As the healthcare systems increasingly embrace digital platforms, robust software security has become of paramount importance. This study investigates the institutional, technical, and cultural practices influencing software security within the sector in one of the low- and middle-income countries (LMICs). Drawing on data across in-house, third-party, and cloud-based systems, we found security practices were inconsistently applied and often lacked formal governance. Only 23.84 per cent of responses indicated adequate security, with cloud-based systems showing the weakest safeguards. Our findings highlight widespread vulnerabilities stemming from limited awareness, lack of policy frameworks, and insufficient organisational support. These issues expose healthcare systems to significant cyber threats, jeopardising patient safety and operational resilience. The findings underscore the need for a contextually tailored software security assessment framework, offering insights for national policy and practice, and contribute to the under-researched area of cybersecurity in low-resource healthcare settings, particularly in sub-Saharan Africa.
Yalew et al. (Thu,) studied this question.