Wearables Security: Wearing Your Risk on Your Sleeve

Wearables that track health information aren’t necessarily protected by HIPAA standards. Is wearing a smart watch worth the security risk?

Global wearable device spending will total $81.5 billion in 2021, an 18.1% increase from $69 billion in 2020. The cause? COVID-19. The pandemic prompted employees working from home to actively monitor their health while working from home during quarantine.

Smart devices, like Fitbits and Apple Watches, are part of a technology ecosystem called the Internet of Things (IoT). As they’ve risen in popularity, experts have questioned the security and confidentiality of the personal information these devices receive, store, and transmit.

Because of this concern, the Federal Trade Commission (FTC) released a report on wearable security and continues to provide updates and best practices.

Despite this, wearables themselves are still not HIPAA compliant. If a doctor partners with a wearable company, they assume responsibility for safeguarding patients’ protected health information (PHI). In that situation, however, wearable companies are considered business associates, at best, under HIPAA. Their responsibility toward PHI remains murky.

So, what are the potential security risks?

Wearables track a large amount of user data and are tantalizing targets for cyber criminals. Manufacturers must follow acceptable encryption methods, particularly for data in transit, so hackers cannot intercept information transmitted by a device.

Similarly, if manufacturers use default login credentials across all devices— and users do not update them— hackers have an easy in.

All wearables users should be aware of software, hardware, and firmware updates released by the manufacturer. Out-of-date software can leave security vulnerabilities open for exploitation. Turning on automatic updates is the best way to ensure a secure device.

Although users must do their due diligence when selecting and using a wearable, most of the data security responsibility rests with the manufacturer.

Steps manufacturers can take to secure their products include:

  • Allowing users to customize their security settings
  • Implementing a remote erase feature
  • Utilizing Bluetooth encryption
  • Encrypting critical data elements (e.g., user ID, password, and PIN)
  • Securing data with multiple cloud operating systems

Companies that allow or encourage wearable use at work should create a list of IT-approved devices and applications. They should then share them with employees, who are more likely to adopt well-researched and secure suggestions.

The advantages of wearable technology ensure the devices won’t be going anywhere soon. Users, manufacturers, and companies will need to focus on their security, if they want the enduring partnership to be a beneficial one. Ideally, manufacturers will set everyone up for success by implementing fundamental security features from the get-go. This focus on security will snowball into users and companies being more aware of how they can protect their own data, while the industry awaits more official compliance guidance.