Free EMR Newsletter Want to receive the latest news on EMR, Meaningful Use, ARRA and Healthcare IT sent straight to your email? Join thousands of healthcare pros who subscribe to EMR and HIPAA for FREE!!

Wearable Health Trackers Could Pose Security Risks

Posted on February 1, 2016 I Written By

Anne Zieger is a healthcare journalist who has written about the industry for 30 years. Her work has appeared in all of the leading healthcare industry publications, and she’s served as editor in chief of several healthcare B2B sites.

Last October, security researchers made waves when they unveiled what they described as a 10-second hack of a Fitbeat wearable health tracker. At the Hack.Lu 2015 conference, Fortinet security researcher Axelle Apvrille laid out a method for hacking the wearable through its Bluetooth radio. Apparently, Aprville was able to infect the Fitbit Flex from as much as 15 feet away, manipulate data on the tracker, and use the Flex to distribute his code to a computer.

Fitbit, for its part, denied that its devices can serve as vehicles for infecting users with malware. And Aprville himself admitted publicly that his demonstration was more theoretical than practical. In a tweet following the conference, he noted that he had not demonstrated a way to execute malicious code on the victim’s host.

But the incident does bring attention to a very serious issue. While consumers are picking up health trackers at a breathless pace, relatively little attention has been paid to whether the data on these devices is secure. Perhaps even more importantly, too few experts are seeking ways to prevent these devices can be turned into a jumping-off point for malware. After all, like any other lightly-guarded Internet of Things device, a wearable tracker could ultimately allow an attacker to access enterprise healthcare networks, and possibly even sensitive PHI or financial data.

It’s not as though we aren’t aware that connected healthcare devices are rich hunting grounds. For example, security groups are beginning to focus on securing networked medical devices such as blood gas analyzers and wireless infusion pumps, as it’s becoming clear that they might be accessible to data thieves or other malicious intruders. But perhaps because wearable trackers are effectively “healthcare lite,” used almost exclusively by consumers, the threat they could pose to healthcare organizations over time hasn’t generated a lot of heat.

But health tracker security strategies deserve a closer look. Here’s some sample suggestions on how to secure health and fitness devices from Milan Patel, IoT Security Program Director at IBM:

  • Device design: Health tracker manufacturers should establish a secure hardware and software development process, including source code analysis to pinpoint code vulnerabilities and security testing to find runtime vulnerabilities. Use trusted manufacturers who secure components, and a trusted supply chain. Also, deliver secure firmware/software updates and audit them.
  • Device deployment:  Be sure to use strong encryption to protect privacy and integrity of data on the device, during transmission from device to the cloud and on the cloud. To further control device data, give consumers the ability to set up user and usage privileges for their data, and an option to anonymize the data.Secure all communication channels to protect against data change, corruption or observation.
  • Manage security:  Include trackers in the set of technology being monitored, and set alerts for intrusion. Audit logging is desirable for the devices, as well as the network connections and the cloud. The tracker should ideally be engineered to include a fail-safe operation — dropping the system down to incapability, safely — to protect against attacks.

This may sound like a great deal of effort to expend on these relatively unsophisticated devices. And at present, it just may be overkill. But it’s worth preparing for a world in which health trackers are increasingly capable and connected, and increasingly attractive to the attackers who want your data.

Smart Contact Lens with Health Sensors

Posted on July 16, 2014 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

We’ve written about Google Glass before, but now Google has partnered with a Swiss company to bring their Google Eye technology to the market. Here’s a short description from this Venture Beat article:

Google and Swiss pharmaceutical company Novartis announced this morning that they will be collaborating on bringing Google’s smart contact lens technology, which contains sensors for tracking things like blood glucose levels for diabetics, to consumers.

Specifically, Novartis says it’s interested in the tech’s glucose-sensing capabilities for diabetics, as well as its potential for helping people with presbyopia, who can’t read without glasses. The smart lens technology could eventually help to fix the eye’s autofocus capabilities for nearby objects, potentially by implanting it directly into the eye.

Let’s make sure that you don’t think this contact lens is going to replace Google Glass. We’re not there yet, but don’t be surprised if it gets there some day. These new smart contact lens are more like the variety of health sensors that are hitting the market than they are a Google Glass replacement. For purposes of this site, that’s just as cool.

I’ve often argued that we need to prepare ourselves for a wave of health sensors that are coming. This smart contact lens is another great example of this wave.

Decline of Health and Fitness Tracker Usage

Posted on May 21, 2014 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

I’ve started hearing a number of people mention this. In some cases it’s first hand accounts of their own usage and in other cases it’s people talking about the health and fitness tracker usage trend. Basically, it seems that we haven’t yet figured out how to make a health and fitness tracker sticky. This chart from Edneavour Partners shows the tracker usage trend really well:
Health and Fitness Tracker Usage

From my own personal experience, I’ve found a similar usage curve. The big challenge is that the value of the tracker 3 months out isn’t clear. When you first start using the tracker, the data is quite interesting because you’ve never seen the fitness tracking data. Plus, you’re interested to see how it changes over time. Once you reach the 3 month plateau, you already basically know the patterns and so they lose their value.

What’s not clear is whether these companies (or some outside company) will find a way to leverage a long term history of tracking into something really valuable. Will having blood pressure trends for 3 years make it so you can detect potential health issues that you wouldn’t have discovered otherwise? I think this is the potential for the quantified self movement, but I’m skeptical that the current set of trackers and sensors will get us there. How much value can be gotten from steps, weight, and blood pressure? I think we’ll need a more advanced set of trackers to be able to reach that longer term goal.

Tracking Health Infographic

Posted on April 5, 2013 I Written By

John Lynn is the Founder of the HealthcareScene.com blog network which currently consists of 10 blogs containing over 8000 articles with John having written over 4000 of the articles himself. These EMR and Healthcare IT related articles have been viewed over 16 million times. John also manages Healthcare IT Central and Healthcare IT Today, the leading career Health IT job board and blog. John is co-founder of InfluentialNetworks.com and Physia.com. John is highly involved in social media, and in addition to his blogs can also be found on Twitter: @techguy and @ehrandhit and LinkedIn.

The people at Pathfinder Software have put together an infographic on Health Tracking. The data for their infographic comes from a Pew Research Study. It highlights something I’ve discussed much before as far as those with chronic conditions tracking their health versus healthy patients. There’s a big difference in those two groups. I was also intrigued by the data sharing numbers. I’d like to know the exact question asked, but those patients with no conditions shared a lot more than I thought they would with their doctor.

Here’s the infographic:
Infographic_Tracking_Final