This paper details the results of a 6- month long vulnerability research campaign into the compromise of 30 mobile health apps and APIs to demonstrate a systemic lack of hardening of mHealth apps and APIs to sufficiently secure protected healthcare information (PHI).