Mobile Healthcare App Integrity Is Now a Patient Safety Issue

The COVID-19 pandemic was a forcing factor for adoption of mobile healthcare apps. Between 2020 and 2024, the number of people accessing their medical records via a mobile app grew from 38% to 57%. But the initial event-correlated spike is proving to be an ongoing trend. By some estimates, the global healthcare mobile application market is projected to grow from $114.17 billion in 2024 to $1,070.58 billion by 2030 (CAGR 45.2%). The public-facing mobile applications that make up this substantial growth include:

• Medical device/software-as-medical device (SaMD) apps (e.g., blood glucose or blood pressure monitors)
• Telehealth/remote virtual care (clinical and diagnostic tools, including mental health access and AI-assisted care)
• Medical insurance portal apps (e.g., private subscriber information, plan enrollment details, billing)
• Healthcare admin apps (e.g., patient scheduling, EHR, private messaging, prescription orders, co-pay billing)
• Self-care apps (e.g., prescription reminders, chronic condition management, alcohol/tobacco use, fertility trackers)
• Wellness/lifestyle apps (e.g., fitness, meditation, nutrition)

But the rapid proliferation of mobile healthcare apps is also simultaneously expanding opportunities for malicious exploitation and increasing the burdens of regulatory accountability. According to a 2025 Ponemon Institute study, insecure healthcare mobile apps are the top cyber concern in the industry, cited by more than half (55%) of respondents. Another report from Zscaler shows that the healthcare industry experienced a 224% increase in mobile attacks last year.

There are also a few global healthcare trends that amplify the critical need for comprehensive mobile application security against malicious attacks seeking to disrupt care systems, steal valuable data, and even jeopardize patient safety.

Greater economic stress on global healthcare systems

As healthcare systems around the world continue to recover from peak pandemic-era stressors, new economic pressures will have a negative impact on costs borne by hospitals, insurers, and patients. These compounding factors include general inflation, international trade policies destabilizing the pharmaceutical supply chain, and regional armed conflicts.

Overall, the average global cost of healthcare increased by more than 10% last year, and that inflation rate is projected to continue through 2026. Some localities are experiencing more acute problems. In India, medical costs have been rising at nearly twice the rate of general inflation for the past decade. As China's population ages, care costs are increasing faster than the money flowing into the country's insurance funds. Healthcare may pay the highest price in the long-term EU budget, as other priorities increasingly draw resources away. US cuts in Medicaid spending put one-third of all rural hospitals at risk of closing.

With many governments struggling to manage budgetary challenges, austerity measures are being implemented in some localities. And this is precisely where mobile health apps are well-positioned to fill critical need gaps – while also exposing new security risks for healthcare institutions, insurers, and patients.

Reducing costs, expanding access, and improving outcomes

Mobile applications for primary care telemedicine and CRM as well as supplementary care (e.g., remote patient monitoring, mental health support, and self-care for things like medication adherence or chronic disease management) will help relieve some of the burden on in-person health services and reduce system-wide costs. This includes at-home support for people with mobility limitations or those in remote or underserved geographies. Currently, nearly 60% of the global population lack access to essential health services (approximately 4.5 billion individuals).

At the same time, more than 70% of the global population reside in low- and middle-income countries where mobile networks are rapidly expanding. Broader connectivity enables the delivery of health services via mobile platforms, helping to bridge gaps and improve access to essential care. Some relevant active use cases include:

• In the UK, remote healthcare monitoring has helped reduce the pressure on healthcare infrastructure, improve the quality of care, and decrease hospital stays. Measured results in specific programs over a single year included 2915 saved hospital bed days and a 22% decrease in subsequent home visits.
• In India, the Institute of Breast Disease (IBD) launched two mobile applications to improve breast cancer awareness, early detection, and continuity of care among patients in Kolkata. The launch is part of IBD’s broader effort to reach diverse populations and support patients across different stages of breast cancer care.
• South Korea is managing a transition toward a super-aged society by restructuring how medical services are delivered to elderly populations outside metropolitan areas. A tech-savvy population has helped accelerate the uptake of mobile health applications and wearable monitoring devices. Remote healthcare technologies serve as a vital bridge, allowing patients in island communities and mountainous regions to access top-tier specialists in Seoul without physical travel.

Beyond helping hospitals manage funding cuts and expanding access to essential services, mobile healthcare apps can also help reduce institutional friction caused by the persistent worldwide shortage of skilled medical professionals and rising labor costs. The global healthcare worker shortage is expected to reach at least 10 million by 2030. A new mobile app for shift scheduling at Springfield Memorial Hospital in Illinois has helped its error rate decrease by 72% and its shift fulfillment rate soar from 40% to 70%.

Evolving compliance requirements bring new responsibilities

Because mobile healthcare apps may now combine disparate technologies such as AI, cloud, and IoMT devices, developers must keep up with ever-changing security and privacy conditions. In different regions, there are specific laws, regulations, and governance agencies that impact compliance requirements for mobile healthcare apps. These typically focus on two main concerns: patient safety and patient privacy.

PATIENT SAFETY: These regulations aim to avoid risks to human life. Over the past two years, cybersecurity incidents disrupted patient care at 55% of healthcare organizations. More than half of those attacks (54%) increased mortality rates, and more than one-third (36%) caused delays in procedures and tests that resulted in poor outcomes. A recent iOS app system failure demonstrates how issues similar to cyberattacks can directly harm patients. Repeated app crashes drained battery power from connected t:slim X2 insulin delivery pumps, causing them to prematurely shut down, which injured more than 220 people with diabetes.

The US Food and Drug Administration (FDA) and the EU’s European Medical Device Regulation (EU MDR) regulate public availability of medical devices, as well as software that controls a medical device, software used to manufacture a medical device, or SaMDs. Last year, the EU released significant guideline changes to expand its medical device framework, updating the classification rules for medical device software to include app platform providers with a direct medical purpose and medical device artificial intelligence.

PATIENT PRIVACY: Private health information is extremely valuable on the black market. Almost all (96%) healthcare organizations have experienced two or more incidents of data loss or exfiltration involving sensitive and confidential patient data in the last two years. Healthcare industry regulations and general data privacy laws may apply to mobile apps that:

• Help consumers track or monitor fitness or activity, diet, mood, sleep, menstruation or fertility, smoking or alcohol consumption, or medications
• Help consumers view, use, or share their medical records or health insurance claims data or otherwise access information from their doctor, health care clinic, or health plan
• Sync with health platforms or internet-connected devices, like a fitness tracker, sleep monitor, blood pressure monitor, or a watch that records activity or heart rate
• Diagnose or treat a disease or health condition, or record information that might be relevant to diagnosis or treatment

In the US, new HIPAA regulations are expected this year (the last major update was in 2013). Despite uncertainties in federal circles, there is bipartisan support for new healthcare cybersecurity requirements due to the massive number of attacks and breaches. The proposed update to the HIPAA Security Rule is a major overhaul (393 pages). Some key points relevant to mobile app security include:

• Reviews and tests of security measures: Must be conducted at least every 12 months
• Vulnerability scans: Must be conducted at least every 6 months
• Technical safeguard for portable devices: Controls required for computer workstations extended to mobiles, tablets, and other portable devices
• Patch management: Timely implementation of patches and software updates
• Anti-malware protection: Software must be implemented to protect against malicious code

Mobile healthcare apps need comprehensive security

A study on public attitudes toward mobile health apps across several European countries revealed that 21.87% of respondents currently use health apps, while 42.71% expressed interest in future use. However, concerns about data misuse (72.34%) and hacking (63.68%) were prevalent.

Detailed research (published in October 2025) shows that Android healthcare apps lack adequate protection. Researchers found that many transmit information without encryption, store files without safeguards, or share data through third-party components. The study included static application security testing (SAST) performed by OWASP Mobile Audit. The results suggest that most apps reached users without consistent security testing. The OWASP audit found an average of 44 critical vulnerabilities per app and more than 2,000 high-severity issues – such as insecure storage, unvalidated inputs, and weak credential handling. One app contained 299 critical issues, while another exceeded 11,000 high-severity findings. A different study (published in July 2025) shows that insecure APIs are another common area of focus for cyber threats targeting mobile health delivery.

Malicious actors will exploit any opportunity they’re given – whether it’s early in the design and development phases of building a mobile health app, or later in production once that app has been released into the wild. It’s not surprising that 91% of mobile app developers today prefer security that covers the entire software development lifecycle (SDLC).

This kind of comprehensive security starts with automated mobile application security testing (MAST) to continuously address potential issues in context as the code is being built. Mobile health apps also need multi-layered code hardening (different forms of obfuscation) as well as runtime checks (RASP) to prevent reverse engineering and tampering attacks post-release. These protections can be further fortified with threat monitoring for real-time visibility, as well as API security to stop fraud attacks and server-side abuse caused by unauthentic mobile apps or malicious bots.

Guardsquare’s platform combines purpose-built testing and best-of-breed protections for complete mobile healthcare app security across all stages of the SDLC.

To learn how Guardsquare can help secure your mobile health and wellness applications, contact an expert today.