How can someone track a phone without the owner knowing?

Phones can be tracked through malicious apps, compromised Wi-Fi networks, SIM swapping, SS7 network vulnerabilities, and commercial spyware. Executive directors and clinical staff who carry phones with resident charts, family contacts, and eMAR alerts are high-value targets because a compromised device gives attackers access to the entire facility's data.

What mobile device security should senior living organizations implement?

Senior living organizations should implement mobile device management for all work devices, enforce device encryption and screen lock policies, require multi-factor authentication for all applications containing PHI, deploy mobile threat defense software, and establish clear policies for personal device use on facility networks.

Back to Insights

Your Phone Can Be Tracked and It Is Easier Than You Think

July 11, 2025 · Tech for Senior Living

Phone tracking is more common and more accessible than most people realize. For senior living operators, the stakes are higher than personal privacy. Executive directors, Directors of Nursing (DONs), and clinical staff carry phones that contain resident medical charts, family contact information, eMAR alerts, email with Protected Health Information (PHI), and often banking and payroll access. A compromised phone is not just a personal inconvenience. It is a potential data breach.

How Phone Tracking Works

There are several methods that bad actors use to monitor a phone without the owner's knowledge.

Spyware apps. Commercial surveillance software can be installed in minutes if someone has brief physical access to your phone. These apps run silently in the background, recording calls, capturing text messages, logging keystrokes, and transmitting location data.
Phishing links. A single tap on a malicious link in a text message or email can install tracking software without any visible indication. These attacks are increasingly sophisticated and often impersonate trusted contacts or services.
Location sharing exploits. Many apps request location permissions that users grant without reviewing. Some of these apps share location data with third parties continuously.
Stalkerware. A category of commercially available software specifically designed to monitor another person's phone. It is marketed for "parental monitoring" but is routinely used for unauthorized surveillance.

Why This Matters for Senior Living

The phones carried by senior living staff are not just personal devices. They are access points to sensitive systems. A compromised phone can expose emails containing resident medical data, passwords to clinical and financial systems, and banking credentials. Under the Health Insurance Portability and Accountability Act (HIPAA), unauthorized access to PHI through a compromised device constitutes a reportable breach.

According to Verizon's Data Breach Investigations Report, the average data breach costs small businesses approximately $120,000. For a senior living community, that figure does not account for the regulatory penalties, family trust damage, and operational disruption that follow.

Signs Your Phone May Be Compromised

Unusual battery drain. Surveillance software runs continuously in the background, consuming significantly more power than normal usage.
Unexpected data usage spikes. Tracking apps transmit data regularly. A sudden increase in cellular data usage with no change in your habits warrants investigation.
Phone runs hot when idle. If your phone is warm to the touch when you have not been using it, background processes may be running that should not be.
Unfamiliar apps or processes. Check your installed applications regularly. Spyware sometimes appears as a generic utility or system process.
Background noise on calls. Clicking, static, or echo during phone calls can indicate call interception, though network issues can also cause similar symptoms.

Five Steps to Protect Yourself

Run a security scan. Use a reputable mobile security application to scan for known spyware and stalkerware. Both Android and iOS have options from established security vendors.
Audit app permissions. Review which apps have access to your location, microphone, camera, and contacts. Revoke permissions for any app that does not need them to function.
Keep your phone updated. Operating system updates patch known vulnerabilities that tracking software exploits. Delaying updates leaves those vulnerabilities open.
Factory reset if compromised. If you have reason to believe your phone has been compromised, a factory reset removes most spyware. Back up your data first, then restore only from a clean backup.
Implement mobile security controls. Enable biometric authentication, use a strong PIN, and configure your phone to auto-lock after a short period of inactivity. For organizational devices, consider a Mobile Device Management (MDM) solution that can enforce security policies remotely.

The devices your team carries every day are both essential tools and potential vulnerabilities. Securing them is not optional when those devices access resident health information.

Are your team's devices putting resident data at risk?

Tech for Senior Living provides a free data security checkup for senior living communities. We assess mobile device security, email protection, and access controls to identify vulnerabilities before they become breaches. Practical recommendations tailored to your community's environment.

Schedule Your Free Data Checkup