June 30, 2015
Medical wearables are a growing form of personal technology that track, analyze and assist in daily health tasks. ABI Research estimates that by 2019, the world will have 780 million wearable offerings – including a broad range of health devices such as daily monitors, pacemakers and cochlear implants.
While wearable technology is highly innovative, it also comes with certain risks. As mainstream wearables and medical devices collect sensitive health data, protecting one’s information will be of utmost importance. Without proper security measures, including encryption and testing, users’ data and personal information could be accessible to hackers.
In January, health insurer Anthem experienced a hack of historic proportions, affecting almost 80 million people’s personal health records. Now, personal health information could become even easier to hack as consumers transfer their information to wearable tech devices. Any health information that the user or his or her doctor have stored on a system connected to the device may be vulnerable to a hack; and if successful, would allow the hacker to see personal data, insurance information, and even the prescriptions that he or she has been prescribed.
Users can take personal precautionary measures by limiting the amount of information they share and only entering the amount of information a device actually requires. But those steps only go so far in keeping personal data secure. As these technologies are so new, many platforms lack the security measures needed to keep users safe. Anthem’s recent data breach underscored the need for stronger security and highlighted the potential harm that hackers can cause. As wearable technology products continue to collect more health data, cybersecurity standards for these devices are of increasing importance.
Standards-based testing and cryptographic technique certifications can address hazards at all levels, including acquisition, storage and propagation of personal health information. Government agencies, such as the U.S. FDA Center for Devices and Radiological Health, the Federal Communications Commission and the Office of the National Coordinator for Health Information Technology determine health information technology policy, an important step in safeguarding personal health data and its transfer to wearable devices. Because of both their historical and ongoing relationships with government agencies, accredited third parties can support the manufacturers in understanding the policies.
There may be even higher risk if a personal wearable device interacts directly with health IT systems. When the number of connections between devices increases, cybersecurity vulnerabilities can also increase. Medical wearable technology manufacturers need to take measures to reduce cybersecurity vulnerabilities, such as stolen diagnostic images, corrupted prescription data and replaced personal record information. Testing of biometrics-enhanced health data storage and other security-related design elements can help ensure wearable users have more secure information exchanges between their devices and personal data archives.
The risks of wearables vary by product, design and intended use. Product designers and manufacturers of wearable medical devices should consider data security factors as equal in importance to functionality and design. Minimizing serious digital risks through seeking the advice of third-parties, testing of product data security features and third-party audits of security procedures can ultimately limit future opportunities for hackers and open up new possibilities for consumers looking to fit these devices into their lives.