Skip to main content
November 12, 2014

Wearable Fitness Trackers: Are Healthcare Applications Threadbare on Security?

Wearable Fitness Trackers: Are Heathcare Applications Threadbare on Security?Fashion is quickly becoming synonymous with function as wearable devices take center stage. Fitness trackers and technologies like Google Glass are just the first step — the next decade could include everything from intelligent fibers that record pulse and breathing rates to contact lenses that monitor your eye health. A lens that monitors blood sugar is already in development. For these wearables to achieve real commercial success, however, they'll rely on a slew of new healthcare applications. Is enough being done to safeguard personal information, or are these new fashion statements already threadbare?

The Doctor Is . . . Everywhere?

Dr. Paul Zollinger-Read, chief medical officer of health insurance firm BUPA, believes there's a market for high-tech wearables because they allow users to take responsibility for their own health. "Being aware of their likelihood of disease and possible risk factors, coupled with constant monitoring through intelligent technology means that they will be able to spot the symptoms of illness from a very early stage, or simply prevent them altogether," he told The Telegraph. He also suggested solutions like "smart" diapers, which could check for kidney infections, and shoes able to monitor whether wearers are sedentary or active. For Zollinger-Read, this future is much closer than most people believe.

Data backs him up — according to High50, health and fitness apps have grown at twice the rate of apps at large, and global spend on healthcare applications is set to reach $26 billion by 2017, up from just $7 billion this year. With this kind of consumer interest and market forecast, it seems like a healthcare revolution is inevitable, but there's a missing stitch: user security.

Defense by Design

Anyone who's ever tried to convert a pair of jeans into jean shorts quickly learns that altering function at the end-user stage is no easy task. At the surface level, wearables could be an easy answer to this problem: so long as a device supports it, users could load up whatever kind of tracking or monitoring app they prefer. The real benefit of these apps, however, lies in their ability to connect with healthcare professionals or cloud-based analytics to provide real-time reports or suggestions. To do so, they become part of the expanding Internet of Things (IoT), a community of network-enabled devices and sensors that generate a staggering amount of data every second. The problem? On a health wearable, most of this data is personally identifiable — the same kind that was recently lifted from over 4 million Community Health Systems (CHS) members. And that's from a closed network, protected by perimeter defenses but unfortunately connected to a Heartbleed-susceptible device. What happens when vast quantities of personally identifiable information (PII) are being transmitted every second, often over insecure connections?

Suddenly, security becomes paramount. Healthcare applications that survive will be those focused on defense by design — in other words, security measures that are present from day one, rather than tacked on when problems emerge. Wearable and application companies willing to invest in programmatic security testing that starts with the first alpha build and continues through to production-ready distributions will have a leg up, not just in consumer trust but when compliance regulations like HIPAA come calling for wearable apps. If CHS and similar agencies are looking at lawsuits for failing to protect data, it's no stretch to think app developers could face the same.

The Wearable World

What's the worst-case scenario for a hacked wearable app? Beyond stolen information, there's the risk of false alerts or all-clears, leading users to make poor or even life-threatening health decisions. As a result, expect to see rapid diversification of wearables and an explosion of the healthcare apps market, tempered by the need for sewn-in security.

Photo Source: Flickr

Doug Bonderud is a freelance writer passionate about the evolution of technology and its impact on companies, stakeholders and end-users alike. Want to know more? Follow Doug on Twitter.

Love to learn about Application Security?

Get all the latest news, tips and articles delivered right to your inbox.