Fitness trackers, which help keep tabs on sleep quality, heart rate and other biological metrics, are a preferred option to help Americans improve their health and well-being.Â
There are lots of varieties of trackers in the marketplace, including those from well-known brands equivalent to Apple, Fitbit, Garmin and Oura. While these devices are growing in popularity — and have legitimate uses — consumers don’t all the time understand the extent to which their information might be available to or intercepted by third parties. This is very vital because people cannot simply change their DNA sequencing or heart rhythms as they might a bank card or checking account number.Â
“Once the toothpaste is out of the tube, you’ll be able to’t get it back,” said Steve Grobman, senior vice chairman and chief technology officer of computer security company McAfee.
The vacation season is a preferred time to buy consumer health devices. Here’s what you need to know concerning the security risks tied to fitness trackers and private health data.
Follow a reputation brand, regardless that they’re hacked
Fitness devices might be expensive, even without taking inflation under consideration, but do not be tempted to scrimp on security to save lots of just a few dollars. While a less-known company may offer more bells and whistles at a greater price, a well-established provider that’s breached is more prone to care about its fame and do things to assist consumers, said Kevin Roundy, senior technical director at cybersecurity company Gen Digital.
To make sure, data compromise issues, from criminal hacks to unintended sharing of sensitive user information, can — and have — hit well-known players, including Fitbit, which Google bought in 2021, and Strava. Besides, security professionals say it’s higher to purchase from a good manufacturer that knows how you can design secure devices and has a fame to upkeep.Â
“A smaller company might just go bankrupt,” Roundy said.Â
Fitness app data isn’t protected like health information
There might be other concerns beyond having an individual’s sensitive information exposed in a knowledge breach. For instance, fitness trackers generally connect with a user’s phone via Bluetooth, leaving personal data at risk of hacking. Â
What’s more, the data that fitness trackers collect is not considered “health information” under the federal HIPAA standard or state laws like California’s Confidentiality of Medical Information Act. Which means that personally revealing data can potentially be utilized in ways a consumer might never expect. For example, the non-public information might be shared with or sold to 3rd parties equivalent to data brokers or law enforcement, said Emory Roane, policy counsel at Privacy Rights Clearinghouse, a consumer privacy, advocacy and education organization.Â
Some fitness trackers may use consumers’ health and wellness data to derive revenue from ads, so if that is a priority, you’ll be wanting to make certain there is a option to opt out. Review the provider’s terms of service to grasp the its policies before you purchase the fitness tracker, Roundy said.
Default social, location settings may should be modified
A fitness tracker’s default settings may not offer essentially the most stringent security controls. To spice up protection, have a look at what settings might be adjusted, equivalent to those related to social networking, location and other sharable information, said Dan Demeter, security researcher at cybersecurity provider Kaspersky Lab.
Depending on the state, consumers may also opt out of the sale or sharing of their personal information to 3rd parties, and in some cases, these rights are being expanded, in accordance with Roane.
Actually, device users needs to be careful about what they post publicly about their location and activities, or what they permit to develop into public by default. This data might be searchable online and utilized by bad actors. Even when they are not acting maliciously, third parties equivalent to insurers and employers could get access to any such public information.
“Users expect their data to be their data and use it how they need it for use,” Roane said, but that is not necessarily the case.Â
“It is not only about present data, but additionally about past data,” Demeter said. For example, a nasty actor could see all of the times the person goes running — what days and hours — and where, and use it to their advantage.Â
There are also numerous digital scams where criminals can use details about your location to make a possibility seem more plausible. They’ll claim things like, “I do know you lost your wallet at so and so place, which lends credibility to the scammer’s story,” Grobman said.Â
Location data can prove problematic in other ways as well. Roane offers the instance of a women searching for reproductive health care in a state where abortion is illegitimate. A fitness tracker with geolocation services enabled could collect information that might be subpoenaed by law enforcement or be purchased by data brokers and sold to law enforcement, he said.
Use strong password, two-factor authentication, and never share credentials
Make sure you secure your account by utilizing a robust password that you just don’t use with one other account and enabling two-factor authentication for the associated app. And do not share credentials. That is never a very good idea, but it could actually have especially devastating consequences in certain circumstances. For instance, a domestic violence victim might be tracked by her abuser, assuming he had access to her account credentials, Roane said.
Also be sure you keep the device and the app up-to-date with security fixes.
While nothing is full-proof, the goal is to be as secure as possible. “If any person tries to benefit from our personal information, we just make their lives harder so it is not that easy to hack us,” Demeter said.
