Fitness trackers, which help keep tabs on sleep quality, heart rate and other biological metrics, are a popular way to help Americans improve their health and well-being. 

There are many types of trackers on the market, including those from well-known brands such as Apple, Fitbit, Garmin and Oura. While these devices are growing in popularity — and have legitimate uses — consumers don’t always understand the extent to which their information could be available to or intercepted by third parties. This is especially important because people can’t simply change their DNA sequencing or heart rhythms as they could a credit card or bank account number. 

“Once the toothpaste is out of the tube, you can’t get it back,” said Steve Grobman, senior vice president and chief technology officer of computer security company McAfee.

The holiday season is a popular time to purchase consumer health devices. Here’s what you should know about the security risks tied to fitness trackers and personal health data.


Stick to a name brand, even though they are hacked

Fitness devices can be expensive, even without taking inflation into account, but don’t be tempted to skimp on security to save a few dollars. While a less-known company may offer more bells and whistles at a better price, a well-established provider that is breached is more likely to care about its reputation and do things to help consumers, said Kevin Roundy, senior technical director at cybersecurity company Gen Digital.

To be sure, data compromise issues, from criminal hacks to unintended sharing of sensitive user information, can — and have — hit well-known players, including Fitbit, which Google bought in 2021, and Strava. But even so, security professionals say it’s better to buy from a reputable manufacturer that knows how to design secure devices and has a reputation to upkeep. 

“A smaller company might just go bankrupt,” Roundy said. 

Fitness app data is not protected like health information

There can be other concerns beyond having a person’s sensitive information exposed in a data breach. For example, fitness trackers generally connect to a user’s phone via Bluetooth, leaving personal data susceptible to hacking.  

What’s more, the information that fitness trackers collect isn’t considered “health information” under the federal HIPAA standard or state laws like California’s Confidentiality of Medical Information Act. This means that personally revealing data can potentially be used in ways a consumer might never expect. For instance, the personal information could be shared with or sold to third parties such as data brokers or law enforcement, said Emory Roane, policy counsel at Privacy Rights Clearinghouse, a consumer privacy, advocacy and education organization. 


If this information is helpful to you read our blog for more interesting and useful content, tips, and guidelines on similar topics. Contact the team of COMPUTER 2000 Bulgaria now if you have a specific question. Our specialists will be assisting you with your query. 

Content curated by the team of COMPUTER 2000 based on official publications by the European Union Agency for Cybersecurity, including the Threat Landscape report for 2022. The full text of the report can be found here.

Follow us to learn more


Let’s walk through the journey of digital transformation together.

By clicking on the SEND button you agree to the processing of personal data. In accordance with our Privacy Policy

10 + 13 =