Security

Security

As useful as a device like this can be medically, we have to examine if that utility is outdistanced by any other pressing concerns, such as security or privacy. Tom Kellermen, a chief cybersecurity officer for Dallas software Trend Micro states that a hacker could gain access to one of your appliances, and through it, your entire network—possibly including a baby monitor (Strom, 2015). The case of Scanadu is unsettling. “Any information that is provided to a third party vendor is to be used only for the purpose of performing the analytics and compiling reports of the information (Scanadu Privacy Policy).” In other words, by consenting to the Scanadu privacy agreement, you do consent to third-party disclosure. The upside is that if they get new software that makes it easier to detect an impending heart attacks, user data may be well-served by such a revelation. If, on the other hand, Scanadu shared your data to an unethical source, it could be used to compromise the user. If insurance companies pay Scanadu to reveal pre-existing conditions in their users, they could use that data to disqualify someone from coverage. Their user agreement makes both eventualities possible. (Bayer & Fairchild, 2000)

But this is not the worst of it. Bluetooth itself is susceptible to hacking. Bluesnarfing is a common method for gaining unauthorized access to the data of any Bluetooth connection. Using a technique called war driving, a person can drive through neighborhoods using a portable computer or a smartphone attempting to discover active Bluetooth networks in order to gain access to them. (Paus, 2017) Once a device is put in discoverable mode, the data it collects is open to outside attacks of this variety. In exceptional circumstances, devices not in discoverable mode can be access by piggybacking nearby discoverable ones (Steinberg, 2015). Most famously, in 2011 in Seattle, police arrested two men who they allege had been driving around for years stealing data worth almost a million dollars from various networks (Liebowitz, 2011). Though Bluetooth has made improvements in its security grid since then, according to their own tech sheets, they are still vulnerable to targeted attacks of this kind, recommending users keep Bluetooth devices out of discoverable mode when they are fearful of malicious attacks (Steinberg, 2015). By extension, Scanadu is vulnerable to this type of attack. Since malicious attacks can come through this fishing expedition-style attack called wardriving, it would seem a user has frequent cause to have that fear. The Department of Health and Human Services Office for Civil Rights estimates that at least 95,000 medical records were compromised in June 2016 (HIPPA, 2016). The HIPAA Journal, or the journal charged with evaluating the safety of the individual’s private medical data, in June 2016, estimated that 41% of breaches were the result of hacking, another 41% was insider theft and errors, the remaining 18% made up of both physical loss of paper data or devices containing data. Until Bluetooth or another company find a more secure way of safeguarding data for Scanadu, they seem ill-prepared for the present security climate.