Back to Blog
securityencryptionrlsdefense-in-depthhealthtech

Health App Security Layers: Why Encryption Isn't Enough (Simply Explained)

A plain-language guide to health app security layers. No jargon, no tech speak, just what it means for your business.

By Mike Hodgen

Want the full technical deep dive? Read the detailed version

"We Encrypt Our Data" Is Not a Security Plan

I hear it on almost every call. A founder tells me, "We encrypt our data, so we're secure," like that settles it.

It doesn't. It's the start of the conversation, not the end.

I've built two health apps. A private health dashboard for a family member, and a child-development app for a client. Both used strong encryption from day one. Both still had real, exploitable holes.

That's not a contradiction. It's the whole point.

Encryption is like a safe. It scrambles your data so that if someone steals the file, all they get is gibberish without the key. Good. Necessary. You should have it.

But a safe does nothing if you leave the front door unlocked and hand strangers the combination. That's what most security holes actually are. Not someone cracking the safe. Someone walking right in the front door because the lock was broken.

In both apps I built, the data was encrypted and still exposed. The problem was never the encryption. It was everything around it.

The Front Door Is Where You Get Robbed

Let me show you the real holes I found in my own apps. None of them involved breaking the encryption.

Hole one: the door that let anyone in.

Think of a database as a vault full of filing cabinets. There's supposed to be a guard who checks ID before letting anyone open a drawer. In one of my apps, that guard was waving everyone through.

Anyone with the right web address could pull up private health records. No login. No password. The encryption worked perfectly. The vault just handed the decrypted files to total strangers because the guard said yes when he should have said no.

The fix is simple to describe. Lock everything by default. Then write narrow rules: "This person can see their own records, and nothing else." The most sensitive files get locked even tighter, so only the company's own servers can touch them.

When I went looking, I found nine of my own databases that were readable by anyone with the link. This problem is everywhere.

Hole two: changing a number to read someone else's records.

This is the most common hole I find in apps, especially ones built quickly with AI tools.

Imagine you log into a health app and the web address says you're looking at "patient 4827." What happens if you change that to "4828"? In a badly built app, you'd see a stranger's medical history. One number changed, and you're reading someone else's records.

The mistake is trusting what the user's request says. A good app ignores the number in the request entirely. It checks who you actually logged in as, and only shows you your own data. Everything else returns nothing.

The app works fine in testing because nobody tampers with the number during testing. That's exactly why this hole survives all the way to launch.

Hole three: sensitive data hiding in the workshop.

This one surprised me in my own work.

When developers build software, they keep a running history of every change, like a workshop full of old blueprints and drafts. In one app, real-looking patient data had been saved into that history. Someone pasted in a real export "just to debug something" and forgot.

Here's the trap. Deleting that file later does nothing. The history keeps a copy of everything, forever, on every developer's laptop and backup. Your production encryption is useless if a plaintext copy is sitting in a draft from three months ago.

The fix: never use real customer data for testing. Make fake data instead. And set up an automatic check that refuses to save anything that looks like real records.

Hole four: photos anyone could download.

Health apps store more than text. They store images, scanned documents, uploads.

In one app, any of those files could be downloaded by anyone with the link. No login. And links leak constantly. They show up in logs, screenshots, support tickets. A link is not a secret.

The fix works like a hotel keycard. The file storage is locked by default. When you're allowed to see a specific file, the server hands you a temporary key that opens that one file and stops working a few minutes later. Even if the link leaks, it's already dead by the time anyone finds it.

The Camera You'll Wish You Had

Encryption belongs in the mix, but as one layer of many, not the whole plan.

The one piece I want to highlight is the audit log. It's basically a security camera for your data. It records who looked at what, and when.

It doesn't stop a break-in. I'm honest about that. But it answers the one question regulators and customers always ask after something goes wrong: "What was exposed, and to whom?"

Without it, your answer is a shrug, and you have to assume the worst about everything. With it, your answer is a precise list. That's the difference between a contained problem you can report and an emergency that threatens the whole company.

Six Locks, Not One

Here's the honest summary. Real security is layers, so that if one lock fails, the next one holds.

  1. Encryption so a stolen file is gibberish.
  2. A strict guard on the database that locks everything by default.
  3. Identity checks on the server that ignore what the request claims and verify who you really are.
  4. No real data in the developer workshop. Fake test data only.
  5. Private file storage with temporary, expiring access keys.
  6. A security camera (audit log) so you can prove exactly what happened.

If any one lock fails, the next one catches the problem before data gets out.

And here's the part that should get your attention. I shipped both health apps with encryption and still had four real holes. I build this for a living. I was paying attention. I still missed them.

If I missed four building solo, your team is missing some too. That's not an insult. It's just how this works. The app passes every test, and the holes only show up when someone goes looking.

That's what I do when I review a company's setup. I go looking the way an attacker or a regulator would, before either of them gets the chance.

Ready to bring AI leadership into your company?

I work with a small number of companies at a time. If you're serious about AI, apply to work together and I'll review your application personally.

Apply to Work Together

Get AI insights for business leaders

Practical AI strategy from someone who built the systems — not just studied them. No spam, no fluff.

Ready to automate your growth?

Book a free 30-minute strategy call with Hodgen.AI.

Book a Strategy Call