An Overview On Privacy Concerns In Wearable Devices

Chani A. Cordero FACHE, CIO, Carl Darnall Army Medical Center

In this day and age, there is no longer a need for wearable medical device companies. What we need are security companies that sell wearable medical devices. Wearable medical devices (WMD) are objects that are worn on a certain part of the body and are capable of transmitting data regarding your health. The devices can be worn as an accessory such as a watch, clip, or even in clothing. There are devices that are embedded in the skin, such as tattoos or implanted into a person’s body.

Depending on the sensor, WMD collect different type of information and are powered by some type of microprocessor that has the ability to transmit data. For a wearable to be considered a medical device, it must undergo vigorous testing to ensure they are biocompatible. Regulatory agencies such as the Food & Drug Administration, the European Medicines Agency, or Mexico’s Comision Federal para la Proteccion contra RiegosSanitarios (COFEPRIS) all have different rules and laws governing the design and manufacture of WMDs.

Wearable medical devices are on the rise largely due to technology advancements, especially with Inertial Measurement Units (IMUs), electrochemical biosensors, and wearable electrodes. The rise and acceptance of smartphones continue to support this trend. Market Watch predicts, “The Global Wearable Medical Device Market is expected to reach a market value of USD 27,255.6 million by 2023 from USD 7,859.4 million in 2017”.

Wearable medical devices transmit data via different platforms. Some of the more popular ones are Bluetooth, ZigBee, or Wi-Fi. Bluetooth uses the IEEE 802.15 wireless standard that transmits data between devices over short distances (about 30 feet) using short-wavelength radio waves. Zigbee uses the IEEE’s 802.15.4 personal-area network standard to communicate with other Zigbee devices between 30–60 feet while Wi-Fi uses the IEEE 802.11 wireless standard that can transmit data via UHF radio around 300 feet. Medical devices use a variety of platforms to send and receive data. This technological advancement enables a medical professional to track medical data, analyze the data, and use these to make a decision regarding your health.

The need to transmit data is what makes WMD particularly vulnerable; hence, the need for an equipped security company that is capable of tackling these vulnerabilities. Bluetooth standard is highly susceptible to all types of attacks such as eaves dropping, man in the middle attacks, and denial of service attacks. Zigbee is susceptible to physical attacks due to its protocol and side-channel attacks when given proximately allow bad actors to wreak havoc on a wearable medical device. Lastly, Wi-Fi is susceptible to similar attacks like Bluetooth such as man in the middle attacks, flaws within the security protocol, and rogue access point. All of these vulnerabilities can disrupt your health data transmission. However, it was not device manufactures who discovered these flaws but security research firms.

One can argue that a security company focus would lack innovative solutions, one can even argue further that the focus would not be a medical benefit but with locking down a device but the reality is; this is what we need. We need the focus to be on security first and benefits second. This mind shift would ensure the focus is on data integrity which should be the first priority with functionality and performance next in line. This would allow developers to find a solution around security instead of trying to fit in security protocols that ultimately, could leave open flaws and vulnerabilities. Security firms are constantly scanning the environment for zero-day attacks.

The best pizza joints don’t make the best hamburgers, so why should the best wearable medical device provide the best security. Your healthcare data is valuable, so entrust it with a company that specializes in protection

Top Cybersecurity Consulting/Services Companies

Top Enterprise Security Solution Companies

Top Enterprise Security Consulting/Services Companies