The Norwegian Consumer Council Forbrukerradet reveals findings that many healthcare IoT devices are plagued by weak security.
Connected healthcare devices have a poor track record when it comes to security, according to the Norwegian Consumer Council, known locally as Forbrukerradet.
The Scandinavian watchdog tested a number of app-connected blood pressure gauges and blood glucose-monitoring devices and found they fell short of properly protecting the privacy and consumer rights of users.
During the course of their investigation, researchers working on behalf of Forbrukerradet identified a number of faults with devices and services with regard to consumer protection and privacy. Such devices, and especially blood glucose meters, may pose significant privacy risks, says Forbrukerrådet, since information about the use of the device alone can reveal a great deal about an individual’s state of health. When a device that collects health data connects to the internet, it may also compromise the user’s control over their own data.
While apps give users a better understanding of the results the devices record, some apps send potentially sensitive information to companies in East Asia and North America, without the users being properly informed about this.
“It is not okay that, by using health-monitoring devices, you risk your health information being sold to, for example, insurance companies or other unauthorized entities. This is information that is commercially attractive for many actors,” said Anne Kristin Vie, director of public services and health at the Norwegian Consumer Council.
Health data sent over email
Many of the services also allow health data to be shared via email, which is not a secure channel for such information, the council said, and many of the apps that were tested directly encourage users to share their health data, either through e-mail or social media.
“Email is not a sufficiently secure channel to send data about your own health,” said Vie.
At the same time, she pointed out that devices intended for home testing can also be both accurate and user-friendly.
“This kind of technology has proved to be useful for people, and is readily available in stores, in pharmacies and online. Nevertheless, people need secure ways to share the information that the devices collect with, for example, their doctor,” she said.
“Although the features of these services can be useful to people, it is unacceptable that some apps contribute to users losing control their own health data,” she added.
Vie urged health tech industry players to make sure that terms and practices do not violate users’ privacy and basic consumer protection. “The users should not have to fear that their information could be used for harmful, direct marketing or price discrimination,” she said.