The Covid-19 pandemic brought in many uncertainties, leading to several mental health issues. According to a World Health Organization (WHO) report, the global prevalence of anxiety and depression increased by 25 percent in the first year of the pandemic. As many countries imposed a lockdown to prevent the spread of the coronavirus, people turned to digital mental health platforms to deal with the social isolation that followed.
The sudden demand led to a surge in downloads of self-help, self-care, meditation and mind calmness apps. According to a report by Sensor Tower, the top English language mental wellness apps noted over 2 million more downloads in April 2020 compared to January. Healthcare technology company Lybrate also reported a 180 percent spike in mental health consultations between March 2020 and June.
Poor Privacy Protection
Though digital mental well-being apps and platforms offer people an array of wellness solutions, they may not have the best privacy protections for their users. Moreover, unlike a patient-doctor confidentiality clause, most mental wellbeing apps are not obliged to adhere to the rules of the health sector, putting a patient’s data at higher risk.
Vastaamo data breach
In October 2020, Vastaamo, a Finnish private psychotherapy service provider, reported that its patient data had been hacked. The breach resulted in the disclosure of the patient’s name, email address and phone numbers and sensitive personal data between the patient and therapist. According to reports, the hackers demanded 40 bitcoins, (450,000 euros, 450$) from Vastaamo. To build pressure on the company to agree to their demands, they also published patient data on Tor, open-source software for anonymous communication.
An investigation into the breach revealed that the hackers accessed the sensitive patient data twice, once in 2018 and then in 2019, due to the company’s inadequate security practices.
Flawed Privacy Policies
The breach triggered discussions revolving around the personal details shared by the patients during the sign-up process and its protection as well as misuse by mental wellness and well-being platforms.
In May 2022, Mozilla research revealed that most mental health and prayer applications were worse than any other product category regarding data protection, privacy, and security. For the report, the company investigated the security practices of 32 mental health and prayer apps such as Talkspace, Better Help, Calm, and Glorify.
Post the investigation, 28 apps were tagged under the “Privacy Not Included” warning label indicating concerns over how the app managed its user data. Moreover, 25 apps failed to meet Mozilla’s Minimum-Security Standards, such as managing security updates and passwords.
Despite being designed to handle sensitive issues such as depression, anxiety, eating disorders and more, their security standards failed miserably. The apps routinely share data and allow the use of weak passwords, and with poorly written privacy policy, leave the user and the data vulnerable to susceptible attacks.
Misuse of Data
Flawed data management security systems and poor privacy policies are not the only ways mental health apps risk the user’s data.
Each healthcare application functions and collects data differently. While some serve as a platform to connect users with experts who follow the rules regarding doctor-patient confidentiality, others request personal information to track the day-to-day functioning of the user that federal law may not bind.
In 2019, a study reported by The Washington Post revealed that several health apps that were catering to people battling depression or trying to quit smoking collected their sensitive data and shared it with third parties such as Facebook and Google without the user’s consent.
Prevention Of Data Misuse
However, most mental health applications work and function like any other app aiming to collect data and use it, one way or the other, for marketing purposes. Hence, users must understand the data shared while using mental health apps.
A user must adhere to simple yet essential steps such as following proper security steps, using reliable apps, examining privacy policy, using VPN, permitting access to the application, and reading its breach history before downloading the app.
