African countries have the advantage of being able to adopt the most recent information technologies without having to adapt them to legacy IT facilities. In doing so, healthcare could not only be cheap and cost-effective, but also help reduce bottlenecks, waiting times, and dependencies on health institutions especially where health workers are scarce.

To build open platforms, a common infrastructure should first be built to enable coordination and interoperability across the entire health system: an infrastructure bringing together medico-administrative data and all forms of medical data under the aegis of data-sharing and communication between various institutions in order to gain agility. However, this infrastructure has a cost because the volumes of health data are expected to grow exponentially over time.

Mobile health technology holds the promise of taking healthcare technology outside the four walls of medical centres and transforming it into a much more modular network. The critical part of this open system is embodied by access to health data that could be used, reused, and shared to facilitate coordination between different health professionals as well as other institutions and private sector companies such as insurance and pharmaceutical companies or any entity willing to conduct a research project of general interest.

In this context, African governments have an obligation to set appropriate rules for the use of patients’ data. Failure to do so represents a severe abdication of their responsibilities. In 2016, the African Union Commission in collaboration with Symantec released a report that found out of 54 countries in Africa, 30 lacked specific legal provisions to fight cybercrime and utilize electronic evidence. Yet, any law regulates only two aspects: access to data and the conditions under which data is transmitted. Cybercrime, however, cannot be defeated by any single law. It has become clear that the collaboration of all stakeholders in the governance and operation of the Internet is required to protect the security and privacy of data including at the national and continental levels.

Without appropriate privacy protections, there is concern that African citizens will refrain from engaging in the collection of health data. The challenge for policymakers is to strike the right balance between healthcare system reforms, law enforcement, and patient rights.

In 2017, it is believed that cybercrime cost Africa an estimated $3.5 billion, due to weak infrastructure security, lack of skilled human capital, and lack of awareness of the sector’s dynamics. The healthcare industry has been slow to respond and has lagged behind other industries when it comes to cybersecurity.

One recommendation to African countries is that while they pursue reforms in their healthcare sectors, they ought to secure their cyberspaces. Couple this with the rise of 5G and increasing interoperability across healthcare systems, and one may see a large-scale attack based on the Internet of Medical Things (IoMT) devices as the gateways of entry and spread.

As a starting point, the European Union’s General Data Protection Regulation (GDPR) is a good template for comprehensive regulation that gives individuals more control of their personal data. Cybersecurity budgets should also increase, and new technology purchased, to keep healthcare organizations safe from attacks and make their networks secure.

Hospitals are increasingly dependent on digitized workflows to the extent that losing access can grind hospital operations to a halt. Medical centres need to build cybersecurity recovery plans for use in the event of a cyberattack. This must include regular emergency exercises, cyber-resilience readiness testing, and backing-up copies of compromised information, so that employees may be able to keep working in the event of a cyberattack.

African policymakers should perform a transparent accounting of the medical technologies currently in use and the guidelines for their deployment.

Companies developing digital healthcare technologies must demonstrate not only that such technology would not be compromised but also that such technology is free from vulnerabilities. Moreover, a global collaboration shall also provide African countries with a clear understanding for the future risk and vulnerabilities in smart technologies. Technologies with vulnerabilities and flaws should not be adopted.

Last but not least, African governments need to accelerate the training of computer engineers, and African universities need to create more AI-related degrees and training programs to bring their computer science programs up to date. In 2018, the African Institute for Mathematical Sciences launched a novel one-year master’s degree in Mathematical Sciences which took budding mathematical scientists and exposed them to top AI researchers at Google and Facebook and other global companies. Beyond training, African countries must adopt policies to retain this skilled labour which is in high demand worldwide.

Any continuous lack of policymaking and leadership engagement with public healthcare issues will continue to be detrimental to Africa. Unless budgets for healthcare, research, and cybersecurity increase and the full potential of technology is harnessed in the life sciences as well as in information technology infrastructure and capabilities, no progress can be made in this sector. In addition, building cyber-resilience in Africa requires a harmonization of national and continental risk plans and legislations to ensure the online privacy and personal data protection and a high level of deployment of security systems in both the private and the public sectors.