The software security company Symantec produces an annual Internet Security Threat Report (ISTR). This year’s Volume 20 covers a wide range of areas, from the Internet of Things to industrial cyber-espionage. Of particular interest to readers of Health Tech Insider, however, the following analysis of 100 health apps is likely to be of particular interest:
Symantec discovered that 52 percent of health apps—many of which connect to wearable devices—did not have so much as a privacy policy in place, and 20 percent sent personal information, logins, and passwords over the wire in clear text.
The report goes on to point out that on average, each app connected with an average of five separate Internet domains, from advertising to analytics services. The conclusion:
The potential exposure of personal data from health-monitoring devices could have serious consequences for individuals, for example, if insurance companies started to use the data to adjust premiums, if people used hacked location data to track other people without their knowledge. In a fast-moving and early-stage industry, developers have a strong incentive to offer new functionality and features, but data protection and privacy policies seem to be of lesser priority.
It has already been demonstrated that some wearable Health Tech devices can be hacked by others for potentially malicious purposes. Data protection and security are major concerns of users, according to some surveys, but apparently developers lag behind in delivering such features.
