Light Dark
July 11, 2017 By Kat Speer 3 min read
Healthcare
Data Protection
Identity & Access

The Internet of Things: Enabling Innovation and Exploitation

Stop checking whether or not you’ve achieved your step goal. Right now.

The widespread use of bring-your-own-device (BYOD) strategies and the shift towards interoperability within the Internet of Things (IoT) — the interconnection of computing devices embedded in everyday objects such as watches, refrigerators and cars via the internet — has laid ground for a lot of innovation, especially when it comes to monitoring health care data. Think fitness watches and trackers such as the Apple Watch and Fitbit. You’re probably wearing one of those right now, aren’t you?

The Internet of Things is fraught with risk. In the scenario presented in the comic below, our young, well-groomed protagonist, Justin Bobby, was merely attempting to log his heightened heart rate in a convenient online health journal with the help of Kimani, our version of Alexa.

Unfortunately, due to a lack of security, the surly cybercriminal in our comic intercepted this supposedly private data and posted it on his well-advertised and beloved streaming service for mass consumption (cue the rabid teenagers) and profit. Notice his blase countenance. Of course, the fraudster is not interested in the heart palpitations of our young pop star. Rather, his eye is on the financial prize at the end of tunnel: Profits accrued from the ads broadcast on his streaming website. The emotionally invested, tech-savvy teenage girls are merely the pawns in this scheme. An equivalent example in the real world is a website or YouTube channel profiting off of the exploitation of celebrity gossip.

Health Care Data at Risk in the IoT Age

Now, reader, I write this not to discourage you from taking advantage of the perks of the IoT or celebrity gossip websites. I love my Apple Watch and Bravo TV dish as much as the next girl. I merely want to remind you to fight to keep your health care data, as well as the data of your customers — health care and otherwise — as safe as possible. After all, the Justin Bobbys, Biebers and Timberlakes of the world are not the only individuals whose personal information cybercriminals covet.

The monetization of health care data has been a significant threat since as early as 2015. We are all endangered by such exploitation because pieces of anyone’s information can be sold for a handsome profit on the Dark Web. According to Forbes, “The information that hospitals maintain is typically not the sort that can generate newspaper headlines or lead to profitable insider trading. Yet, whether due to a desire on the part of hackers to steal information such as Social Security numbers or Medicare provider credentials, or to extort a ransom by locking health care providers out of critical patient information, the threat is still very real.”

Ransomware is one of the most disturbing manifestations of these types cyberattacks, and as you know, the list of such incidents within the past few years is long. Sadly, according to Fortune, “Outdated medical systems are woefully unprepared to deal with a new class of criminals willing to hold patients’ medical data, credit card numbers and other personal information hostage barring a big payout.”

Cybercriminals look for information that ranges from commonplace to extremely sensitive, such as names, birth dates, policy numbers, diagnosis codes and billing information. “Fraudsters use this data to create fake IDs to buy medical equipment or drugs that can be resold, or they combine a patient number with a false provider number and file made-up claims with insurers,” Reuters reported. They also “sell medical identities to uninsured or underinsured individuals, peddle pharmaceuticals online, obtain and resell expensive medical equipment, or simply file insurance claims by matching up stolen patient and provider identities,” according to Third Certainty.

Schemes go beyond ransomware and the Dark Web marketplace. According to Healthcare IT News, “Medical identity fraud either takes the form of fraudulent billing by unethical providers or misuse of another person’s medical records to obtain care. This kind of fraud may not be discovered for months or years, making stolen medical identities among the most valuable.”

Protecting Personal Information

IBM is working hard to combat ransomware attacks and identity theft with innovative security solutions that protect sensitive personal information itself, as well as the way that such information is accessed.

So, go ahead and reach your step goal. But also tell Siri or Alexa to show you what IBM is developing to counteract data breaches. Additionally, check out the IBM Identity and Access Management portfolio, which takes a multipronged approach to tackling information security by ensuring that the right people have the access and permissions they need while also working to prevent prying, malicious and/or oblivious eyes from accessing data they don’t.

Download the 2017 Gartner Magic Quadrant for Identity and Access Management

 |  |  |  |  |  | 
Kat Speer
Information Developer, IBM

More from Healthcare
August 16, 2023

Cost of a data breach 2023: Healthcare industry impacts

3 min read - Data breaches are becoming more costly across all industries, with healthcare in the lead. The 2023 Cost of a Data Breach Report analyzes data collected from March 2022 to March 2023. Healthcare remains a top target for online criminal groups. These data breach costs are the highest of any industry and have increased for the 13th consecutive year. Healthcare is a highly regulated industry that the U.S. government considers critical infrastructure. As such, recent federal privacy standards, security standards and…

June 22, 2023

Cyberattackers target the Latin American health care sector

3 min read - Cyberattacks on the healthcare sector are a growing threat in Latin America, and the large amount of confidential data these organizations handle makes these attacks a top concern. The value of healthcare data in the illegal market, such as the personal, medical and financial information of patients and healthcare companies, creates an appealing target for threat actors. This can have serious consequences for the privacy and information security of these organizations. Cyberattacks could lead to reputational risks, interruption of operations,…

June 1, 2023

Increasingly sophisticated cyberattacks target healthcare

4 min read - It’s rare to see 100% agreement on a survey. But Porter Research found consensus from business leaders across the provider, payer and pharmaceutical/life sciences industries. Every single person agreed that “growing hacker sophistication” is the primary driver behind the increase in ransomware attacks. In response to the findings, the American Hospital Association told Porter Research, “Not only are cyber criminals more organized than they were in the past, but they are often more skilled and sophisticated.” Although not unanimous, the…

November 10, 2022

Reporting healthcare cyber incidents under new CIRCIA rules

4 min read - Numerous high-profile cybersecurity events in recent years, such as the Colonial Pipeline and SolarWinds attacks, spurred the US government to implement new legislation. In response to the growing threat, President Biden signed the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) in March 2022. While the law has passed, many healthcare organizations remain uncertain about how it will directly affect them. If your organization has questions about what steps to take and what the law means for your…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2023 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature