Cybersecurity Takes Top Priority: What Users Really Want in Digital Health Apps

The Digital Health Revolution: Security Comes First

The digital health landscape is experiencing unprecedented growth, with mobile health applications becoming integral to personal healthcare management. From simple fitness trackers to sophisticated digital therapeutics approved by regulatory bodies, these applications are transforming how we approach health and wellness. However, a groundbreaking study from South Korea has revealed a crucial insight: when it comes to choosing digital health apps, cybersecurity and data safety trump all other considerations.

Recent research conducted by Professor Jaeyong Shin from Yonsei University College of Medicine's Department of Preventive Medicine, along with Dr. Junbok Lee, Research Professor Mingee Choi, and Professor Jung Hyun Kim from Hankuk University of Foreign Studies, has shed light on user preferences in the digital health space. Their comprehensive study involving 1,093 participants - including 97 physicians, 589 chronic disease patients, and 407 healthy individuals - utilized choice-based conjoint analysis to understand what truly matters to users when selecting healthcare applications.

The findings are striking: across all user groups, cybersecurity and data safety emerged as the most critical preference factors. Healthy individuals showed the highest concern with a coefficient of β = 2.127, followed by patients (β = 1.569) and physicians (β = 1.111). Perhaps most tellingly, all groups expressed willingness to pay approximately $12 more for applications with high cybersecurity and data safety features compared to those with low security standards.

Digital Therapeutics: Beyond Simple Apps to Medical Devices

The evolution of digital health has moved far beyond basic wellness tracking. Digital therapeutics (DTx) represent a new category of evidence-based therapeutic interventions delivered through software programs to prevent, manage, or treat medical disorders. These applications undergo rigorous clinical testing and regulatory approval processes, similar to traditional pharmaceuticals.

A prime example is the treatment of insomnia through digital therapeutics. The FDA has recently seen submissions for prescription digital therapeutic treatments for chronic insomnia, such as Somryst by Pear Therapeutics. This application delivers cognitive behavioral therapy for insomnia (CBT-I) - the evidence-based standard of care - through a personalized, algorithmically-adjusted program over nine weeks. Clinical trials involving over 1,400 individuals have demonstrated the effectiveness of such digital interventions, with the majority of treated patients no longer meeting criteria for insomnia or depression diagnosis after treatment.

In Japan, SUSMED's digital therapeutic for insomnia has received regulatory approval, marking a significant milestone in the acceptance of smartphone applications as legitimate medical treatments. The UK's National Institute for Health and Clinical Excellence (NICE) has also recommended CBT-I based applications for insomnia treatment in its 2022 guidelines, reflecting the growing international recognition of digital therapeutics.

The Cybersecurity Challenge in Healthcare Apps

The healthcare sector faces unprecedented cybersecurity challenges, with stakes higher than ever before. As cyber threats continue to escalate in both frequency and sophistication, the potential impact on patient safety, data privacy, and healthcare system functionality has reached a critical tipping point. High-profile attacks on major global healthcare organizations have demonstrated how cyber incidents can disrupt entire ecosystems, compromise patient care, and erode public trust.

Digital therapeutic apps have become particularly attractive targets for cybercriminals due to the sensitive information they contain. These applications facilitate patient self-care and prevent medical conditions from escalating, but the data within makes them inviting targets for malicious actors. The information stored in these apps doesn't just jeopardize sensitive patient information - it could potentially endanger lives if compromised.

Recent industry analysis reveals that 92% of healthcare organizations experienced a cyberattack in 2024, highlighting the urgent need for robust security measures. The rapid adoption of AI in healthcare, while promising for sector-specific use cases, has also introduced new security considerations that Chief Information Security Officers must address.

Emerging Security Technologies and Innovations

As we move through 2025, the digital health industry is witnessing significant innovations in security technologies. End-to-end encryption, biometric authentication, and AI-driven security solutions are becoming standard features in modern health applications. These technologies provide multiple layers of protection for sensitive health data, addressing the growing concerns of users and healthcare providers alike.

Artificial intelligence is increasingly being used to enhance mobile health app security. AI-driven algorithms can detect abnormal patterns in user behavior, identify potential security threats, and provide real-time alerts to both users and administrators. For example, AI can recognize when a user's account is being accessed from an unfamiliar device or location, allowing the app to take immediate action to block potential intruders.

Blockchain technology represents another promising innovation for securing mobile health apps. By providing a decentralized ledger of transactions, blockchain allows users to share health data in a secure and transparent manner. The immutability of blockchain records ensures that data cannot be tampered with or altered, adding an additional layer of security for sensitive health information.

Regulatory Landscape and Compliance Standards

The regulatory environment for digital health applications is rapidly evolving, with new compliance standards emerging to address cybersecurity concerns. In 2025, digital health organizations are focusing on several key standards, with ISO 42001 for AI Management Systems leading the way at 55% adoption, followed by UK Cyber Essentials at 51%.

The NHS Data Security and Protection Toolkit (DSPT) has become mandatory for organizations wanting to work with the UK's National Health Service, requiring comprehensive self-assessment to prove safe handling of patient data. Meanwhile, ISO 27001 for Information Security Management remains the global gold standard, with 44% of organizations prioritizing this certification.

In Europe, the General Data Protection Regulation (GDPR) provides comprehensive data protection rules for all personal data, with particularly high protection standards for health data. The EU's new AI Act represents the first-ever standalone governance of AI from a regulatory perspective, though implementation challenges remain. Starting January 1, 2025, Germany has introduced heightened data security requirements for all digital health applications (DiGA), reflecting the increasing regulatory focus on cybersecurity.

User Behavior and Privacy Concerns

Despite growing awareness of cybersecurity risks, user behavior regarding health app privacy remains complex and sometimes contradictory. Research shows that about one in five Americans uses a smartwatch or fitness tracker with corresponding apps, yet many users remain unaware of the privacy implications. Health apps can gather extensive personal information, which often ends up in the hands of third and fourth parties when app makers share data with other companies.

A concerning finding from recent studies is that all examined diabetes mobile apps shared data with third parties, even when their privacy policies stated they wouldn't. This highlights the gap between user expectations and actual data handling practices. Experts recommend that consumers look for red flags such as the presence of advertisements in health apps, which typically indicates data sharing with third parties.

Interestingly, while 55% of consumers expect their health apps to be hacked within the next six months, 78% of users still consider their mobile apps to be adequately secure. This paradox suggests a disconnect between perceived and actual security risks, emphasizing the need for better user education and more transparent security practices.

The Future of Secure Digital Health

Looking ahead, the digital health industry is at a critical inflection point where organizations must advance digital transformation while maintaining robust security measures. The integration of consolidated solutions by major platform providers is helping Chief Information Security Officers simplify their technology stacks and focus on securely enabling digital transformation initiatives.

The choice-based conjoint analysis methodology used in the Korean study represents a sophisticated approach to understanding user preferences in healthcare technology. This method provides virtual scenarios that allow consumers to compare and choose between different service or product conditions, revealing actual decision-making processes. Such research methodologies are becoming increasingly important as the healthcare industry seeks to develop user-centered solutions that prioritize both functionality and security.

As healthcare organizations continue to adopt digital health records and AI-powered solutions, the risk of data-related threats will continue to rise. However, the clear user preference for cybersecurity and data safety, as demonstrated in the Korean study, provides a strong market incentive for developers to prioritize security features. The willingness of users to pay premium prices for enhanced security suggests that the future of digital health lies in applications that successfully balance innovation with robust protection of sensitive health information.