The biggest risks of using fitness trackers for health monitoring

Fitness trackers that help monitor sleep quality, heart rate and other biological indicators are a popular way to help Americans improve their health and well-being.

There are many types of trackers on the market, including well-known brands such as Apple, Fitbit, Garmin, and Oura. Although these devices are growing in popularity and being used for legitimate purposes, consumers do not always understand the extent to which their information can be accessed or intercepted by third parties. This is especially important because people can’t just change their DNA sequence or heart rate the way they can change a credit card or bank account number.

“Once toothpaste is out of the tube, you can’t take it back,” said Steve Grobman, senior vice president and chief technology officer at computer security company McAfee.

The holiday season is a popular time to shop for consumer health devices. Here’s what you should know about the security risks associated with fitness trackers and personal health data.

Stick to a famous brand, even if it’s hacked

Fitness devices can be expensive, even without inflation, but resist the temptation to skimp on safety to save yourself a few bucks. According to Kevin Roundy, the company’s senior technical director for cybersecurity, while a lesser-known company may offer more bells and whistles at a better price, a well-established provider that gets hacked is more likely to care about its reputation and do something. to help consumers. General Digital.

To be sure, data compromise issues, from criminal hacks to the inadvertent sharing of sensitive user information, can and do affect established players, including Fitbit, which Google bought in 2021, and Strava. But even then, security experts say it’s best to buy from a reputable manufacturer that knows how to design secure devices and has a reputation to uphold.

“A small company can simply go bankrupt,” Roundy said.

Fitness app data is not protected like health information

There may be other issues besides exposing a person’s sensitive information as a result of a data breach. For example, fitness trackers typically connect to the user’s phone via Bluetooth, making personal data vulnerable to hacking.

What’s more, the information fitness trackers collect is not considered “health information” under the federal HIPAA standard or state laws such as California’s Health Information Privacy Act. This means that the disclosure of personal data could potentially be used in ways that the consumer never expected. For example, personal information may be shared or sold with third parties such as data brokers or law enforcement, said Emory Roan, policy advisor at Privacy Rights Clearinghouse, a consumer privacy, advocacy and education organization.

Some fitness trackers may use consumer health and wellness data to generate ad revenue, so if that’s a concern for you, you should make sure there’s a way to opt out. Before buying a fitness tracker, check the provider’s terms of service to understand their policies, Roundy said.

Default social networks may need to change location settings.

Your fitness tracker’s default settings may not provide the strictest security controls. To increase your security, see what settings you can configure, such as those related to social networks, location, and other information that can be shared,” says Dan Demeter, security researcher at Kaspersky Lab.

Depending on the state, consumers can also opt out of selling or sharing their personal information with third parties, Roan said, and in some cases those rights are expanded.

Of course, device users should be careful about what they post publicly about their location and activities, or what they allow to be posted by default. This data can be searchable on the Internet and used by attackers. Even if they are not acting maliciously, third parties such as insurers and employers can gain access to this type of public information.

“Users expect their data to be their data and use it the way they want,” Roan said, but that’s not always the case.

“It’s not just about current data, it’s also about past data,” Demeter said. For example, a bad actor can see when a person is running – what days and hours – and where, and use that to their advantage.

There are also a number of digital scams where criminals can use your location information to make a possibility more believable. They may state things like, “I know you lost your wallet at such and such a place, which lends credibility to the scammer’s story,” Grobman said.

Location data can be problematic in other ways as well. Roan gives the example of a woman seeking reproductive health care in a state where abortion is illegal. A fitness tracker with location services enabled could collect information that could be subpoenaed by law enforcement or acquired by data brokers and sold to law enforcement, he said.

Use a strong password, two-factor authentication, and never share credentials

Be sure to secure your account by using a strong password that you don’t use with another account and enabling two-factor authentication for the associated app. And don’t share credentials. This is never a good idea, but under certain circumstances it can be especially devastating. For example, a victim of domestic violence can be tracked by her abuser if he has access to her account credentials, Roan said.

Also, be sure to keep your device and app up to date with security patches.

While nothing is complete proof, the goal is to be as secure as possible. “If someone is trying to profit from our personal information, we just make life difficult for them, so we are not so easy to hack,” Demeter said.

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button