The Internet of Bodies Is Already Here: How IoB Can Help Us, Warn Us, And Put Our Privacy At Risk

Reader note: you may see this topic written online as the “Internet of Bodes,” but the term used in the research is Internet of Bodies, often shortened to IoB. It means connected technology that is worn on, placed in, or tied very closely to the human body.

That sounds futuristic, but it is already here. Smart watches track heart rhythm and sleep. Continuous glucose monitors help diabetics make decisions. Insulin pumps, pacemakers, hearing devices, smart rings, medical apps, remote patient monitoring tools, and experimental brain-computer interfaces all sit somewhere on the IoB spectrum. The promise is real: better health alerts, more independence, faster care, and more personalized technology. The warning is real too: when body data moves through apps, cloud platforms, vendors, employers, schools, homes, and medical systems, ordinary cybersecurity mistakes can become health, privacy, safety, and discrimination problems.

What is the Internet of Bodies?

The best plain-English definition comes from RAND Corporation’s 2020 research report, The Internet of Bodies: Opportunities, Risks, and Governance. RAND describes IoB as an expanding group of devices that combine hardware, software, communication, and body-related data to track personal health, provide medical treatment, or enhance comfort, function, health, or well-being.

Legal scholar Andrea Matwyshyn helped bring the term into policy discussion and described the Internet of Bodies as a progression from the Internet of Things into a network where human bodies rely, at least in part, on internet-connected software, hardware, and related technology. That is why IoB is different from a smart speaker or thermostat. A bad thermostat update may make a house uncomfortable. A bad medical-device update, compromised health app, or leaked biometric dataset can affect a person’s body, finances, insurance, job, family privacy, or medical choices.

For everyday users, think of IoB in three rough layers:

• Wearables: smart watches, fitness trackers, smart rings, sleep trackers, smart glasses, connected hearing devices, and phone-connected medical accessories.
• Medical and near-medical devices: continuous glucose monitors, insulin pumps, pacemakers, remote patient monitoring equipment, connected blood-pressure cuffs, connected scales, and approved health apps.
• Implantable, ingestible, and emerging systems: smart pills, implanted sensors, brain-computer interfaces, neurotechnology, and future devices that may change how people move, communicate, remember, or make decisions.

A recent blog post framed this as scientists warning that we are unprepared for an imminent Internet of Bodies. That headline points in the right direction, but the stronger evidence is more specific: RAND, FDA, FTC, NIST, CISA, peer-reviewed researchers, and other policy groups are all saying pieces of the same thing. The technology is moving faster than our security habits, privacy expectations, and regulatory systems.

Why the warnings are getting louder

RAND’s Mary Lee put it bluntly in 2020: when it comes to IoB regulation, “it’s the Wild West.” RAND’s report found that governance is spread across a patchwork of agencies, standards groups, consumer rules, medical-device rules, state laws, and voluntary practices. The FDA has made progress on medical-device cybersecurity, but RAND also notes that many consumer IoB devices do not fall under FDA jurisdiction.

That gap matters because IoB data can be more sensitive than ordinary account data. A password can be changed. Your heart rhythm, gait, sleep pattern, fertility signal, medication history, location routine, and implanted-device telemetry are harder to reset. RAND’s article also points to real-world examples, including fitness tracker data that exposed sensitive military activity patterns and a criminal case involving pacemaker data. Those examples show why body-linked data is not just a health issue. It can become a legal, employment, insurance, family, security, and national-security issue.

The federal government has also sharpened its focus. The FDA’s current medical-device cybersecurity guidance, content current as of February 3, 2026, tells manufacturers to address device design, labeling, premarket documentation, and cyber resilience for devices with cybersecurity risk. A June 27, 2025 Federal Register notice says the guidance updated the 2023 version and reflects newer statutory obligations for cyber devices.

That is not fearmongering. It is the practical reality of connected technology: the more devices we attach to human bodies, the more we need patching, encryption, authentication, secure design, vendor accountability, privacy controls, and clear end-of-life plans.

How IoB can help us

The Internet of Bodies is not automatically bad. Many of the benefits are exactly why families, doctors, researchers, employers, athletes, caregivers, and patients are interested in it.

• Earlier health warnings: wearables may flag abnormal heart rhythms, sleep changes, oxygen changes, falls, or activity shifts that prompt someone to seek care sooner.
• Better chronic-condition management: glucose monitors and insulin pumps can help people with diabetes make faster, more informed decisions with less guesswork.
• Remote care: connected blood-pressure cuffs, scales, pulse oximeters, and care platforms can help clinicians monitor patients without requiring every check-in to happen at an office.
• Independence and accessibility: hearing devices, prosthetics, mobility devices, and brain-computer interface research may help people communicate, move, work, and live more independently.
• Safer work in some settings: fatigue monitoring, heat-stress sensors, fall detection, and emergency alert wearables could help protect workers in construction, logistics, healthcare, manufacturing, elder care, and lone-worker roles.
• Better personal awareness: sleep, stress, activity, and recovery metrics can help people notice patterns and talk with medical professionals more clearly.

For Port St. Lucie families and small businesses, the first useful takeaway is simple: IoB is already in the house and the workplace. It may be sitting on a wrist, clipped to clothing, paired to a phone, connected to Wi-Fi, synced to a cloud account, or linked to a medical portal.

Where IoB can warn us in the future

The exciting part of IoB is that body-connected technology can act like an early-warning system. A wearable may catch a pattern a person would miss. A sensor may warn a caregiver before a crisis. A device may alert a doctor that treatment is not working. A smart workplace wearable may warn of heat stress before someone collapses.

Future warning use cases could include:

• Medical deterioration alerts: changes in heart rate, oxygen, motion, temperature, glucose, or breathing could help detect trouble earlier.
• Medication adherence support: connected packaging, apps, or ingestible sensors may confirm whether a prescribed medication was taken.
• Fall and wandering alerts: families caring for seniors may benefit from wearables that detect falls or unsafe movement patterns.
• Workplace safety warnings: heat, fatigue, exposure, or posture sensors may help reduce accidents when used with clear employee privacy rules.
• Disaster and emergency response: responder wearables could track location, vitals, and environmental exposure during fires, hurricanes, industrial incidents, or large events.
• Adaptive accessibility: future interfaces may respond to movement, neural signals, tremors, hearing needs, or speech limitations in real time.

The important phrase is when used responsibly. A safety wearable that protects a worker is helpful. The same wearable used to micromanage bathroom breaks, infer medical conditions, or penalize someone for a disability becomes a trust problem. IoB can warn us about health and safety, but it can also warn us about how easily sensitive data can be misused.

The cybersecurity and privacy risks

The risk is not that every smartwatch is dangerous or every connected medical device will be hacked. The risk is that IoB combines four things that are hard to manage: intimate data, long device lifecycles, cloud accounts, and real-world consequences.

1. Body data is deeply personal

A 2025 npj Digital Medicine study on consumer wearable privacy policies evaluated 17 leading wearable manufacturers across transparency, collection purposes, data minimization, user control, third-party sharing, security, and breach notification. The authors found inconsistent data governance across the industry and argued for stronger sector-specific privacy standards. In plain terms: even when the device is useful, the paperwork and privacy controls may not be as clear as families and businesses assume.

2. HIPAA does not cover every health-related app or device

This is one of the biggest consumer misunderstandings. The FTC explains that many companies collecting health information through fitness trackers, diet apps, connected blood-pressure cuffs, and similar tools are not covered by HIPAA. That does not mean there are no rules, but it does mean people should not assume every health app is protected like a doctor’s medical record system.

The FTC’s Health Breach Notification Rule was updated in 2024 to make clear that makers of health apps, connected devices, and similar products may have breach-notification obligations. That is important for small businesses too. If your business builds, sells, manages, recommends, or stores data from health-related apps or connected devices, this is not just a consumer issue. It can become a compliance and reputation issue.

3. Connected medical devices need lifecycle security

Medical devices can stay in use for years. Some cannot be patched easily. Some rely on a phone app, cloud account, home Wi-Fi network, Bluetooth connection, remote monitoring portal, or hospital system. CISA’s 2019 advisory on certain Medtronic MiniMed insulin pumps warned that a vulnerability could allow attackers to change pump settings and affect insulin delivery. That does not mean people should panic or stop using prescribed devices. It means device cybersecurity is patient safety.

4. The attack surface moves into the home

IoB devices often depend on normal home and small-office technology: routers, phones, tablets, passwords, email accounts, app stores, Bluetooth, Wi-Fi, cloud backups, and family sharing. If those basics are weak, a sensitive device may inherit the weakness. A reused password, old phone, unpatched router, compromised email account, or unknown third-party app can become the weak link.

5. Employer and school use needs boundaries

Wearables can help with safety, but they can also create surveillance pressure. Before a business rolls out health, fatigue, attention, productivity, or location-tracking wearables, it should answer basic questions: What data is collected? Who sees it? Is participation voluntary? How long is it kept? Is it used for discipline? Can it reveal a disability, pregnancy, medical condition, religion, or off-duty activity? Is there a written policy? Has counsel reviewed it?

6. AI will make IoB more powerful and harder to audit

As AI systems interpret body signals, the problem grows from “who collected the data?” to “what did the system infer from it?” A model might infer fatigue, stress, attention, illness, pregnancy, impairment, fitness, sleep debt, or emotional state. Those inferences can be wrong, biased, or used outside the original purpose. That is why RAND and other policy researchers keep tying IoB to privacy, ethics, autonomy, and governance, not only cybersecurity.

What this means for families and small businesses

For families, IoB means the devices around health and safety deserve the same attention as banking and email. Know which accounts control the device. Know how updates happen. Keep the paired phone secure. Avoid sharing health dashboards casually. Review app permissions. Think twice before giving a school, sports program, employer, or random wellness app access to biometric data.

For small businesses, IoB is a policy and IT management issue. Many businesses already have employees wearing smart watches, using phone-based health apps, bringing connected medical devices to work, or enrolling in wellness programs. Some may use wearable safety devices in the field. That raises practical questions:

• Should IoB devices connect to the business Wi-Fi network or a guest network?
• Does the business collect any employee health, location, biometric, or wearable data?
• Who owns the account tied to a business-provided wearable?
• How are lost phones, former employees, and shared devices handled?
• Are wellness vendors allowed to share data with advertisers, insurers, analytics providers, or data brokers?
• Does the business have a written acceptable-use and privacy policy?
• Are admin accounts protected with MFA or passkeys?

Small businesses do not need a giant enterprise program to start. They need inventory, segmentation, account security, vendor review, update habits, and clear rules. The same fundamentals The IT Guys recommends for email, routers, backups, browser profiles, and cloud accounts also apply here.

What to do now

Here is a practical checklist for home users, families, and small businesses.

For home users and families

1. Inventory your body-connected devices. List smart watches, rings, glucose monitors, hearing devices, connected medical gear, health apps, and the phones or tablets they pair with.
2. Secure the controlling accounts. Use a strong unique password and MFA for Apple, Google, Samsung, Fitbit, Garmin, Microsoft, medical portals, and email accounts tied to the device.
3. Keep the paired phone updated. The phone is often the bridge between the body device and the cloud.
4. Review app permissions. Remove old health, fitness, sleep, nutrition, and wellness apps you no longer use.
5. Read the sharing settings. Check whether data is shared with family members, doctors, coaches, employers, research programs, advertisers, or third parties.
6. Use a guest Wi-Fi network where appropriate. Keep casual smart devices separated from computers used for banking, work, and medical portals.
7. Do not ignore medical-device notices. If an FDA, manufacturer, doctor, or pharmacy notice mentions a cybersecurity or safety issue, call the provider before making changes.

For small businesses

1. Create a connected-device policy. Include wearables, health apps, Bluetooth devices, employee-owned devices, and guest Wi-Fi.
2. Separate networks. Put guest, IoT, and personal devices away from business computers, file shares, point-of-sale systems, cameras, and admin systems.
3. Use MFA or passkeys on admin accounts. This includes email, domain registrar, website admin, cloud storage, accounting, payroll, and device-management tools.
4. Vet wellness and safety vendors. Ask what data is collected, where it is stored, how long it is kept, who can access it, whether it is sold or shared, and how breaches are handled.
5. Document consent and purpose. If employees are asked to wear or use connected technology, the purpose and limits should be clear.
6. Plan offboarding. Remove former employees from apps, dashboards, shared accounts, device portals, and vendor systems.
7. Use the NIST basics. NIST’s Cybersecurity Framework 2.0 organizes risk management around governance, identification, protection, detection, response, and recovery. That structure works for small businesses too when scaled down.

How The IT Guys can help

The IT Guys can help home users and small businesses turn this into a practical setup instead of a scary headline. That may include reviewing home or office Wi-Fi, separating guest and IoT networks, checking router security, cleaning up connected apps, improving MFA, documenting business device policies, reviewing Microsoft 365 or Google Workspace access, securing backups, and helping owners understand which devices and accounts matter most.

If your business is adding wearables, remote monitoring, employee wellness technology, connected cameras, mobile-device access, or healthcare-related apps, do not wait until there is a breach or a confusing vendor contract. Start with the basics: inventory, account security, network separation, update ownership, and privacy expectations.

Need help reviewing connected devices, Wi-Fi, account security, or small-business IT policies? See Small Business Services, schedule an appointment, or contact The IT Guys to plan a practical security review.

Source links and further reading

• Mekra Blog: Why Top Scientists Warn We Are Unprepared for the Imminent Internet of Bodies — the recent article that appears to match the headline circulating online.
• RAND Corporation: The Internet of Bodies: Opportunities, Risks, and Governance — peer-reviewed RAND research report, published October 29, 2020.
• RAND: The Internet of Bodies Will Change Everything, for Better or Worse — RAND explainer on benefits, privacy, cybersecurity, and ethics.
• National Press Foundation: What is the Internet of Bodies? — Mary Lee of RAND explaining IoB examples and regulatory gaps, updated December 21, 2022.
• Andrea M. Matwyshyn, The Internet of Bodies, William & Mary Law Review — legal and policy analysis of IoB, privacy, security, autonomy, and governance.
• npj Digital Medicine: Privacy in consumer wearable technologies — 2025 peer-reviewed study of privacy policies across leading wearable manufacturers.
• FDA: Cybersecurity in Medical Devices guidance — current FDA recommendations for medical device cybersecurity design, labeling, and premarket submissions.
• Federal Register: FDA 2025 medical-device cybersecurity guidance notice.
• CISA: Medtronic MiniMed 508 and Paradigm Series Insulin Pumps advisory — example of why medical-device cybersecurity can become a patient-safety issue.
• FTC: Complying with the Health Breach Notification Rule — explains health apps, connected devices, HIPAA gaps, and breach-notification obligations.
• NIST: Cybersecurity Framework 2.0 — practical risk-management structure for organizations of all sizes.
• NIST Cybersecurity for IoT publications — baseline guidance for consumer IoT security and related device profiles.
• UK Government: Emerging technologies and their effect on cyber security — discusses IoB, brain-computer interfaces, expanded attack surface, and physical safety implications.

Source note: this article was researched and prepared on Thursday, June 18, 2026. Medical-device guidance, health-app rules, and cybersecurity advisories can change. For medical decisions, always follow your physician, device manufacturer, pharmacist, and official FDA safety communications.