Collecting health and fitness data through wearable devices is raising concerns among consumers about the security of that information.
Twenty-five percent of more than 3,500 consumers who participated in a recent survey did not believe their personal health data was safe on fitness trackers or in health-tracking apps, reported Healthline.
Considering the recent headlines about health info data breaches, such as those at Anthem and the UCLA Medical School, that percentage may be a bit surprising.
“What is remarkable here is the numbers are as low as they are,” said Derek Gordon, general manager of healthcare IT at Healthline. “I would have expected the numbers to be higher.”
On the other hand, the findings may show increased know-how among consumers about the actual threat to their data.
“There are savvy consumers that understand that the health data on their local device is probably pretty secure from hackers,” Gordon told TechNewsWorld.”Once their data leaves their device and goes to the cloud, there’s a greater concern about security.”
Misplaced Worries
Nearly half of wearable and mobile health app users surveyed — 45 percent — were concerned that hackers might try to steal their personal health data from their wearables.
That worry may be misplaced, maintained Ian Fogg, mobile and telecommunications team leader at IHS.
“Ironically, smartphones collect considerably more data than today’s wearables, because they have many more sensors, as well as rich applications which consumers use for all kinds of entertainment, communications and productivity purposes,” he told TechNewsWorld.
“Consumers often fear the new,” Fogg added, “which today are wearable devices. Sometimes the areas which consumers fear the most are not always the ones which are the greatest threat.”
However, consumers definitely have something to be concerned about when it comes to health wearables data security, according to Dan Lyon, a senior security consultant at Cigital.
“A third of these medical mobile apps don’t use encryption, so its data is available to anyone who can access it,” he told TechNewsWorld.
Moreover, “a third of these mobile medical apps actively share data, so not only are hackers a concern, but the companies making the apps have an incentive to share the data to make a profit,” Lyon added.
Attractive Target
At the very least, companies that gather data from wearable health and fitness devices should anonymize it before sharing it, advised Lyon.
“What these companies should be doing,” he said, “is when they aggregate this data, they should ensure that you can’t identify a person from it.”
That can minimize the harm to consumers if data is compromised in a breach.
“If there’s no way to tie this data back to you, your concern of risk should be low,” said Lee Kim, director of privacy and security technology solutions at the Healthcare Information and Management Systems Society, told TechNewsWorld.
Healthcare information of any kind is an attractive target for hackers, noted Bob Hansmann, director of product security at Raytheon|Websense.
“Formal healthcare records hold a treasure trove of data that is valuable to an attacker. No other single type of record contains as much valuable [personal identifying information] that can be used in a multitude of different follow-up attacks and fraud,” he told TechNewsWorld.
“Much of this same information is collected from the wearable devices that millions of users wear,” Hansmann added. “It is absolutely necessary that users check the settings of these devices to ensure that they are only collecting or have access to data that is necessary for the specific intent of the device.”
What should wearable health and fitness device and app makers take away from the Healthline survey?
“Anyone keeping personal health information in the cloud has to assure consumers that in the inevitable event that something gets hacked, security will be restored quickly,” Healthline’s Gordon said. “They want to be assured that the damage to them will be minimized to the greatest degree possible.”