Personalized health care carries privacy, security risks

Wearable technology, Internet of Things leave bigger data footprint for hackers to exploit

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

New tech­nol­o­gy is mak­ing it eas­i­er for con­sumers to become increas­ing­ly more proac­tive in man­ag­ing their own health. But it comes with a price.

The data gath­ered by tech­nol­o­gy, includ­ing wear­able devices and mobile health care apps, is valu­able not only to con­sumers and their health care providers. It’s also high­ly entic­ing to bad actors—and the poor secu­ri­ty of those devices puts at risk not only pri­vate infor­ma­tion but also, poten­tial­ly, entire orga­ni­za­tions due to the grow­ing Bring Your Own Device (BYOD) trend.

A recent sur­vey of 3,679 read­ers found that about 15 per­cent of respon­dents used an activ­i­ty track­er like Fit­bit and about half have used at least one mobile health app. About a quar­ter of those con­sumers didn’t feel their data on those devices or apps was secure, and near­ly half were con­cerned that hack­ers may try to steal their infor­ma­tion from a wearable.

I was sur­prised that we didn’t see big­ger num­bers of con­sumer con­cern around data pri­va­cy and secu­ri­ty,” says Derek Gor­don, gen­er­al man­ag­er for the Health Infor­ma­tion Tech­nol­o­gy Group at Health­line, which pro­vides health infor­ma­tion and tech­nol­o­gy solutions.

Relat­ed sto­ry: Cloud use increas­es data secu­ri­ty risk for health care organizations

Gor­don says he would have expect­ed as many as 90 per­cent of respon­dents to be con­cerned about the pri­va­cy of their data.

I think there may be some lev­el of con­sumer res­ig­na­tion or even fatigue around all this. They just accept it’s the new nor­mal and that the data can’t be secured 100 per­cent of the time,” he says.

Dan­gling a car­rot in front of hackers

Data breach­es may be the new nor­mal, indeed, but man­u­fac­tur­ers aren’t mak­ing things any hard­er for hackers.

Although they may not be inter­est­ed in indi­vid­ual wear­able devices, bad actors are cer­tain­ly drool­ing after the infor­ma­tion those devices are col­lec­tive­ly aggregating.

Whether you have a mobile app or a wear­able device, inevitably the appli­ca­tions are com­mu­ni­cat­ing with the ‘moth­er­ship,’” Gor­don says. “The data usu­al­ly inter­acts with a cloud-based data­base, and the risk is real­ly in that data trans­fer and interaction.”

The cloud is where that infor­ma­tion also could get com­bined with data from var­i­ous oth­er sources—including a person’s health record—to cre­ate one mas­sive record about the individual.

There are more choic­es than ever for health care, and indi­vid­u­als are spread­ing their data across more sources, more silos,” Gor­don says. “Those silos open up and start shar­ing data, and it’s going to ush­er in a whole new fron­tier of data explosion.”

Glob­al-secu­ri­ty expert Geoff Webb, who works with many health care orga­ni­za­tions, says one prob­lem is that there’s lit­tle incen­tive for man­u­fac­tur­ers to make the wear­ables secure.

There’s no real pres­sure to include more secu­ri­ty fea­tures because as a man­u­fac­tur­er, your pri­or­i­ty is to make it cheap­er and sim­pler, make it last longer and have more features—that’s what you’re com­pet­ing on,” says Webb, who is the vice pres­i­dent of solu­tions strat­e­gy at NetIQ, the secu­ri­ty port­fo­lio of glob­al soft­ware and infor­ma­tion tech­nol­o­gy com­pa­ny Micro Focus, based in Eng­land.

Future risks to organizations

While the adop­tion of wear­ables is still in its infan­cy, prod­ucts like shoes with built-in track­ers or fab­ric with embed­ded tech­nol­o­gy are bound to become more common.

But, Webb points out, “secu­ri­ty is not native to these indus­tries.” It even took the soft­ware indus­try a while to fig­ure out how to design more secure soft­ware, he says.

It’s real­ly dif­fi­cult, once these devices are out in the world, to retro­fit them with secu­ri­ty,” he says.

With BYOD trends con­tin­u­ing to explode, all this could lead to major headaches in the future for orga­ni­za­tions. Not only would they have to wor­ry about peo­ple bring­ing in their per­son­al mobile phones and con­nect­ing them to the net­work, now they have to think of all sorts of oth­er, less con­spic­u­ous devices.

sheep_01Put these devices togeth­er with the cloud, which hasn’t reached matu­ri­ty yet, along with big data that’s still in its infan­cy, and it almost sounds like a per­fect storm.

All these dif­fer­ent, very dis­rup­tive things are arriv­ing at the same time,” Webb says, “which makes it very dif­fi­cult to pre­dict what the risks are going to be and, there­fore, very dif­fi­cult to deal with those risks.”

Sil­ver lining?

There’s good news about wear­able devices, too. In the sur­vey, 80 per­cent of respon­dents said they felt their device kept them moti­vat­ed and on track, and 63 per­cent felt their mobile app pro­vid­ed a mod­er­ate and sig­nif­i­cant benefit.

Four per­cent even said their doc­tor pre­scribed a health-relat­ed app. Gor­don says that increas­ing­ly, more physi­cians and well­ness prac­ti­tion­ers are going to do that because the infor­ma­tion can help them take bet­ter care of their patients.

In the Unit­ed States, we’ve been doing sick care, not health care, until only recent­ly,” he says. “And that pro­vi­sion of health care is locked up in data.”

It’s the depth of this data, he adds, that helps health care providers bet­ter under­stand what’s hap­pen­ing with their patients, and hope­ful­ly iden­ti­fy health risks and pre­vent diseases.

The good news is that health care will be extend­ed much more deep­er into our lives and will be much more per­son­al and, there­fore, one would hope, more effec­tive,” Webb says. “But as more and more infor­ma­tion is gath­ered about us, the cost of the new fron­tier in health care may be the last fron­tier in privacy.”

And as con­sumers’ dig­i­tal foot­print grows, their vis­i­bil­i­ty into who’s col­lect­ing data and for what pur­pos­es will become more limited.

The bulk of the dig­i­tal iden­ti­ty that is yours will be con­trolled by oth­er peo­ple,” Webb says. “As a soci­ety, we’ve nev­er faced the idea before that every­body else knows more about you than you do.”

More on med­ical records security:
Health care sec­tor not doing enough to pro­tect patient data
Will Chi­na use Anthem hack to jump start domes­tic health care?
Health­care, bank­ing com­pa­nies issue eas­i­ly spoofed emails