It seems like there’s a story about hacking in the news just about every other day. In some cases the hacking is simply done for fun, but in others, those behind it have malicious intentions. With Sony and the White House getting hacked just recently, and with plenty of regular people having their privacy violated on a daily basis, it’s clear that none of us are safe from hackers.
There are criminals out there who want access to your personal information and they will do what they can to get it. With more and more Internet-connected medical devices coming to market, it’s only a matter of time before people with nefarious intentions attempt to access them to get at your info. Unfortunately, getting the kind of information that they’re after has already been proven to be relatively easy.
In 2014, with a device that he built himself in a mere two hours with about $75 worth of parts, Candid Wueest, a security researcher at Symantec, was able to steal data from over 550 different runners as they ran a race. His homemade machine scanned the activity trackers worn on the wrists of the racers and it managed to retrieve all sorts of info, including their names, their addresses, their passwords and the unique IDs of their personal devices. Luckily for the runners, Wueest wasn’t there to steal their data for his own benefit, but rather to expose just how vulnerable to hacks that their devices were.
Given that the problem has been identified, we now have to look for solutions to it. Some would say that the first step that needs to be taken is making sure that consumers understand just what data is being collected by their devices and how it could be acquired and used by others. It has also been suggested that the manufacturers of the devices should give consumers the ability to control the amount of data that their devices can collect.
A simple thing that consumers can do to protect themselves is to turn off their off the Wi-Fi and Bluetooth on their devices when they aren’t in use. Being careful about which apps they install on their devices can be helpful, too. Nobody wants to read all the fine print that they’re presented with when they’re about to download something, but it’s worthwhile to take that extra minute just to be sure of what you’re getting. Using strong passwords that are unique to the software that you’re using them for is smart. Updating the firmware and software associated with your devices is a good idea as well.
Of course, the responsibility to protect consumers doesn’t just fall on the consumers themselves. The manufacturers of wearable devices and the apps that are used on them need to do their part to keep people safe, too. A report by Symantec revealed that a large percentage of fitness apps “transmitted passwords in the clear” and that over half of the apps that they looked at didn’t even make privacy policies available to customers. The manufacturers need to do a better job ensuring that the data of consumers is kept safe and they absolutely must make it clear who gets access to their info.
While you shouldn’t let the fact that wearable devices are vulnerable to hacks dissuade you from using them, you should do all that you can to protect yourself if you own one. Be careful, take precautions and do some research. Symantec and many other security companies offer security software for mobile devices, so you might want to look into some of those. Be aware, though, that the software that they make available isn’t too likely to protect the data that’s transmitted directly from your device.
At Medipense, data accuracy and security is our number 1 priority. HIPAA compliance, PIPEDA compliance, encrypting drives, biometric sensors and software are important features of all our products. We take every precaution we can to protect PHI, but as we all realize, everyone has to play a role in protecting ones data.
Personally, I’d welcome a regulatory agency that had the capacity and capability to thoroughly test and certify the security of online and connected medical devices. How about you?
Originally published at www.medipense.com.
