The Internet of Things: Enabling Innovation and Exploitation

Stop checking whether or not you’ve achieved your step goal. Right now.

The widespread use of bring-your-own-device (BYOD) strategies and the shift towards interoperability within the Internet of Things (IoT) — the interconnection of computing devices embedded in everyday objects such as watches, refrigerators and cars via the internet — has laid ground for a lot of innovation, especially when it comes to monitoring health care data. Think fitness watches and trackers such as the Apple Watch and Fitbit. You’re probably wearing one of those right now, aren’t you?

The Internet of Things is fraught with risk. In the scenario presented in the comic below, our young, well-groomed protagonist, Justin Bobby, was merely attempting to log his heightened heart rate in a convenient online health journal with the help of Kimani, our version of Alexa.

Unfortunately, due to a lack of security, the surly cybercriminal in our comic intercepted this supposedly private data and posted it on his well-advertised and beloved streaming service for mass consumption (cue the rabid teenagers) and profit. Notice his blase countenance. Of course, the fraudster is not interested in the heart palpitations of our young pop star. Rather, his eye is on the financial prize at the end of tunnel: Profits accrued from the ads broadcast on his streaming website. The emotionally invested, tech-savvy teenage girls are merely the pawns in this scheme. An equivalent example in the real world is a website or YouTube channel profiting off of the exploitation of celebrity gossip.

Health Care Data at Risk in the IoT Age

Now, reader, I write this not to discourage you from taking advantage of the perks of the IoT or celebrity gossip websites. I love my Apple Watch and Bravo TV dish as much as the next girl. I merely want to remind you to fight to keep your health care data, as well as the data of your customers — health care and otherwise — as safe as possible. After all, the Justin Bobbys, Biebers and Timberlakes of the world are not the only individuals whose personal information cybercriminals covet.

The monetization of health care data has been a significant threat since as early as 2015. We are all endangered by such exploitation because pieces of anyone’s information can be sold for a handsome profit on the Dark Web. According to Forbes, “The information that hospitals maintain is typically not the sort that can generate newspaper headlines or lead to profitable insider trading. Yet, whether due to a desire on the part of hackers to steal information such as Social Security numbers or Medicare provider credentials, or to extort a ransom by locking health care providers out of critical patient information, the threat is still very real.”

Ransomware is one of the most disturbing manifestations of these types cyberattacks, and as you know, the list of such incidents within the past few years is long. Sadly, according to Fortune, “Outdated medical systems are woefully unprepared to deal with a new class of criminals willing to hold patients’ medical data, credit card numbers and other personal information hostage barring a big payout.”

Cybercriminals look for information that ranges from commonplace to extremely sensitive, such as names, birth dates, policy numbers, diagnosis codes and billing information. “Fraudsters use this data to create fake IDs to buy medical equipment or drugs that can be resold, or they combine a patient number with a false provider number and file made-up claims with insurers,” Reuters reported. They also “sell medical identities to uninsured or underinsured individuals, peddle pharmaceuticals online, obtain and resell expensive medical equipment, or simply file insurance claims by matching up stolen patient and provider identities,” according to Third Certainty.

Schemes go beyond ransomware and the Dark Web marketplace. According to Healthcare IT News, “Medical identity fraud either takes the form of fraudulent billing by unethical providers or misuse of another person’s medical records to obtain care. This kind of fraud may not be discovered for months or years, making stolen medical identities among the most valuable.”

Protecting Personal Information

IBM is working hard to combat ransomware attacks and identity theft with innovative security solutions that protect sensitive personal information itself, as well as the way that such information is accessed.

So, go ahead and reach your step goal. But also tell Siri or Alexa to show you what IBM is developing to counteract data breaches. Additionally, check out the IBM Identity and Access Management portfolio, which takes a multipronged approach to tackling information security by ensuring that the right people have the access and permissions they need while also working to prevent prying, malicious and/or oblivious eyes from accessing data they don’t.

Download the 2017 Gartner Magic Quadrant for Identity and Access Management