Pharma wants real-world data; adversaries want it more.
Case Studies
- MyFitnessPal breach (2018): 150m accounts compromised — a reminder of health data’s value (TIME).
- Flo Health (2021): settled with US FTC for sharing sensitive reproductive data despite promising privacy (FTC).
- Flo Health (2025): faced new lawsuits; a California jury also found Meta liable for collecting Flo user menstrual data without consent (Reuters).
Risk Hotspots
- Insecure APIs/model endpoints
- Sensor spoofing
- Third-party SDK vulnerabilities
- Cross-border transfers under GDPR special category rules
Mitigations
- Privacy by design (minimise, pseudonymise, differential privacy)
- Strong auth & rate limiting
- TLS + encryption at rest
- Transparency & explainability
- Dependency vetting
- Incident response aligned to GDPR & AI Act timelines
Your real-world data strategy is only as strong as your real-world security.