Skip to main content

The Cybersecurity Risks of Using Mobile Devices for Healthcare in Low Resource Environments

September 6, 2017


Devon Stark

With the number of smart phone owners rapidly on the rise, mobile technology is increasingly viewed as a viable manner in which to address complex challenges to improving healthcare provision and accessibility in low-resource and developing contexts (Unger, 2017). However, along with this ability come a number of potential security risks, which have remained largely unaddressed in either the literature on this topic or in related field practices.

Seeking to fill some of this gap, this report first provides an overview of most common uses of mobile technology in developing healthcare systems, shining a spotlight on how these advances have led to significant positive changes to maternal healthcare in rural locales. It then moves to consider potential risks inherent to the use of these technologies, including personal data hacking by outside sources, as well as lack of security at a more individual level, and within households. Finally, it seeks to analyze two additional challenges that affect low-income systems uniquely: that of enforcing security-related regulations, and of interacting with NGOs and other aid organizations.

Based on these analyses, this report concludes that while mobile technology represents an important and exciting advancement in health systems, it is critical that academics and those working more directly in the field to improve these health systems more closely consider the inherent risks associated with implementing these technologies in low-resource environments.

New Uses for Mobile Technology in Low-Resource Healthcare Systems

In the past decade, mobile technology has become an increasingly feasible way of improving healthcare accessibility in low-resource (and often rural) contexts (Deloitte 2014). Mobile phone usage is often already high even in rural, low-resource settings, and where it isn’t, these technologies can be provided at low cost by donor organizations (NIH 2009). At perhaps the most basic level, more and more healthcare systems have moved patient data records online, with individuals showing largely receptive responses to using these resources (Gartland, 2013). Specific to mobile technology, recent innovations have allowed patients to talk to healthcare providers and access educational materials through an application on their smart phone (Leveille, 2016).

These technological innovations show successful records of implementation and population receptivity, resulting in marked improvements in a number of places, particularly in rural, low-resource contexts where healthcare systems remain underdeveloped. For instance, it is necessary to consider the array of unique challenges that developing healthcare systems face. Particularly, in Sub-Saharan Africa (where health systems are, on average, least developed), a variety of issues exist, from more directly health-related — lack of medical supplies and medicine — to systemic issues such as lack of transportation infrastructure and educated health providers (Leveille, 2016).

Mobile technologies can address a number of these issues in a way that previous healthcare interventions have not. For example, in rural communities, it is often easier for healthcare providers to talk to patients remotely rather than attempt to transport an already scarce workforce to every individual town. Additionally, when clinic space is often limited or otherwise inaccessible, accessing one’s records, or being able to assess medical need through mobile devices can be key (Leveille, 2016). And above all, mobile technology has been found to make medical systems more efficient — a critical factor in some medical contexts (NIH 2009). We see this particularly in the field of global maternal health, where mobile technology has made some of its biggest advances.

Maternal Healthcare

Maternal healthcare — prenatally but especially in care during labor — presents unique challenges in developing, low resource contexts in that childbirth poses a particularly high risk to mothers; and, in pretty much all cases, these individuals require access to qualified professionals, be it in the form of midwives, community health workers, or physicians (Leveille, 2016).

Additionally, complications can arise before, during, or after childbirth; often, it is critical to determine quickly whether or not these require referral to a higher level of care such as a regional clinic or hospital (Unger, 2017). Therefore, the ability to access educational information, or to communicate about one’s symptoms via mobile technology represents a significant improvement in women’s ability to seek proper care. But throughout all of these advances, it seems that the community has neglected to properly address issues of security that might follow.

Potential Cybersecurity Risks

However, it is unclear whether mobile phone-accessible records are more or less secure than their paper or online and computer-accessed counterparts. While some sources indicate that mobile phones are harder for outsiders to “hack” than computers (Gillies, 2015), a 2014 study found that since mobile phones are vulnerable to the same types of threats as computers (Bajwa 2014). Moreover, at a more individual level, people are more likely to lose mobile phones, and generally protect them with only a 4-digit pin (Bajwa, 2014). Finally, as a relatively new development in health technologies, it is important to note that best practices on many security questions simply haven’t been established. For example, how to regulate which devices individuals can use to access health records, and which data can be stored on mobile devices (Bajwa, 2014).

Further, while it seems security risks are inherently possible when personal information, such as patient health records, are mobilized; these risks increase in low-resource contexts because of their tendency to use older software, as well as to have gaps in user education and systems management. That is, systems with fewer resources logically may not be able to afford to consider or address all of these questions if they dedicate resources to the development of these technologies above all else.

Larger Problems: Lack of Enforced Regulations, and NGO Practices in Low-Resource Contexts

In addition to the cybersecurity risks that are inherent to any use of technology in a healthcare context, low-resource, developing systems face unique challenges in terms of their ability, or inability, in many cases, to regulate technologies and monitor risk. Moreover, areas with few resources to improve their health systems also tend to cultivate relationships with NGOs and other aid agencies — a phenomenon that presents additional complexities to addressing security risk as a result of technological innovations.

For example, in general, in order for long term success of NGO-led projects (i.e., for them to continue even after the nonprofit leaves the community), communication and cooperation between the local government and the nonprofit organization is key (Yagub 2014). However, in settings where governments are unstable, this relationship can be difficult to cultivate (Yagub 2014).

Also, it seems that in many low-resource environments, the tolerance for error is much higher than it would be in a Western context, maybe based on the idea that any “modernizing” step will help in systems where so many different aspects need improvement. Perhaps for this reason, in some cases, it seems that NGOs have partnered with local organizations to test out mobile technology use in healthcare with little or no regard for security issues at hand (Gartland, 2017). Such practice makes vulnerable populations even more vulnerable.


Overall, this paper suggests that while mobile technology in health represents an exciting new step in the development of health systems in low resource settings, one must consider the security risks that inherently accompany this type of innovation. Further, not only do low resource settings face additional challenges in terms of modernizing their security measures and educating the public about this necessity — they must also navigate complex relationships between governmental agencies and humanitarian groups seeking to provide these new technologies. Considering all of these factors, it seems that at very least, the health systems building community must proceed with caution in the implementation of these measures in order to protect individuals. Finally, NGOs must take care to protect vulnerable populations when testing mobile healthcare technology.


Unger, Jennifer (2017). mHealth Technologies to Improve Global Maternal and Neonatal Health. Lecture: UW Kane Hall, Seattle, 1 June 2017. Accessed 31 July 2017.

The mHealth opportunity in Sub-Sahara Africa: The path towards practical application (2014). Deloitte. Accessed 2 Aug 2017.

Fiore, Brittany (2013). Mobile video for patient education: the midwive’s perspective. Accessed 31 July 2017.

Leveille, Tarikwa (2016). MOBILE HEALTH AND ITS ROLE IN ADDRESSING MATERNAL HEALTH IN SUB- SAHARAN AFRICA. International Development, Community and Environment (IDCE), Clark University, paper 43. Accessed 2 Aug 2017.

Gillies, Trent (2015). Cell phones a harder hack target than computers, FireEye’s President says. CNBC. Accessed 2 August 2017.

Bajwa, Mohammad (2014). mHealth security. Pakistan Journal of Medical Sci. 30(4): 904–907. Accessed 2 Aug 2017.

Fiore-Gartland, Brittany (2017). Interview, 27 July 2017.

NIH, Fogarty International Center (2009). Mobile health: a high-tech innovation ideal for low-resource settings. Global Health Matters, 8 (6). Accessed 10 Aug 2017.

Yagub, Abdallah (2014). Collaboration between Government and Non-Governmental Organizations (NGOs) in Delivering Curative Health Services in North Darfur State, Sudan- a National Report. Iranian Journal of Public Health, 43 (5). Accessed 10 Aug 2017.

This publication was made possible in part by a grant from Carnegie Corporation of New York. The statements made and views expressed are solely the responsibility of the author.