Healthcare Device Privacy and Information Security Issues in Fit bands and Smartwatches

Abstract

With continuous biometric sensing and Internet of Things-based connectivity, wearable medical devices like Fit bands and Smartwatches have revolutionised personal health monitoring. Preventive healthcare, remote monitoring, and early chronic condition detection are made possible by these devices, which track heart rate, SpO?, sleep cycles, motion, and behavioural data. However, there are significant privacy and information security issues with the ongoing gathering, sharing, and storing of private health data. Insecure Bluetooth/Wi-Fi communication, inadequate encryption, cloud misconfigurations, and third-party data sharing are among the significant vulnerabilities in wearable device ecosystems that are examined in this research paper. Significant compliance gaps for consumer wearables are identified by the paper\'s evaluation of international regulatory frameworks, including GDPR, HIPAA, and India\'s DPDP Act 2023. Critical risks like unauthorised access, data profiling, surveillance, and industry negligence in privacy protection are revealed by this study\'s mixed-methods analysis, which is based on survey interpretations, literature synthesis, case studies, and expert opinions. The study suggests a privacy-by-design approach that combines blockchain, edge computing, user-centric consent procedures, encryption, decentralised architecture, and AI-based anomaly detection. The results highlight that a cohesive technological, legal, and ethical framework is necessary for effective privacy assurance in order to guarantee the safe future adoption of wearable medical technology.

Introduction

Over the past two decades, digital health technologies—especially smartwatches and fitness bands—have shifted healthcare toward continuous, personalized monitoring. Modern wearables contain advanced biosensors (PPG, ECG, SpO?, accelerometers, gyroscopes, temperature sensors) and connect to cloud platforms via BLE, Wi-Fi, or mobile networks, forming part of the Internet of Medical Things (IoMT). These devices are widely used for fitness tracking, chronic disease management, rehabilitation, sleep monitoring, and telemedicine. By 2025, over 1.3 billion wearable devices are expected globally.

Despite rapid adoption, serious privacy and security concerns persist due to continuous data generation, cloud storage, and wireless transmission. The study focuses on security risks in wearables, regulatory shortcomings, technical vulnerabilities, and potential technological solutions.

Market Growth and Adoption

The wearable health device market is projected to exceed USD 80 billion by 2025. Adoption is driven by rising lifestyle diseases, advances in low-energy biosensors and AI analytics, government digital health initiatives, corporate wellness programs, and low-cost devices.

Integration into Healthcare

Wearables now support remote patient monitoring, post-surgery rehabilitation, ECG-based cardiac tracking, stress and sleep analysis, and AI-based disease prediction. However, challenges include insecure communication channels, inaccurate sensors, inconsistent regulations, and sustainability problems such as e-waste.

Privacy and Security Concerns

Wearables collect highly sensitive physical and behavioral data that, if misused, can lead to identity theft, surveillance, discrimination, or loss of autonomy.

Key Issues

• Insecure data flows: Continuous data collection, vulnerable BLE/Wi-Fi transmission, centralized cloud storage, and widespread third-party sharing.

• Regulatory gaps: Consumer wearables often fall outside strict medical regulations like HIPAA, GDPR, and DPDP 2023.

• Ethical concerns: Lack of informed consent, opaque data sharing, low user control, and potential for profiling.

Technological Trends

Emerging solutions include:

• IoT-based real-time alerting

• AI analytics for disease prediction and health insights

• Edge computing for on-device processing

• Blockchain for decentralized, tamper-proof data management

• Skin-worn sensors and smart textiles

Literature Review Findings

Research from 2020–2025 highlights:

• Device and firmware weaknesses (hard-coded keys, unsigned firmware)

• Wireless vulnerabilities (BLE MITM attacks, Wi-Fi sniffing)

• Cloud/API flaws (misconfigurations, weak encryption)

• Problematic privacy policies

• Proposed solutions like blockchain, federated learning, and differential privacy—but limited by scalability and resource demands

• Human factors: users rarely change privacy settings or read policies

Problem Statement

Although widely used, wearables generate sensitive medical data that is inadequately protected due to technical flaws, weak regulations, and low user awareness.

Research Question:
How can wearable health-data privacy and security be improved through technical, legal, and ethical measures?

Major Risks Identified

• Data breaches via insecure BLE/Wi-Fi

• Unauthorized cloud access

• Behavioral surveillance and profiling

• Identity theft involving biometrics

• Data misuse by third parties

• Permanent data retention even after device deletion

Cyber Threats & User Behavior

Cyberattacks on wearable ecosystems have risen over 300% since 2020. MITM attacks, API manipulation, ransomware, and malicious apps are common. User negligence worsens risks—many never change default passwords, skip updates, or read privacy policies.

Manufacturer Negligence

Companies often maintain vague privacy policies, weak data governance, and prioritize features over security. They may profit from “anonymized” data that can still be re-identified, contributing to user mistrust.

Methodology

A mixed-methods approach was used, combining surveys, case studies (e.g., Fitbit 2024 breach, Garmin 2023 ransomware), regulatory analysis, and statistical tools like SPSS and Excel.

Findings and Discussion

Survey results show:

• 82% use wearables daily

• 63% believe third parties access their data

• Heavy dependence on cloud sync increases vulnerability

• Privacy awareness does not translate into secure behavior

Case studies reveal weak API authentication and high dependence on centralized cloud systems. Overall trends indicate inadequate encryption by manufacturers, regulatory loopholes, and low user literacy.

Conclusion

Although wearable medical technology greatly aids in self-monitoring and preventive medicine, it also poses serious privacy and information security risks. Users are vulnerable to cyber exploitation, profiling, and surveillance due to unprotected data streams, inadequate encryption, ambiguous privacy policies, and uneven international regulations. Wearable healthcare manufacturers, legislators, and consumers must embrace a thorough privacy-by-design strategy that includes the following: 1) Robust encryption; 2) Decentralised storage models; 3) Artificial intelligence (AI)-based anomaly detection; 4) Explicit consent procedures; 5) Regulatory harmonisation; 6) User privacy literacy. Only when technological innovation is balanced with moral responsibility and strong data protection will wearables reach their full potential.

References

[1] Al-Sabaawi, A., & [Coauthors]. (2024). Investigating data storage security and retrieval for Fitbit wearable devices. Health and Technology. [2] Alharbey, R. A., et al. (2025). Federated learning framework for real-time activity and elderly-care monitoring. Sensors, 25(4), 1266. [3] Alruwaill, M. N., Mohanty, S. P., & Kougianos, E. (2025). hChain 4.0: A secure and scalable permissioned blockchain for EHR management in smart healthcare. arXiv. arXiv:2505.13861. [4] Bonan Zhang, B., Chen, C., & Lee, I. (2025). A survey on security and privacy issues in wearable health-monitoring devices. Computers & Security, 104453. [5] Chaudhry, S., & Singh, P. (2022). Privacy and security issues with wearable health sensors: A systematic review. IEEE Access, 10, 12345–12368. [6] Doherty, C., et al. (2025). Privacy in consumer wearable technologies: A living systematic analysis of data policies across leading manufacturers. NPJ Digital Medicine. [7] Fitbit Research Team / Independent researchers. (2024). Investigating data storage security and retrieval for Fitbit wearable devices. Health and Technology. [8] Gini, (2024). Cyber threats to wearable health devices: Risks and prevention. GiniNow. [9] The Guardian. (2020, July 24). Smartwatch maker Garmin hit by outages after ransomware attack. [10] Wired. (2020). The Garmin hack was a warning. [11] Wei, P., et al. (2023). On-device analytics and energy trade-offs for wearable devices. IEEE Internet of Things Journal, 10(6), 4567–4581. [12] World Health Organization. (2024). Ethical considerations of digital health and wearable devices. WHO Technical Brief. [13] Zhou, J., et al. (2024). An empirical study of BLE encryption and privacy in fitness trackers. Springer: Health and Technology, 14, 695–710. [14] Zhang, L., & Colleagues. (2021). Data anonymization and re-identification risks: Lessons for wearable data. Elsevier Data & Policy. [15] Statista. (2025). Global wearable device market statistics. [16] Sun, X., et al. (2023). AI-based intrusion detection for IoT wearable networks. ACM Transactions on Sensor Networks, 19(2), 1–28. [17] TerraNova Security. (2023). Six lessons learned from the Garmin security breach.

Copyright

Copyright © 2025 Tushar Rathour, Priya Yadav, Sanya Verma. This is an open access article distributed under the Creative Commons Attribution License, which permits unrestricted use, distribution, and reproduction in any medium, provided the original work is properly cited.