Garmin Connect outage

Of course Trainerroad has the great outdoor ride feature that requires 3rd parties to work. This is another nightmare for companies. Features can break and the fix is out of their hands.

But can you export to Garmin without connect?

Why do you assume that companies that run their servers on-prem are more secure than companies that utilize cloud infrastructure? There are lots and lots of instances where companies running on-prem infrastructure have been hacked. From a pure volume perspective, I would bet (and no, I don’t have actual statistics ) that more on-prem companies have been hacked than companies that utilize cloud infrastructure. Not because cloud infrastructure is inherently more secure (or less secure), but simple because there are more companies with on-prem infrastructure.

At the end of the day, the security of your infrastructure comes down to investment in people, processes, and systems (e.g., intrusion detection, firewalls, etc.). Companies that invest in an holistic security program are more secure, than companies that rely on a wing and a prayer (too many). Good security isn’t easy, but it isn’t rocket science either.

I hope that Garmin does get hit with a rather sizable fine, as that will probably (hopefully) convince management / board of directors to invest in a good data security program. Plus hopefully this will convince other players in the fitness space that they also need to invest in a data security program.

Just posted on the Garmin Facebook page:

That is not how it was meant to come across. I certainly don’t think the cloud is more secure. I was trying to say companies put infrastructure in the cloud and think they don’t have to work so hard to keep it secure because the provider will. S3 bucket miss configurations that has led to data leaks prove that you still have to work hard to keep it secure. Security is not easy!

Totally agree. Cloud has a physical security advantage over most on-prem, but data security is as hard in the cloud as it is on-prem.

Was meant as a heads-up for others to avoid this specific headache since someone brought up privacy zones, a history refresh is a major change to your feed history and it sucks when it’s unexpected.

The ransom has been noted to be $10 million.

Industry reports are that this is not a ‘hack and leak’, like older style ransomeware but ransom demand only - no, you cant be totally sure, but the malware itself gives you a good indication, it makes victims more likely to pay, and this data isnt as valuable on the dark web market as financial data.

As an individual I would be primarily concerned if I am getting “free” or reduced rate health insurance, that my insurer wont be increasing my premiums whilst the outage lasts.

I dont believe so. Health “records”, eg meetings with your GP, test results, and certainly mental health data. Heart rate data is less obvious whether its SPD or not, Ive discussed it with a few different DPOs and its sometimes inconclusive; the fact that your heart rate was 120bpm or 150bpm on a hour our ride is not particularly indicative of any health status.

However, if any data was leaked (which doesnt appear to be the case here) the enforcing body (ICO in the UK) would likely be more concerned with the volume of individuals at play here when it came to deciding actions and penalties.

Awesome

Heart rate and power data are sensitive if their activities dictate it (edited for clarity) and the controller/processor should identify it as such. Interestingly Garmin seem to make zero reference to those types of data in their privacy policy.

An example of my industry is a Financial Planner capturing a client’s known health issues for the purpose of planning their financial future.

Garmin devices however process HR data as part of the performance / recovery advisor or check. That could clearly be argued as in scope as sensitive personal data given the outcomes of the ‘check’.

To a device or to Garmin’s servers? If the former then yes: For edge units plug it into your computer where it will appear as a drive called “Garmin” in your file manager program. Drag your file to Garmin->garmin->New files then unplug the device and restart it. The file will appear in either courses or workouts depending on what it is.

If the latter: have you read the thread?

IMO the central issue here is that we live in a society where health data has any connection to financial planning in the first place. THAT is what needs to change.

You must be young What the financial planner was talking about are situations like a disease with a prognosis for possible disability or early death affecting how someone would adjust an investment portfolio, financial plans or make certain estate planning moves a priority. Since humans live and die on their own schedules, and everyone dies, health data is always going to be part of a whole host of people’s planning and activities. And since sharing that data is part of that process, it needs to be secure.

Ahh, no not young. But I was looking at this from the perspective of health data impacting healthcare costs. I was making the point that healthcare costs should be effectively fixed.

Healthcare costs are nothing to do with financial planning in the context I use - I refer to it as the practise of assessing someone’s wishes, health and estate and making an effective plan to provide for them and others.

Well, but you cant realistically disconnect the two in this country though, can you? Health care costs in this country have the ability to singlehandedly bankrupt people…that seems like something that needs to be accounted for in financial planning? (Even though that possibility should be eliminated through legislation, IMO).

Which country? I am in the UK. We have the NHS and I choose to pay for private healthcare on top, which IMHO is exceptionally good value to avoid waiting.

And no matter what - professional planning for older age, retirement and death is worthwhile for most.

I’m in the U.S. The goal of healthcare here is not caring for the heath of others, but as an avenue for wealth creation for the few at the expense of the many.