Although physicians sometimes recommend health-tracking apps and devices to patients, a new report revealed the security risks among popular devices.
The number of people engaging in personal health tracking is on the rise, as are the number of devices available for that purpose. By some estimates, around 15% of Americans use technology to track a health indicator for themselves or a loved one.
The availability of technology like Bluetooth LE and smartphones have made tracking an ever-increasing number of health parameters possible. As physicians recommend these tools to patients, it’s important to be familiar not only with the potential benefits, but also the costs and risks our patients will be incurring. For instance, we may be lulled into thinking that risk does not exist; these tools are, after all, very different than a medication or invasive procedure.
In a new report, data security firm Symantec reminds us that nothing is risk free by exposing significant privacy flaws among popular tracking tools.
Researchers from Symantec evaluated personal health-tracking technology in 2 ways. First, they went out into public areas to see what kind of data they could scoop up using less than $100 in equipment. Next, they evaluated the privacy and data security of popular health-tracking apps currently in the market.
In their cyber-snooping experiment, they constructed Bluetooth-scanning devices using Raspberry Pi mini computers. They then placed these devices at set points along the route of a marathon as well as in highly-trafficked public places like city squares and transport hubs in Dublin and Zurich.
The Symantec researchers found they could readily track devices based on a unique identifier they transmit; in fact, they were able to track specific runners along the race route based on this piece of data alone. In addition, they found that several devices would allow further data to be readily extracted with just a few more keystrokes.
In their evaluation of currently-available devices and apps, they revealed a number of other concerning findings as well. For example, they reported that 20% of apps examined transmitted sensitive data like username and passwords in clear text; other apps used very low level and easily crackable types of security. Several apps also exposed other personal information like email addresses.
While it may not seem all that concerning if hackers gain access to a user’s step count history, Symantec’s researchers point out that many people reuse the same usernames and passwords across multiple sites.
For tips physicians should share with patients using personal health-tracking apps and devices, read more.