The Internet of Things: Enabling Innovation and Exploitation

Stop checking whether or not you’ve achieved your step goal. Right now.

The widespread use of bring-your-own-device (BYOD) strategies and the shift towards interoperability within the Internet of Things (IoT) — the interconnection of computing devices embedded in everyday objects such as watches, refrigerators and cars via the internet — has laid ground for a lot of innovation, especially when it comes to monitoring health care data. Think fitness watches and trackers such as the Apple Watch and Fitbit. You’re probably wearing one of those right now, aren’t you?

The Internet of Things is fraught with risk. In the scenario presented in the comic below, our young, well-groomed protagonist, Justin Bobby, was merely attempting to log his heightened heart rate in a convenient online health journal with the help of Kimani, our version of Alexa.

Unfortunately, due to a lack of security, the surly cybercriminal in our comic intercepted this supposedly private data and posted it on his well-advertised and beloved streaming service for mass consumption (cue the rabid teenagers) and profit. Notice his blase countenance. Of course, the fraudster is not interested in the heart palpitations of our young pop star. Rather, his eye is on the financial prize at the end of tunnel: Profits accrued from the ads broadcast on his streaming website. The emotionally invested, tech-savvy teenage girls are merely the pawns in this scheme. An equivalent example in the real world is a website or YouTube channel profiting off of the exploitation of celebrity gossip.

Health Care Data at Risk in the IoT Age

Now, reader, I write this not to discourage you from taking advantage of the perks of the IoT or celebrity gossip websites. I love my Apple Watch and Bravo TV dish as much as the next girl. I merely want to remind you to fight to keep your health care data, as well as the data of your customers — health care and otherwise — as safe as possible. After all, the Justin Bobbys, Biebers and Timberlakes of the world are not the only individuals whose personal information cybercriminals covet.

The monetization of health care data has been a significant threat since as early as 2015. We are all endangered by such exploitation because pieces of anyone’s information can be sold for a handsome profit on the Dark Web. According to Forbes, “The information that hospitals maintain is typically not the sort that can generate newspaper headlines or lead to profitable insider trading. Yet, whether due to a desire on the part of hackers to steal information such as Social Security numbers or Medicare provider credentials, or to extort a ransom by locking health care providers out of critical patient information, the threat is still very real.”

Ransomware is one of the most disturbing manifestations of these types cyberattacks, and as you know, the list of such incidents within the past few years is long. Sadly, according to Fortune, “Outdated medical systems are woefully unprepared to deal with a new class of criminals willing to hold patients’ medical data, credit card numbers and other personal information hostage barring a big payout.”

Cybercriminals look for information that ranges from commonplace to extremely sensitive, such as names, birth dates, policy numbers, diagnosis codes and billing information. “Fraudsters use this data to create fake IDs to buy medical equipment or drugs that can be resold, or they combine a patient number with a false provider number and file made-up claims with insurers,” Reuters reported. They also “sell medical identities to uninsured or underinsured individuals, peddle pharmaceuticals online, obtain and resell expensive medical equipment, or simply file insurance claims by matching up stolen patient and provider identities,” according to Third Certainty.

Schemes go beyond ransomware and the Dark Web marketplace. According to Healthcare IT News, “Medical identity fraud either takes the form of fraudulent billing by unethical providers or misuse of another person’s medical records to obtain care. This kind of fraud may not be discovered for months or years, making stolen medical identities among the most valuable.”

Protecting Personal Information

IBM is working hard to combat ransomware attacks and identity theft with innovative security solutions that protect sensitive personal information itself, as well as the way that such information is accessed.

So, go ahead and reach your step goal. But also tell Siri or Alexa to show you what IBM is developing to counteract data breaches. Additionally, check out the IBM Identity and Access Management portfolio, which takes a multipronged approach to tackling information security by ensuring that the right people have the access and permissions they need while also working to prevent prying, malicious and/or oblivious eyes from accessing data they don’t.

Download the 2017 Gartner Magic Quadrant for Identity and Access Management

More from Healthcare

Why safeguarding sensitive data is so crucial

4 min read - A data breach at virtual medical provider Confidant Health lays bare the vast difference between personally identifiable information (PII) on the one hand and sensitive data on the other.The story began when security researcher Jeremiah Fowler discovered an unsecured database containing 5.3 terabytes of exposed data linked to Confidant Health. The company provides addiction recovery help and mental health treatment in Connecticut, Florida, Texas and other states.The breach, first reported by WIRED, involved PII, such as patient names and addresses,…

Ransomware on the rise: Healthcare industry attack trends 2024

4 min read - According to the IBM Cost of a Data Breach Report 2024, the global average cost of a data breach reached $4.88 million this year, a 10% increase over 2023.For the healthcare industry, the report offers both good and bad news. The good news is that average data breach costs fell by 10.6% this year. The bad news is that for the 14th year in a row, healthcare tops the list with the most expensive breach recoveries, coming in at $9.77…

Cybersecurity risks in healthcare are an ongoing crisis

4 min read - While healthcare providers have been implementing technical, administrative and physical safeguards related to patient information, they have not been as diligent in securing their medical devices. These devices are critical to patient care and can leave hospitals at risk for cyberattacks, causing major disruptions to patient care. In fact, 88 million individuals were affected by large breaches, compromising vast amounts of electronic protected health information (ePHI) last year according to the U.S. Department of Health & Human Services. This year,…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today