Personalized health care carries privacy, security risks

Wearable technology, Internet of Things leave bigger data footprint for hackers to exploit

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

New technology is making it easier for consumers to become increasingly more proactive in managing their own health. But it comes with a price.

The data gathered by technology, including wearable devices and mobile health care apps, is valuable not only to consumers and their health care providers. It’s also highly enticing to bad actors—and the poor security of those devices puts at risk not only private information but also, potentially, entire organizations due to the growing Bring Your Own Device (BYOD) trend.

A recent survey of 3,679 readers found that about 15 percent of respondents used an activity tracker like Fitbit and about half have used at least one mobile health app. About a quarter of those consumers didn’t feel their data on those devices or apps was secure, and nearly half were concerned that hackers may try to steal their information from a wearable.

“I was surprised that we didn’t see bigger numbers of consumer concern around data privacy and security,” says Derek Gordon, general manager for the Health Information Technology Group at Healthline, which provides health information and technology solutions.

Related story: Cloud use increases data security risk for health care organizations

Gordon says he would have expected as many as 90 percent of respondents to be concerned about the privacy of their data.

“I think there may be some level of consumer resignation or even fatigue around all this. They just accept it’s the new normal and that the data can’t be secured 100 percent of the time,” he says.

Dangling a carrot in front of hackers

Data breaches may be the new normal, indeed, but manufacturers aren’t making things any harder for hackers.

Although they may not be interested in individual wearable devices, bad actors are certainly drooling after the information those devices are collectively aggregating.

“Whether you have a mobile app or a wearable device, inevitably the applications are communicating with the ‘mothership,’” Gordon says. “The data usually interacts with a cloud-based database, and the risk is really in that data transfer and interaction.”

The cloud is where that information also could get combined with data from various other sources—including a person’s health record—to create one massive record about the individual.

“There are more choices than ever for health care, and individuals are spreading their data across more sources, more silos,” Gordon says. “Those silos open up and start sharing data, and it’s going to usher in a whole new frontier of data explosion.”

Global-security expert Geoff Webb, who works with many health care organizations, says one problem is that there’s little incentive for manufacturers to make the wearables secure.

“There’s no real pressure to include more security features because as a manufacturer, your priority is to make it cheaper and simpler, make it last longer and have more features—that’s what you’re competing on,” says Webb, who is the vice president of solutions strategy at NetIQ, the security portfolio of global software and information technology company Micro Focus, based in England.

Future risks to organizations

While the adoption of wearables is still in its infancy, products like shoes with built-in trackers or fabric with embedded technology are bound to become more common.

But, Webb points out, “security is not native to these industries.” It even took the software industry a while to figure out how to design more secure software, he says.

“It’s really difficult, once these devices are out in the world, to retrofit them with security,” he says.

With BYOD trends continuing to explode, all this could lead to major headaches in the future for organizations. Not only would they have to worry about people bringing in their personal mobile phones and connecting them to the network, now they have to think of all sorts of other, less conspicuous devices.

sheep_01Put these devices together with the cloud, which hasn’t reached maturity yet, along with big data that’s still in its infancy, and it almost sounds like a perfect storm.

“All these different, very disruptive things are arriving at the same time,” Webb says, “which makes it very difficult to predict what the risks are going to be and, therefore, very difficult to deal with those risks.”

Silver lining?

There’s good news about wearable devices, too. In the survey, 80 percent of respondents said they felt their device kept them motivated and on track, and 63 percent felt their mobile app provided a moderate and significant benefit.

Four percent even said their doctor prescribed a health-related app. Gordon says that increasingly, more physicians and wellness practitioners are going to do that because the information can help them take better care of their patients.

“In the United States, we’ve been doing sick care, not health care, until only recently,” he says. “And that provision of health care is locked up in data.”

It’s the depth of this data, he adds, that helps health care providers better understand what’s happening with their patients, and hopefully identify health risks and prevent diseases.

“The good news is that health care will be extended much more deeper into our lives and will be much more personal and, therefore, one would hope, more effective,” Webb says. “But as more and more information is gathered about us, the cost of the new frontier in health care may be the last frontier in privacy.”

And as consumers’ digital footprint grows, their visibility into who’s collecting data and for what purposes will become more limited.

“The bulk of the digital identity that is yours will be controlled by other people,” Webb says. “As a society, we’ve never faced the idea before that everybody else knows more about you than you do.”

More on medical records security:
Health care sector not doing enough to protect patient data
Will China use Anthem hack to jump start domestic health care?
Healthcare, banking companies issue easily spoofed emails