When there’s a computer in your pocket, it’s hard to remember the days when a computer took up an entire room. Now, there’s an even smaller computer device many people rely on every day: watches. We’re not talking about traditional watches with gears, but IoT (Internet of Things) wearable fitness watches like Apple Watches, FitBits, and Google Pixels. Some of these computers go even smaller, like Oura, a company that makes fitness wearables the size of a ring. It’s a haven of health data, but where does it go? Let’s discuss how to safeguard your health data.
The history of health wearables
Wearables designed to track your health can be traced back to the 1960s. Dr. Yoshiro Hatano of Japan created a device called the Manpo-kei, which translates to “10,000 steps per day,” which was one of the first times “steps” were attributed to combating obesity. However, the first pedometers cropped up long before Thomas Jefferson as a rudimentary but utilitarian device that laid the groundwork for where we are today. We mention Jefferson because his mechanical concept made pedometers much more practical and widely used for decades.
Fast forward to when phones first became “smart.” There was no telling how far their helpfulness could go. What started as a better way to make calls, send texts, save contacts, and use a calculator became an endlessly multifunctional tool that can be used to aid almost every part of your daily life. FitBit was one of the first companies to make health wearables popular. Its first successful release in 2007 was paired with an app to give you a fitness breakdown. At that time, the popular phrase “getting your steps in” came into the fold, a way to encourage oneself to get enough movement throughout the day.
When did health wearables become mainstream?
In 2014, when Apple released its Health app, smartphones started to go beyond counting steps and heart rates. Not-so-coincidentally, the first Apple Watch came out less than a year after this development. Apple also created its version of “getting your steps,” which is “closing your rings” — a three-circle method to make sure you’re staying active.
Since then, it has been a mad dash for all competitors in the industry to make health wearables smarter and gamify fitness, introducing innovative ways to track workouts, menstruation, calories, symptoms, and more. In the latest update, Apple Watches can now track vitals like EKGs and even predict when you are under the weather or having a cardiac episode. After an incident like the COVID-19 pandemic, this is a breakthrough technology that could help people stay more vigilant of their health and take their symptoms seriously at first onset.
Where does health data go?
Now we arrive at the vital question: “If tech wearables are collecting all of this data, where does it go?” Security-minded individuals will notice the correlation between health wearables becoming smarter and increased sensitive data collection. On the surface, this health data is stored in its designated app. Depending on which device you use or your preference, the app might be different.
But going deeper, your health data may be added to a database with thousands of other people’s data in that app’s physical servers. Depending on the fortitude of security of that company, or if you use these apps over public Wi-Fi, you could be opening yourself up to the wrong people. Recently, there has been a string of breaches at popular health apps like Strava, revealing the data of thousands of users.
What are the dangers of leaked health data?
There is a reason why you don’t want bad actors getting ahold of your health data. Our health is something many take seriously, and it can become a severe point of stress in many people’s lives. Even the lives of those who are blessed with good health. Cybercriminals pinpoint these vulnerabilities in our psyche and exploit them through various methods like social engineering, ads, and fake products. Depending on their information about you, they can forge convincing physician or insurance records that trick you into sending money or private information like your social security number.
Tech wearables are not the only way people willingly give their health data to an outside entity. Popular analyzation services like 23andMe take physical DNA samples from their customers to make all kinds of deductions about that person’s health and wellness, as well as their background and predispositions. If you’ve done 23andMe, you’ll notice your results are not one-and-done: you can access them repeatedly through a portal, meaning that data must be stored somewhere.
To demonstrate how dangerous this can be, 23andMe was just ordered to pay up to $10,000 in damages per victim of a recent data breach they experienced. When it comes to lawsuits like this (especially paying out customers of software), a big check implies serious implications and misuse of that data.
What happens to health data when a company goes out of business or gets sold?
23andMe recently filed for bankruptcy, raising concerns about the security and future of its 15 million customers’ genetic data. Bankruptcy proceedings allow assets—including customer health data—to be sold or transferred to creditors. While 23andMe’s privacy policy states that any new owner must adhere to “applicable law,” privacy experts warn that U.S. genetic data protections are weak and fragmented.
Unlike medical records covered by HIPAA, genetic data from consumer testing companies lack strong legal safeguards. This means your DNA data could be acquired by third parties with unknown privacy standards, raising serious concerns about potential misuse.
How to delete your 23andMe account and data
If you’re concerned about the privacy of your genetic data, especially in light of the company’s financial uncertainty, deleting everything in your 23andMe account is a smart step. Here’s a guide to help you do so:
- Log in to your account: Visit 23andMe and sign in with your login credentials.
- Access account settings: Once logged in, click your profile icon in the top-right corner, then select “Settings” from the dropdown menu.
- Navigate to privacy & data: In the Settings menu, locate the 23andMe “Data” section and click View. Enter your birthdate and click “Continue.”
- Delete your account: Scroll to the option labeled “Permanently Delete Data.” Click on it and follow the on-screen prompts to confirm the deletion.
Destroy your 23andMe test sample:
- Go back to Settings by clicking your profile icon again.
- Scroll down to find the “Preferences” section.
- Select “Permanently Discard Samples” and follow the instructions to complete the process.
Withdraw consent for research use:
- In “Settings,” scroll to the “Research and Product Consent” section.
- Click “Edit” next to your current consent status.
- Select “Change Consent” and follow the prompts to confirm your decision to withdraw consent.
Important Considerations
- Data retention: Keep in mind that some anonymized or aggregated data may still be retained by 23andMe for legal or research purposes, even after account deletion.
- Research consent: If you’ve previously consented to participate in research, make sure to withdraw this consent before proceeding with the account deletion
- Confirmation: After submitting the deletion request, monitor your email for confirmation from 23andMe to ensure the process is completed.
Taking these steps promptly can help protect your genetic privacy and mitigate risks associated with the company’s bankruptcy. Stay informed and consider additional measures to secure your personal information.
Keeping your health data secure
Before you rip the health wearable off your wrist, there are more solutions than simply abstaining from them. In general, the less technology you use, the safer you are from cyber threats. However, these wearables have other valuable features like crash/fall detection, blood sugar monitors, and more that are specially catered to the elderly and people with disabilities, which make their lives much more accessible. Here are some of the steps you can take to stay safe:
Research the wearable you will be using. It goes without saying. Using just any health app may leave you at greater risk of experiencing a cyber attack if you don’t understand their measures to put safety and security above all else. In general, apps with a larger framework, like Apple and Fitbit, are safer because they have been built to handle their user base over many years. However, apps that allow you to store your data locally rather than in a cloud are also generally safer.
Don’t voluntarily give too much away. Although DNA analysis services are fun and can provide interesting and useful information about your health, it’s better to go about these tests in a traditional manner. It’s a delicate balance, as many have shared stories of learning about their predispositions to certain cancers, like through BRCA mutations, using these services. Ultimately, too much information is stored and possibly sold by these companies to make using them more valuable than talking to your doctor.
Don’t open your health app over public Wi-Fi. Your health wearable is likely connected to your phone through Bluetooth, which acts as a hub. Since this is a direct link, it is unlikely to be hacked. However, when you open your health app over public Wi-Fi, there is always a chance that once you connect to the internet, your data will be sent to a cloud. Without encryption, it is easy for hackers sharing the same network to capture this data and use it against you. Gym-goers should be very wary of this imminent threat.
Review privacy settings. You should take extra precautions even while using a reputable fitness app brand. Some settings may allow your app to track you across other apps, send diagnostic data, or track your location unnecessarily. Only opt in to required services to enable your health wearable to work correctly. Everything else is extraneous and possibly unsafe.
Update your app regularly. You should do this with all apps, but health apps especially. Updates are designed to patch vulnerabilities in software that may allow hackers to enter more easily. When you skip updates, you are keeping these holes open and making yourself needlessly vulnerable to infiltration.
Use strong passwords. Generally, you will need to use a portal to access your health data unless you are, say, an Apple user with all Apple devices. Ensure your password is unique and random, as weak passwords make account takeovers much easier for hackers. You can use our free password generator to create a good password without the guesswork.
Taking the extra step to protect your health data
Depending on what app you choose, you may not have a choice where your health data goes. That’s why it’s important to do everything possible to protect it in your daily usage. You can use a VPN like IPVanish to safeguard your data everywhere. While using IPVanish, you don’t have to worry about opening your health apps while connected to public Wi-Fi because your data will be automatically encrypted and sent to one of our secure remote servers. This way, even if someone were to intercept your connection, they wouldn’t be able to read any of your sensitive health data. That way, you can keep your fitness goals in check without anybody snooping on your progress.
