Security concerns loom over popular fitness tracking devices like Strava, Garmin, and other high-end brands favored by high-net-worth individuals. 

Fitness trackers from Apple, Fitbit, Garmin, and Oura offer health insights, yet users often need to pay more attention to potential data exposure to third parties. 

Security researcher Jeremiah Fowler and WebsitePlanet recently discovered a massive database of Apple and Fitbit user information. The database contained over 61 million records of user health data linked to GetHealth. It was unknown how long the exposure remained at the time of the discovery.

The breach had been quickly resolved. However, this incident highlights the urgent necessity for increased security measures, encryption, and routine system audits in the wearable device industry.

Unlike a credit card or a bank account number, personal health data like DNA sequencing or heart rhythms cannot be changed at will. Steve Grobman, CTO at computer security company McAfee, warns about the irrevocable nature of such breaches. He likens the experience to “once the toothpaste is out of the tube, you can’t get it back.” 

As the holiday season prompts consumer health device purchases, it becomes highly paramount to understand the security risks surrounding these wearables. Customers should remain vigilant and exercise extra caution when deciding to make a purchase, prioritizing awareness of potential risks.

Stick to a title brand

Choosing a reputable brand is key even if they encounter security breaches. While lesser-known companies may offer more features at lower prices, established providers prioritize their reputation and customer well-being when faced with breaches. 

Security experts advise buying from reputable manufacturers with a history of secure device design and a dedication to safeguarding their reputation. Kevin Roundy, the senior technical director at cybersecurity company Gen Digital, stresses that smaller firms could face bankruptcy following a breach. These precautions are essential to ensure device security.

Fitness app data is less protected than health data

Fitness app data lacks the protection afforded to health information. Beyond the risk of data breaches, fitness trackers, often linked to smartphones via Bluetooth, can expose personal data to potential hacking.

It is essential to understand that data collected by fitness trackers is not protected by federal HIPAA standards or state laws, such as California’s Confidentiality of Medical Information Act. 

This lack of protection makes personal information susceptible to potential misuse, including sharing or selling to third parties like data brokers or law enforcement. Emory Roane, policy counsel at Privacy Rights Clearinghouse, has emphasized these risks.

Additionally, some fitness trackers monetize users’ health and wellness data through ads. To address this concern, ensure the device offers an opt-out option by reviewing the provider’s terms of service before making a purchase, advises Roundy.

Default social and location need to be changed

Change your fitness tracker’s default social and location settings for enhanced security. Dan Demeter, a security researcher at Kaspersky Lab, advises reviewing and adjusting settings related to social networking, location, and shared data to bolster protection.

In some states, consumers can opt out of personal information sales or sharing with expanding rights, as noted by Roane.

Exercise caution when publicly sharing location and activity details or through default settings, as malicious entities could exploit this data. Even non-malicious third parties like insurers and employers may access this public information.

Conclusion

In light of recent security concerns around fitness trackers, vigilance becomes essential when purchasingse. Various factors should be considered when choosing a device. Still, it is also key to have a reliable security services provider in your corner that understands the importance of risk management in case of data leaks, just like Marengo.