The Internet of Things: Enabling Innovation and Exploitation

Stop checking whether or not you’ve achieved your step goal. Right now.

The widespread use of bring-your-own-device (BYOD) strategies and the shift towards interoperability within the Internet of Things (IoT) — the interconnection of computing devices embedded in everyday objects such as watches, refrigerators and cars via the internet — has laid ground for a lot of innovation, especially when it comes to monitoring health care data. Think fitness watches and trackers such as the Apple Watch and Fitbit. You’re probably wearing one of those right now, aren’t you?

The Internet of Things is fraught with risk. In the scenario presented in the comic below, our young, well-groomed protagonist, Justin Bobby, was merely attempting to log his heightened heart rate in a convenient online health journal with the help of Kimani, our version of Alexa.

Unfortunately, due to a lack of security, the surly cybercriminal in our comic intercepted this supposedly private data and posted it on his well-advertised and beloved streaming service for mass consumption (cue the rabid teenagers) and profit. Notice his blase countenance. Of course, the fraudster is not interested in the heart palpitations of our young pop star. Rather, his eye is on the financial prize at the end of tunnel: Profits accrued from the ads broadcast on his streaming website. The emotionally invested, tech-savvy teenage girls are merely the pawns in this scheme. An equivalent example in the real world is a website or YouTube channel profiting off of the exploitation of celebrity gossip.

Health Care Data at Risk in the IoT Age

Now, reader, I write this not to discourage you from taking advantage of the perks of the IoT or celebrity gossip websites. I love my Apple Watch and Bravo TV dish as much as the next girl. I merely want to remind you to fight to keep your health care data, as well as the data of your customers — health care and otherwise — as safe as possible. After all, the Justin Bobbys, Biebers and Timberlakes of the world are not the only individuals whose personal information cybercriminals covet.

The monetization of health care data has been a significant threat since as early as 2015. We are all endangered by such exploitation because pieces of anyone’s information can be sold for a handsome profit on the Dark Web. According to Forbes, “The information that hospitals maintain is typically not the sort that can generate newspaper headlines or lead to profitable insider trading. Yet, whether due to a desire on the part of hackers to steal information such as Social Security numbers or Medicare provider credentials, or to extort a ransom by locking health care providers out of critical patient information, the threat is still very real.”

Ransomware is one of the most disturbing manifestations of these types cyberattacks, and as you know, the list of such incidents within the past few years is long. Sadly, according to Fortune, “Outdated medical systems are woefully unprepared to deal with a new class of criminals willing to hold patients’ medical data, credit card numbers and other personal information hostage barring a big payout.”

Cybercriminals look for information that ranges from commonplace to extremely sensitive, such as names, birth dates, policy numbers, diagnosis codes and billing information. “Fraudsters use this data to create fake IDs to buy medical equipment or drugs that can be resold, or they combine a patient number with a false provider number and file made-up claims with insurers,” Reuters reported. They also “sell medical identities to uninsured or underinsured individuals, peddle pharmaceuticals online, obtain and resell expensive medical equipment, or simply file insurance claims by matching up stolen patient and provider identities,” according to Third Certainty.

Schemes go beyond ransomware and the Dark Web marketplace. According to Healthcare IT News, “Medical identity fraud either takes the form of fraudulent billing by unethical providers or misuse of another person’s medical records to obtain care. This kind of fraud may not be discovered for months or years, making stolen medical identities among the most valuable.”

Protecting Personal Information

IBM is working hard to combat ransomware attacks and identity theft with innovative security solutions that protect sensitive personal information itself, as well as the way that such information is accessed.

So, go ahead and reach your step goal. But also tell Siri or Alexa to show you what IBM is developing to counteract data breaches. Additionally, check out the IBM Identity and Access Management portfolio, which takes a multipronged approach to tackling information security by ensuring that the right people have the access and permissions they need while also working to prevent prying, malicious and/or oblivious eyes from accessing data they don’t.

Download the 2017 Gartner Magic Quadrant for Identity and Access Management

More from Data Protection

The Importance of Modern-Day Data Security Platforms

Data is the backbone of businesses and companies everywhere. Data can range from intellectual property to critical business plans to personal health information or even money itself. At the end of the day, businesses are looking to grow revenue, innovate, and operationalize but to do that, they must ensure that they leverage their data first because of how important and valuable it is to their organization. No matter the industry, the need to protect sensitive and personal data should be…

Meeting Today’s Complex Data Privacy Challenges

Pop quiz: Who is responsible for compliance and data privacy in an organization? Is it a) the security department, b) the IT department, c) the legal department, d) the compliance group or e) all of the above? If you answered "all of the above," you are well-versed in the complex world of compliance and data privacy! While compliance is a complex topic, the patchwork of regulations imposed by countries, regions, states and industries further compounds it. This complexity has turned…

The Digital World is Changing Fast: Data Discovery Can Help

The rise in digital technology is creating opportunities for individuals and organizations to achieve unprecedented success. It’s also creating new challenges, particularly in protecting sensitive personal and financial information. Personally identifiable information (PII) is trivial to manage. It’s often spread across multiple locations and formats and can be challenging to find and classify. Organizations need a modern data discovery and classification solution to identify sensitive data across physical, virtual and public clouds. The Current State of Sensitive Data Discovery and…

Backdoor Deployment and Ransomware: Top Threats Identified in X-Force Threat Intelligence Index 2023

Deployment of backdoors was the number one action on objective taken by threat actors last year, according to the 2023 IBM Security X-Force Threat Intelligence Index — a comprehensive analysis of our research data collected throughout the year. Backdoor access is now among the hottest commodities on the dark web and can sell for thousands of dollars, compared to credit card data — which can go for as low as $10. On the dark web — a veritable eBay for…