App protection technologies—can mitigate 83%
of high-severity threats
• Secure cryptographic keys

12. 12
whiteCryption Code Protection
• Advanced obfuscation
• Runtime checks
• Android Java Protection
• Easy tuning of protection levels
for optimal security and performance
• Easy to use with little impact on
development time
• Cross-platform support: mobile, desktop,
server
Powerful in-app
protection

13. 13
whiteCryption Secure Key Box
• Protects keys at rest, runtime, and in transit,
even in a jailbroken/rooted environment
• Supports all standard algorithms
and is platform and hardware-agnostic
State-of-the-art
white-box
cryptography
• Undergoes regular independent
security testing
• Secures keys against side-channel attacks
• Drop-in and go

14. 14
Looking toward the future of
digital healthcare
• Growing digital adoption
• Attacks now not just about
stealing data, affecting lives
• How can healthcare technologists
come together
• What needs to change in the way
we approach healthcare security

15. 15
Q&A
Make your apps self-defending
Get a 30-day free trial:
intertrust.com/whitecryption-free-trial/
David Maher
dpm@intertrust.com
Andrew Snyder
andrew@intertrust.com