Health Wearables, Apps & Information Protection
Wearable devices are not new, healthcare professionals have been using heart rate monitors and other hardware as a method of monitoring vital statistics, among other things, for years. What is new though, is the rate of dispersion and the variety of devices coming into the commercial market, available to both healthcare providers and, increasingly, the public. The wearable device market, also known as the quantified self, has amassed popularity in recent years. In 2015, global retail in this market was expected to reach US$4.5 Billion, and was estimated to triple by 2019 to a whopping US$53 Billion1.Rapid innovations in technology, falling costs in the unit price of devices, and a general social trend toward health by tech savvy consumers, are largely held to be the drivers of the increased demand for health- related wearables.
With increased demand comes a highly competitive market with new and old entrants battling it out to produce better, more accurate and more useful wearables. The pace of innovation and demand in this space is increasingly leading to concerns over privacy and inadequate security safeguards as development outstrips legislative and regulatory requirements.
Security and Privacy
Wearables present multiple attack vectors, in that they often require data to be transmitted to a processing application typically housed on a smart device such as phones, tablets or computers. Furthermore, applications may store the data online.
Reviews by various security firms have found multiple vulnerabilities in wearable devices and related applications, these range from exposed login credentials, network sniffing (wherein data transmitted from the device is visible to potential attackers), to being able to monitor a user’s location through their device’s tracking mechanism and public networking capability.
It is worth considering the security risks of wearables when linked to smart devices. Careless users may leave their wearable or smart phone unattended, where any person may pick it up and peruse the data stored thereon. Wearables themselves are not typically password protected or secured, and smartphones and other devices are only as secure as their lock screen password, if enabled.
Some statistics on wearables and data breaches in 2014:
What does it mean in a South African context?
South Africans have also been swept up in the wearable fever. Fitness bands, for example, are common features in public and in the workplace. Several medical aid schemes offer incentives to members who buy and use wearables and share the related health information with the scheme.South African privacy awareness is still in its infancy.
However, there are currently several pieces of legislation that provide a framework to understand the rights and obligations of the user, service provider and other parties, where personal information is concerned.The Protection of Personal Information Act (POPI) is currently the most comprehensive privacy framework within the South African legislative landscape.
It provides eight conditions under which personal information may be fairly and lawfully collected, used, stored, transmitted, and destroyed by both public and private organisations.
Get a free PDF version here: Health Wearables, Apps & Information Protection