The biggest risks of using fitness trackers to monitor your health

Fitness trackers, which assistance support tabs connected slumber quality, bosom complaint and different biologic metrics, are a fashionable mode to assistance Americans amended their wellness and well-being. 

There are galore types of trackers connected the market, including those from well-known brands specified arsenic Apple, Fitbit, Garmin and Oura. While these devices are increasing successful popularity — and person morganatic uses — consumers don't ever recognize the grade to which their accusation could beryllium disposable to oregon intercepted by 3rd parties. This is particularly important due to the fact that radical can't simply alteration their DNA sequencing oregon bosom rhythms arsenic they could a recognition paper oregon slope relationship number. 

"Once the toothpaste is retired of the tube, you can't get it back," said Steve Grobman, elder vice president and main exertion serviceman of machine information institution McAfee.

The vacation play is simply a fashionable clip to acquisition user wellness devices. Here's what you should cognize astir the information risks tied to fittingness trackers and idiosyncratic wellness data.

Stick to a sanction brand, adjacent though they are hacked

Fitness devices tin beryllium expensive, adjacent without taking ostentation into account, but don't beryllium tempted to skimp connected information to prevention a fewer dollars. While a less-known institution whitethorn connection much bells and whistles astatine a amended price, a well-established supplier that is breached is much apt to attraction astir its estimation and bash things to assistance consumers, said Kevin Roundy, elder method manager astatine cybersecurity institution Gen Digital.

To beryllium sure, information compromise issues, from transgression hacks to unintended sharing of delicate idiosyncratic information, tin — and person — deed well-known players, including Fitbit, which Google bought successful 2021, and Strava. But adjacent so, information professionals accidental it's amended to bargain from a reputable shaper that knows however to plan unafraid devices and has a estimation to upkeep. 

"A smaller institution mightiness conscionable spell bankrupt," Roundy said. 

Fitness app information is not protected similar wellness information

There tin beryllium different concerns beyond having a person's delicate accusation exposed successful a information breach. For example, fittingness trackers mostly link to a user's telephone via Bluetooth, leaving idiosyncratic information susceptible to hacking.  

What's more, the accusation that fittingness trackers cod isn't considered "health information" nether the national HIPAA modular oregon authorities laws similar California's Confidentiality of Medical Information Act. This means that personally revealing information tin perchance beryllium utilized successful ways a user mightiness ne'er expect. For instance, the idiosyncratic accusation could beryllium shared with oregon sold to 3rd parties specified arsenic information brokers oregon instrumentality enforcement, said Emory Roane, argumentation counsel astatine Privacy Rights Clearinghouse, a user privacy, advocacy and acquisition organization. 

Some fittingness trackers whitethorn usage consumers' wellness and wellness information to deduce gross from ads, truthful if that's a concern, you'll privation to marque definite there's a mode to opt out. Review the provider's presumption of work to recognize the its policies earlier you bargain the fittingness tracker, Roundy said.

Default social, determination settings whitethorn request to beryllium changed

A fittingness tracker's default settings whitethorn not connection the astir stringent information controls. To boost protection, look astatine what settings tin beryllium adjusted, specified arsenic those related to societal networking, determination and different sharable information, said Dan Demeter, information researcher at cybersecurity supplier Kaspersky Lab.

Depending connected the state, consumers tin besides opt retired of the merchantability oregon sharing of their idiosyncratic accusation to 3rd parties, and successful immoderate cases, these rights are being expanded, according to Roane.

Certainly, instrumentality users should beryllium cautious astir what they station publically astir their determination and activities, oregon what they let to go nationalist by default. This information could beryllium searchable online and utilized by atrocious actors. Even if they aren't acting maliciously, 3rd parties specified arsenic insurers and employers could get entree to this benignant of nationalist information.

"Users expect their information to beryllium their information and usage it however they privation it to beryllium used," Roane said, but that's not needfully the case. 

"It's not lone astir contiguous data, but besides astir past data," Demeter said. For instance, a atrocious histrion could spot each the times the idiosyncratic goes moving — what days and hours — and where, and usage it to their advantage. 

There are besides a fig of integer scams wherever criminals tin usage accusation astir your determination to marque an accidental look much plausible. They tin assertion things like, "I cognize you mislaid your wallet astatine truthful and truthful place, which lends credibility to the scammer's story," Grobman said. 

Location information tin beryllium problematic successful different ways arsenic well. Roane offers the illustration of a women seeking reproductive wellness attraction successful a authorities wherever termination is illegal. A fittingness tracker with geolocation services enabled could cod accusation that could beryllium subpoenaed by instrumentality enforcement oregon beryllium purchased by information brokers and sold to instrumentality enforcement, helium said.

Use beardown password, two-factor authentication, and ne'er stock credentials

Be definite to unafraid your relationship by using a beardown password that you don't usage with different relationship and enabling two-factor authentication for the associated app. And don't stock credentials. That's ne'er a bully idea, but it tin person particularly devastating consequences successful definite circumstances. For example, a home unit unfortunate could beryllium tracked by her abuser, assuming helium had entree to her relationship credentials, Roane said.

Also beryllium definite to support the instrumentality and the app up-to-date with information fixes.

While thing is full-proof, the extremity is to beryllium arsenic unafraid arsenic possible. "If idiosyncratic tries to nett from our idiosyncratic information, we conscionable marque their lives harder truthful it's not that casual to hack us," Demeter said.