Is Your Fitbit Data Safe?

Health-care wearables are everywhere these days, from Fitbit trackers to Apple Watches to even mobile EKGs. The wearable industry’s boom, however, is drawing more attention from cybercriminals, and data breach risks are on the rise. The global market for mobile health-care apps hit $1.4 billion in 2016 and is expected reach $11.2 billion by 2025, according to a recent report from Edina, Minn.-based BIS Research.

The wearables present a number of pathways that hackers can use to access patient data, Stephen Grothouse, a health-care attorney with Hall, Render, Killian, Heath & Lyman P.C. in Indianapolis, told me. Many of the devices include mini computers that are vulnerable to cyberattacks, and others have the capability to transfer personal health-care data for storage in remote servers, another vulnerability, Grothouse said.

“The growing proliferation of wearable devices provides these criminals new avenues to attack and exponentially more sensitive health-care data to try to obtain,” Grothouse said. The higher the number of connected health-care devices accessing, generating, and transmitting personal information, the larger the “attack surface,” which Grothouse said refers to the sum of all the pathways hackers can use.

The lack of privacy and security standards for health data not covered under the Health Insurance Portability and Accountability Act is especially disturbing given the value that health information can fetch on the black market, Iliana Peters, a health-care attorney with Polsinelli PC in Washington, told me.

“Without baseline privacy and security protections for consumers, there really is no limit on how companies can use the data, and while the FTC does require good basic security practice for the companies it regulates, some of this very sensitive information may need heightened security controls,” Peters said.

Read my full story here.

Stay on top of new developments in health law and regulation, and learn more, by signing up for a free trial to Bloomberg Law.