Comparative Analysis of Embedded Systems for Mobile Health Applications Against Cyber Attacks: A Review Study
DOI:
https://doi.org/10.26740/vubeta.v3i2.44150Keywords:
Embedded Systems, Mobile Health Applications, Cyber Attacks, Cybersecurity, mHealthAbstract
Mobile health applications and embedded systems have transformed healthcare by offering real-time monitoring, remote diagnostics, and better patient outcomes. However, reliance on digital health solutions introduces significant cybersecurity challenges, requiring robust security measures to protect sensitive patient data. This paper discusses the security needs of embedded systems in mHealth, emphasizing the importance of confidentiality, integrity, and availability to safeguard data. It reviews compliance frameworks such as HIPAA and GDPR, which set data protection standards. The research highlights the need for cybersecurity to support patient safety, mitigate risks after device compromise, and defend against emerging threats. Comparative studies of current security technologies, both hardware- and software-based, show their impact against cyberattacks. Finally, the paper discusses trends such as AI-driven threat detection, post-quantum cryptography, and edge computing as future mHealth security paradigms. By adopting strong security protocols, healthcare institutions can boost trust, meet regulations, and secure mHealth embedded systems.
References
[1] I. Ahmad, F. Shahid, J. Islam, K. Haque, and E. Harjula, “Adaptive Lightweight Security for Performance Efficiency in Critical Healthcare Monitoring”, arXiv preprint, 2024. https://arxiv.org/abs/2406.03786
[2] A. Aldahmash, A. Alzahrani, and O. Alfarraj, “A Review on Usability, Security, and Privacy for Mobile Health Applications”, Journal of Healthcare Engineering, 2023.
[3] Y. Al-Issa, M. Ottom, and A. Tamrawi, “eHealth Cloud Security Challenges: A Survey”, Journal of Healthcare Engineering, 2019. https://doi.org/10.1155/2019/7516035
[4] B. Aljedaani, A. Ahmad, M. Zahedi, and M. Babar, “End-Users' Knowledge and Perception about Security of Mobile Health Apps: A Case Study with Two Saudi Arabian mHealth Providers”, arXiv preprint, 2021.
[5] R. Aljedaani, M. Alshahrani, and N. Alalwan, “Secure Mobile Health Applications: Developer Perspectives”, arXiv preprint, 2020.
[6] G. Almashaqbeh, A. Alshorman, and M. Al-Kasasbeh, “Security Analysis of Top-Ranked mHealth Fitness Apps: An Empirical Study”, In Advances in Cyber Security: Third International Conference, ACeS 2023, pp. 287-299, 2023.
[7] G. Almashaqbeh, A. Alshorman, and M. Al-Kasasbeh, “Security Analysis of Top-Ranked mHealth Fitness Apps: An Empirical Study,” arXiv, 2024.https://arxiv.org/abs/2409.18528
[8] M. Aloqaily, Y. Jararweh, and T. Baker, “BEdgeHealth: Blockchain-Based Secure Edge Framework for Healthcare Applications,” IEEE Transactions on Industrial Informatics, vol. 19, no. 3, pp. 2290–2301, 2023. https://arxiv.org/abs/2109.14295
[9] M. Alqarni and A. Azim, “Enhancing Embedded IoT Systems for Intrusion Detection Using a Hybrid Model,” Artificial Intelligence for Security, pp. 247–263, 2024. https://doi.org/10.1007/978-3-031-57452-8_15
[10] M. A. Alqarni, M. M. Hassan, and A. Almogren, “Security Challenges in IoT-Based Healthcare Systems: A Review of Emerging Threats and Solutions,” Sensors, vol. 23, no. 4, p. 1123, 2023. https://doi.org/10.3390/s23041123
[11] M. Alqarni et al., “Security Challenges in Mobile Health Applications: A Review,” Journal of Healthcare Cybersecurity, vol. 12, no. 3, pp. 45–62, 2023.
[12] B. Alshahrani, E. Alsolami, and A. Alghamdi, “Lightweight Implementation of the AES Encryption Algorithm for IoT Applications Constrained by Memory and Processing Power,” IEEE Access, 2023. https://ieeexplore.ieee.org/document/10554275
[13] Z. Alwaisi, S. Soderi, and R. De Nicola, “Detection of Energy Consumption Cyber Attacks on Smart Devices,” arXiv preprint, 2024. https://arxiv.org/abs/2404.19434
[14] M. Alwazzeh, S. Karaman, and M. N. Shamma, “Man in The Middle Attacks Against SSL/TLS: Mitigation and Defeat,” Journal of Cyber Security and Mobility, 2020. https://doi.org/10.13052/jcsm2245-1439.933
[15] A. Amod, “Regulatory Frameworks for Mobile Health Security: A Comparative Analysis of HIPAA and GDPR,” International Journal of Health Informatics, vol. 18, no. 1, pp. 78–94, 2024.
[16] F. Amod, “The CIA Triad for HIPAA,” 2024. https://www.paubox.com/blog/the-cia-triad-for-hipaa
[17] Analog D., “Cryptography: Is a Hardware or Software Implementation More Effective?,” 2020. https://www.analog.com/en/resources/technical-articles/cryptography-is-a-hardware-or-software-implementation-more-effective.html
[18] G. Aruwa and C. Oluwakemi, “The Impact of Android Malware on Mobile Health Applications (mHealth Apps) SERVICES,” 2016.
[19] D. Atkins, “Requirements for Post-Quantum Cryptography on Embedded Devices in the IoT,” 2021. https://csrc.nist.gov/CSRC/media/Events/third-pqc-standardization-conference/documents/accepted-papers/atkins-requirements-pqc-iot-pqc2021.pdf
[20] Audit3AA, “How to Implement Secure Software Updates,” 2023. https://audit3aa.com/blog/how-to-implement-secure-software-updates
[21] A. Bajpai, A. Singh, V. Kansal, S. Prakash, T. Yang, and R. S. Rathore, “Blockchain-Enabled Real-Time Intrusion Detection Framework for a Cyber-Physical System,” 2024 International Conference on Decision Aid Sciences and Applications (DASA), pp. 1–7, 2024. https://doi.org/10.1109/DASA63652.2024.10836323
[22] Bakar et al., “High-Gain Transimpedance Amplification for a Wireless Glucose Monitoring System,” Analog Integrated Circuits and Signal Processing, 2024. https://doi.org/10.1007/s10470-024-02276-x
[23] Binariks, “How Edge Computing Enhances Healthcare Data Security,” 2023. https://binariks.com/blog/edge-computing-for-healthcare-data/
[24] BIO-key, “Types of Multi-Factor Authentication Methods,” 2025. https://www.bio-key.com/multi-factor-authentication/types-multi-factor-authentication-methods/
[25] BitLyft, “Future Trends in AI and Machine Learning for Cybersecurity,” 2025. https://www.bitlyft.com/resources/future-trends-in-ai-and-machine-learning-for-cybersecurity
[26] BitSight, “5 Risks of Outdated Software & OS,” 2023. https://www.bitsight.com/blog/outdated-software-issues
[27] D. M. Blough and others, “Security in Embedded Systems: Design Challenges,” ACM Transactions on Embedded Computing Systems, vol. 3, no. 3, pp. 461–491, 2004. https://doi.org/10.1145/1015047.1015049
[28] J. M. Carrillo-de-Gea and J. A. García-Berná, “Security Vulnerabilities in Healthcare: An Analysis of Medical Devices and Software,” Health and Technology, vol. 13, pp. 8558, 2023.
[29] J. Cawthra, M. Ekstrom, J. Sexton, J. Sweetnam, and A. Townsend, “Data Integrity: Detecting and Responding to Ransomware and Other Destructive Events Volume A: Executive Summary,” 2020. https://doi.org/10.6028/NIST.SP.1800-26
[30] Cawthra et al., “Data Integrity and Cybersecurity in Healthcare: Addressing Vulnerabilities,” National Institute of Standards and Technology (NIST) Report, 2020.
[31] Z. Cekerevac, L. Prigoda, and F. Al-Naima, “Security Risks from the Modern Man-in-the-Middle Attacks,” MEST Journal, vol. 13, no. 01, 2025. https://doi.org/10.12709/mest.13.13.01.xx
[32] CISA, “Understanding Patches and Software Updates,” 2023. https://www.cisa.gov/news-events/news/understanding-patches-and-software-updates
[33] ClariMed, “Implementing Zero-Trust Security in mHealth: A Case Study,” Cybersecurity Innovations, vol. 22, no. 1, pp. 50–68, 2025.
[34] ClariMed, “Medical Device Cybersecurity: Best Practices,” 2025. https://clarimed.com/resources/blog/cybersecurity-in-healthcare-building-resilient-medical-devices
[35] Cloud Security Web, “Ensuring HIPAA Compliance: A Robust Security Risk Assessment,” 2024. https://cloudsecurityweb.com/articles/2024/07/02/ensuring-hipaa-compliance-a-robust-security-risk-assessment/
[36] T. Contributor, “Cyber Hijacking,” 2021. https://www.techtarget.com/searchsecurity/definition/hijacking
[37] Cyber Risk Insight, “Leveraging AI for Enhanced Cybersecurity: Real-Time Threat Detection,” 2023. https://www.cyberriskinsight.com/operations/leveraging-ai-enhanced-cybersecurity-threat/
[38] Dataprise, “Healthcare Best Cybersecurity Practices,” 2024. https://www.dataprise.com/resources/blog/healthcare-best-cybersecurity-practices/
[39] DigiCert, “How Will Quantum Computing Impact Healthcare Security?,” 2023. https://www.digicert.com/blog/how-will-quantum-computing-impact-healthcare-security
[40] DigiKey, “Low-Power MCUs Simplify Healthcare and IIoT Design,” 2025. https://www.digikey.com/en/articles/use-a-portfolio-of-microcontrollers-for-healthcare-industrial-iot-design
[41] Eastgate Software, “Blockchain for Data Security in Mobile Health Applications,” Journal of Medical Blockchain Research, vol. 15, no. 2, pp. 34–51, 2025.
[42] Eastgate Software, “Cybersecurity in Healthcare: Protecting Patient Data and Systems,” 2025. https://eastgate-software.com/cybersecurity-in-healthcare-protecting-patient-data-systems/
[43] EICTA, “IoT Networks: Communication Protocols, Security, and Infrastructure,” 2022. https://eicta.iitk.ac.in/knowledge-hub/internet-of-things/iot-networks-communication-protocols-security-and-infrastructure/
[44] eInfochips, “Importance of Cybersecurity in Healthcare and Medical Devices,” 2022. https://www.einfochips.com/blog/importance-of-cybersecurity-in-healthcare-and-medical-devices/
[45] A. Faraone and R. Delgado-Gonzalo, “Convolutional-Recurrent Neural Networks on Low-Power Wearable Platforms for Cardiac Arrhythmia Detection,” arXiv preprint, 2020. https://doi.org/10.1109/AICAS48895.2020.9073950
[46] S. Frey, M. Guermandi, S. Benatti, V. Kartsch, A. Cossettini, and L. Benini, “BioGAP: a 10-Core FP-capable Ultra-Low Power IoT Processor, with Medical-Grade AFE and BLE Connectivity for Wearable Biosignal Processing,” arXiv preprint, 2023. https://doi.org/10.1109/COINS57856.2023.10189286
[47] Frontegg, “7 Multi-Factor Authentication Solutions and Their Pros/Cons,” 2023. https://frontegg.com/guides/multi-factor-authentication-solutions
[48] GE HealthCare, “Cybersecurity in Healthcare: Connectivity of Medical Devices,” 2023. https://www.gehealthcare.com/insights/article/cybersecurity-in-healthcare-connectivity-of-medical-devices
[49] Healthcare Tech Outlook, “The Importance of Cybersecurity in Protecting Patient Safety,” 2024. https://www.healthcaretechoutlook.com/news/the-importance-of-cybersecurity-in-protecting-patient-safety-nid-4257.html
[50] B. Inkster, C. Knibbs, and M. Bada, “Cybersecurity: a Critical Priority for Digital Mental Health,” Frontiers in Digital Health, vol. 5, 2023. https://doi.org/10.3389/fdgth.2023.1242264
[51] W. Jack, “Mobile Health and IoT Security: A Threat Modeling Approach to Enhance Cyber Security and Ensure Corporate Resilience,” ResearchGate, 2024. https://www.researchgate.net/publication/387502162_Mobile_Health_and_IoT_Security
[52] M. A. Khan and K. Salah, “Hybrid Lightweight Cryptography Using AES and ECC for IoT Security,” Advances in Intelligent Systems and Computing, vol. 1365, pp. 213–223, 2022. https://link.springer.com/chapter/10.1007/978-981-99-9811-1_19
[53] A. Knight, “100% of Tested mHealth Apps Vulnerable to API Attacks,” HIPAA Journal, 2021. https://www.hipaajournal.com/100-of-tested-mhealth-apps-vulnerable-to-api-attacks/
[54] M. Kosinski, “What is a Data Breach,” 2024. https://www.ibm.com/topics/data-breach
[55] N. Kshetri, R. Mishra, M. M. Rahman, and T. Steigner, “HNMblock: Blockchain Technology Powered Healthcare Network Model for Epidemiological Monitoring, Medical Systems Security, and Wellness,” arXiv preprint, 2024.
[56] M. Kumar, H. Raj, N. Chaurasia, and S. S. Gill, “Blockchain Inspired Secure and Reliable Data Exchange Architecture for Cyber-Physical Healthcare System 4.0,” arXiv preprint, 2023.
[57] LifeWire, “Microsoft Outages Show Why Governments Need to Ditch Big Tech,” 2024. https://doi.org/10.1016/j.iotcps.2023.05.006
[58] T. Lu, “A Survey on RISC-V Security: Hardware and Architecture,” arXiv preprint, 2021. https://arxiv.org/abs/2107.04175
[59] S. O. Maikol, A. S. Khan, Y. Javed, A. L. A. Bunsu, C. Petrus, H. George, and S. Jau, “A Novel Authentication and Key Agreement Scheme for Countering MITM and Impersonation Attack in Medical Facilities,” International Journal of Integrated Engineering, vol. 13, no. 2, pp. 127–135, 2021. https://doi.org/10.30880/ijie.2021.13.02.015
[60] J. Martinez and J. McCarthy, “What is an Attack Vector? 15 Common Attack Vectors to Know,” 2024. https://www.strongdm.com/blog/attack-vector
[61] mHealth Hub, “Cybersecurity in the Future of Health,” 2024. https://mhealth-hub.org/cybersecurity-in-the-future-of-health
[62] Microsoft, “TPM Recommendations,” 2023. https://learn.microsoft.com/en-us/windows/security/hardware-security/tpm/tpm-recommendations
[63] MoldStud, “Best Practices for Maintaining Security During Software Updates in Custom Software,” 2025. https://moldstud.com/articles/p-effective-strategies-for-ensuring-security-throughout-the-software-update-process-in-custom-applications
[64] D. H. Morais, “Data Communication Systems Protocol Stacks,” 5G/5G-Advanced, Wi-Fi 6/7, and Bluetooth 5/6. Cham: Springer, 2025. https://doi.org/10.1007/978-3-031-82830-0_2
[65] S. M. Mousavi, A. Zekry, and H. Patel, “Cybersecurity Risks and Countermeasures for Medical IoT Devices: An Embedded Systems Perspective,” Journal of Medical Systems, vol. 47, no. 2, pp. 29, 2023. https://doi.org/10.1007/s10916-023-1903-8
[66] Mousavi et al., “Cyber Threats and Countermeasures in Embedded Medical Devices,” IEEE Transactions on Biomedical Engineering, vol. 70, no. 4, pp. 1230–1245, 2023.
[67] National Institute of Standards and Technology (NIST), “Guidelines for Medical Device Security in Healthcare Settings,” NIST Special Publication 800-82 Rev. 3, 2024. https://doi.org/10.6028/NIST.SP.800-82r3
[68] NBC Chicago, “The Foundation of Modern Software Development is Under Rising Cyber Attack,” 2024. https://www.nbcchicago.com/news/business/money-report/the-foundation-of-modern-software-development-is-under-rising-cyber-attack/3675442/
[69] A. I. Newaz, A. K. Sikder, M. A. Rahman, and A. S. Uluagac, “A Survey on Security and Privacy Issues in Modern Healthcare Systems,” ACM Transactions on Computing for Healthcare, vol. 2, no. 3, 2021. https://doi.org/10.1145/3453176
[70] L. H. Newman, “Therapy Sessions Exposed by Mental Health Care Firm's Unsecured Database,” Wired, 2024. https://www.wired.com/story/confidant-health-therapy-records-database-exposure
[71] NXP Semiconductors, “Post-Quantum Cryptography: Migration Challenges for Embedded Devices,” 2024. https://www.nxp.com/docs/en/white-paper/POSTQUANCOMPWPA4.pdf
[72] Openware, “Blockchain in Healthcare: Improving Data Security and Patient Privacy,” 2023. https://www.openware.com/news/articles/blockchain-in-healthcare-improving-data-security-and-patient-privacy
[73] OriginStamp, “The Cybersecurity Risks of Using Outdated Software,” 2022. https://originstamp.com/blog/the-cybersecurity-risks-of-using-outdated-software
[74] D. Papp, Z. Ma, and L. Buttyán, “Embedded Systems Security: Threats, Vulnerabilities, and Attack Taxonomy,” Proceedings of the 13th Annual Conference on Privacy, Security and Trust (PST), pp. 145–152, 2015. https://doi.org/10.1109/PST.2015.7232966
[75] Ping I., “The Imperative of Multi-Factor Authentication (MFA) in Healthcare,” 2023. https://www.pingidentity.com/en/resources/blog/post/imperative-mfa-in-healthcare.html
[76] N. R. Potlapally, S. Ravi, A. Raghunathan, and N. K. Jha, “Analyzing the Energy Consumption of Security Protocols,” Proceedings of the 2003 International Symposium on Low Power Electronics and Design, pp. 30–35, 2003. https://doi.org/10.1145/871506.871518
[77] M. Prakash, “The CIA Triad (Confidentiality, Integrity, and Availability),” 2022. https://www.knowledgehut.com/blog/security/cia-in-cyber-security
[78] PUFsecurity, “TPM 2.0-Ready: Top Security with PUFcc,”. https://www.pufsecurity.com/document/tpm-2-0-ready-top-security-with-pufcc/
[79] Quantinuum, “Quantinuum,” 2024. https://en.wikipedia.org/wiki/Quantinuum
[80] M. M. Rahman, S. Kabir, and I. H. Sarker, “AI-Driven Anomaly Detection in Healthcare IoT Networks: Strengthening Cybersecurity Against Threats,” Future Generation Computer Systems, vol. 140, no. 4, pp. 150–165, 2023. https://doi.org/10.1016/j.future.2023.08.015
[81] Reinvently, “Ensuring HIPAA Compliance in Mobile Health Apps,” Health Tech Compliance Review, vol. 9, no. 1, pp. 22–40, 2017.
[82] Renesas, “High Data Throughput using Bluetooth® Low Energy for Low-Power Wireless Communication,” 2019. https://www.renesas.com/us/en/document/whp/high-data-throughput-using-bluetooth-low-energy-low-power-wireless-communication
[83] R. Sahay, J. P. Mishra, and S. K. Sahay, “Modern Hardware Security: A Review of Attacks and Countermeasures,” arXiv preprint, 2025. https://arxiv.org/abs/2501.04394
[84] A. H. Seh, M. Zarour, M. Alenezi, A. K. Sarkar, A. Agrawal, R. Kumar, and R. A. Khan, “Healthcare Data Breaches: Insights and Implications,” Healthcare (Switzerland), vol. 8, no. 2, 2020. Link: https://doi.org/10.3390/healthcare8020133
[85] SEI Blog, “Secure Software Updates,” 2016. https://insights.sei.cmu.edu/blog/secure-software-updates/
[86] M. A. Siddiqi, C. Doerr, and C. Strydis, “IMDfence: Architecting a Secure Protocol for Implantable Medical Devices,” arXiv preprint, 2020. https://doi.org/10.1109/ACCESS.2020.3015686
[87] R. Singh and P. Gupta, “Artificial Intelligence for Threat Detection in Healthcare Cybersecurity,” AI & Healthcare Security Journal, vol. 19, no. 1, pp. 89–102, 2024.
[88] R. Singh and P. Gupta, “Enhancing Security in Smart Healthcare: A Framework for Resilient Embedded Systems,” IEEE Transactions on Biomedical Engineering, vol. 71, no. 1, pp. 77–89, 2024. https://doi.org/10.1109/TBME.2024.3289762
[89] D. Stewart and I. Approov, “The Mobile Attack Pyramid: Identifying Attack Surfaces is Key to Protecting Mobile Applications,” 2021. https://www.cyberdefensemagazine.com/the-mobile-attack-pyramid/
[90] The Verge, “The US Proposes Rules to Make Healthcare Data More Secure,” 2024. https://www.theverge.com/2024/12/28/24330878/the-us-proposes-rules-to-make-healthcare-data-more-secure
[91] Y. Xing, H. Lu, L. Zhao, and S. Cao, “Privacy and Security Issues in Mobile Medical Information Systems,” Mobile Networks and Applications, vol. 29, pp. 762–773, 2024. https://doi.org/10.1007/s11036-024-02299-8
[92] Z. Xu, Y. Hao, A. Luo, and Y. Jiang, “Technologies and Applications in Wireless Biosensors for Real-Time Health Monitoring,” Med-X, vol. 2, art. no. 24, 2024. https://doi.org/10.1007/s44258-024-00041-3
[93] A. A. Yavuz, S. Darzi, and S. E. Nouma, “Lightweight and Scalable Post-Quantum Authentication for Medical Internet of Things,” arXiv preprint, 2023. https://arxiv.org/abs/2311.18674
[94] J. Yttri, W. Nilsen, and S. Arora, “Privacy and Security in Mobile Health (mHealth) Research,” 2014. http://www.ecfr.gov/cgi-bin/
[95] Zac A., “Security Risks of Biometric Authentication in mHealth,” 2025. https://thejournalofmhealth.com/security-risks-of-biometric-authentication-in-mhealth/
Downloads
Published
How to Cite
Issue
Section
License
Copyright (c) 2026 Anayo Chukwu Ikegwu, Excellence Essien Akparawa, Uzoma Rita Alo
This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License.
Abstract views: 1
,
PDF Downloads: 0
