Mobile systems offer portable and interactive computing - empowering users - to exploit a multitude of context-sensitive services, including mobile healthcare. Mobile health applications (i.e., mHealth apps) are revolutionizing the healthcare sector by enabling stakeholders to produce and consume healthcare services. A widespread adoption of mHealth technologies and rapid increase in mHealth apps entail a critical challenge, i.e., lack of security awareness by end-users regarding health-critical data. This paper presents an empirical study aimed at exploring the security awareness of end-users of mHealth apps. We collaborated with two mHealth providers in Saudi Arabia to gather data from 101 end-users. The results reveal that despite having the required knowledge, end-users lack appropriate behaviour, i.e., reluctance or lack of understanding to adopt security practices that compromise health-critical data with social, legal, and financial consequences. The results emphasize that mHealth providers should ensure security training of endusers (e.g., threat analysis workshops), promote best practices to enforce security (e.g., multi-step authentication), and adopt suitable mHealth apps (e.g., trade-offs between security vs usability). The study provides empirical evidence and a set of guidelines about security awareness of mHealth apps.