Imagine a future where the government encourages Americans to wear health-tracking devices, such as smartwatches and fitness rings, to monitor their health and well-being. This is exactly what Health Secretary Robert F. Kennedy Jr. has proposed during a House Energy and Commerce Health Subcommittee hearing.
Kennedy's suggestion is to use wearable health products, like Fitbits, Apple Watches, Oura Rings, WHOOP, and glucose monitors, to "control" our health and take responsibility for it. According to Politico, Kennedy said people can use these devices to track what food is doing to their glucose levels, heart rates, and other metrics as they eat it, and make good judgments about their diet, physical activity, and lifestyle.
While this remains just a suggestion and not a mandate, the Department of Health and Human Services has announced plans to launch a campaign to encourage Americans to wear these devices. Wearables can track heart rate, menstrual cycle, fitness regimen, blood sugar levels, sleep patterns, location, and more. They're a great way to understand our health and stick to a workout routine.
However, there are concerns about the safety of storing lots of personal data with these devices. Is it safe for all this information to be out there? And what happens if this data ends up in the wrong hands – including the government's?
Experts weigh in on the issue. Alex Hamerstone, the advisory solutions director for TrustedSec, an ethical hacking company, says that no one has said the government will actually collect this health data. "Those are obviously two very different questions, and there's no indication at this point that they're looking to have the government have access to that data," he noted.
But even if the government doesn't collect the data, it already has access to a lot of health information through Medicare, Medicaid, and other programs. "If you look at the percent of people who receive health care through these programs, they already have a lot of very detailed information," Hamerstone said.
The value of health data is also a concern. "Data is the new currency," says Hamerstone. But "health data is just kind of a different category of data." Having your credit card hacked may be annoying, but getting access to private health care data can have serious consequences.
"So, somebody knowing how many steps you take is one thing, but if you start to get into things like glucose levels or very detailed medical information, those things could start to affect other parts of your life," Hamerstone said. This could impact insurance rates and options, he added.
Kevin Johnson, the CEO of Secure Ideas, a security testing and consulting company, has concerns about the government's ability to protect health data because of past breaches. In 2018, there was a major security breach involving the Strava fitness app and the U.S. government in which soldiers' locations at military bases were shared via Strava.
"So, the idea that the government is saying we're going to encourage wearing of these when the government had a significant security problem due to this, that's one of the concerns that I just don't understand how we forgot that happened," said Johnson. Overall, Johnson says there are "significant security issues with wearable devices."
Dave Chronister, the CEO of Parameter Security, agrees. "There are always security concerns when it comes to connected technology," he said. Wearable devices can be hacked, and even if you think only your heart rate data is at risk, it's actually much more than that.
"No device or platform is completely secure," Chronister noted. Attackers often target the backend systems, like cloud servers, via compromised employee credentials or software vulnerabilities. Devices that rely on Bluetooth or Wi-Fi can also be exploited, and if they support messaging or sync features, phishing or spoofing attacks are possible.
"We're not just talking about heartbeat," Chronister said. "We're not just talking about your sleep schedule. We're talking about your location. We're talking about most of these apps tie into your contacts." These devices can also get stolen or lost, putting your data at risk.
Johnson and Chronister both stress the importance of checking your privacy settings on wearable devices and regularly validating them to ensure they are still set the way you want them to be. But even with these precautions, individual users have very limited control over their data.
"Unfortunately, individual users have very limited control," Chronister noted. "You are largely at the mercy of the device manufacturer and app provider." The real issue is how companies store, share, and protect your data behind the scenes.
Chronister stressed that it's critical to understand the long-term implications of voluntarily handing over personal health data to private companies. This information can be sold to marketers, shared with third parties, or exposed in a breach.
"And AI is really a wild card," Chronister said. "Going forward, it will increasingly be able to draw conclusions and make predictions about your current and future health." This raises serious questions about how such insights could affect things like insurance eligibility, premium rates, or even creditworthiness.
When it comes to health data, the risks are inherent, even with the government not involved," Hamerstone said. Once that data exists, it's at risk of being lost or stolen by bad actors.