The Internet of Things: Enabling Innovation and Exploitation

Stop checking whether or not you’ve achieved your step goal. Right now.

The widespread use of bring-your-own-device (BYOD) strategies and the shift towards interoperability within the Internet of Things (IoT) — the interconnection of computing devices embedded in everyday objects such as watches, refrigerators and cars via the internet — has laid ground for a lot of innovation, especially when it comes to monitoring health care data. Think fitness watches and trackers such as the Apple Watch and Fitbit. You’re probably wearing one of those right now, aren’t you?

The Internet of Things is fraught with risk. In the scenario presented in the comic below, our young, well-groomed protagonist, Justin Bobby, was merely attempting to log his heightened heart rate in a convenient online health journal with the help of Kimani, our version of Alexa.

Unfortunately, due to a lack of security, the surly cybercriminal in our comic intercepted this supposedly private data and posted it on his well-advertised and beloved streaming service for mass consumption (cue the rabid teenagers) and profit. Notice his blase countenance. Of course, the fraudster is not interested in the heart palpitations of our young pop star. Rather, his eye is on the financial prize at the end of tunnel: Profits accrued from the ads broadcast on his streaming website. The emotionally invested, tech-savvy teenage girls are merely the pawns in this scheme. An equivalent example in the real world is a website or YouTube channel profiting off of the exploitation of celebrity gossip.

Health Care Data at Risk in the IoT Age

Now, reader, I write this not to discourage you from taking advantage of the perks of the IoT or celebrity gossip websites. I love my Apple Watch and Bravo TV dish as much as the next girl. I merely want to remind you to fight to keep your health care data, as well as the data of your customers — health care and otherwise — as safe as possible. After all, the Justin Bobbys, Biebers and Timberlakes of the world are not the only individuals whose personal information cybercriminals covet.

The monetization of health care data has been a significant threat since as early as 2015. We are all endangered by such exploitation because pieces of anyone’s information can be sold for a handsome profit on the Dark Web. According to Forbes, “The information that hospitals maintain is typically not the sort that can generate newspaper headlines or lead to profitable insider trading. Yet, whether due to a desire on the part of hackers to steal information such as Social Security numbers or Medicare provider credentials, or to extort a ransom by locking health care providers out of critical patient information, the threat is still very real.”

Ransomware is one of the most disturbing manifestations of these types cyberattacks, and as you know, the list of such incidents within the past few years is long. Sadly, according to Fortune, “Outdated medical systems are woefully unprepared to deal with a new class of criminals willing to hold patients’ medical data, credit card numbers and other personal information hostage barring a big payout.”

Cybercriminals look for information that ranges from commonplace to extremely sensitive, such as names, birth dates, policy numbers, diagnosis codes and billing information. “Fraudsters use this data to create fake IDs to buy medical equipment or drugs that can be resold, or they combine a patient number with a false provider number and file made-up claims with insurers,” Reuters reported. They also “sell medical identities to uninsured or underinsured individuals, peddle pharmaceuticals online, obtain and resell expensive medical equipment, or simply file insurance claims by matching up stolen patient and provider identities,” according to Third Certainty.

Schemes go beyond ransomware and the Dark Web marketplace. According to Healthcare IT News, “Medical identity fraud either takes the form of fraudulent billing by unethical providers or misuse of another person’s medical records to obtain care. This kind of fraud may not be discovered for months or years, making stolen medical identities among the most valuable.”

Protecting Personal Information

IBM is working hard to combat ransomware attacks and identity theft with innovative security solutions that protect sensitive personal information itself, as well as the way that such information is accessed.

So, go ahead and reach your step goal. But also tell Siri or Alexa to show you what IBM is developing to counteract data breaches. Additionally, check out the IBM Identity and Access Management portfolio, which takes a multipronged approach to tackling information security by ensuring that the right people have the access and permissions they need while also working to prevent prying, malicious and/or oblivious eyes from accessing data they don’t.

Download the 2017 Gartner Magic Quadrant for Identity and Access Management

More from Data Protection

Resilient Companies Have a Disaster Recovery Plan

Historically, disaster recovery (DR) planning focused on protection against unlikely events such as fires, floods and natural disasters. Some companies mistakenly view DR as an insurance policy for which the likelihood of a claim is low. With the current financial and economic pressures, cutting or underfunding DR planning is a tempting prospect for many organizations. That impulse could be costly. Unfortunately, many companies have adopted newer technology delivery models without DR in mind, such as Cloud Infrastructure-as-a-Service (IaaS), Software-as-a-Service (SaaS)…

Millions Lost in Minutes — Mitigating Public-Facing Attacks

In recent years, many high-profile companies have suffered destructive cybersecurity breaches. These public-facing assaults cost organizations millions of dollars in minutes, from stock prices to media partnerships. Fast Company, Rockstar, Uber, Apple and more have all been victims of these costly and embarrassing attacks. The total average cost of a data breach has increased by 2.6% since 2021 and is now $4.35 million. Organizations that don't deploy zero trust security models also incur an average of $1 million more in…

How the Mac OS X Trojan Flashback Changed Cybersecurity

Not so long ago, the Mac was thought to be impervious to viruses. In fact, Apple once stated on its website that "it doesn't get PC viruses". But that was before the Mac OS X Trojan Flashback malware appeared in 2012. Since then, Mac and iPhone security issues have changed dramatically — and so has the security of the entire world. In this post, we'll revisit how the Flashback incident unfolded and how it changed the security landscape forever. What…

How Do Data Breaches Impact Economic Instability?

Geopolitical conflict, inflation, job market pressure, rising debt — we've been hearing about economic headwinds for a while now. Could data breaches have anything to do with this? According to a recent IBM report, the average cost of a data breach has reached an all-time high. Like any other business liability, these costs must be absorbed somehow. Given the rising risk and costs, cyberattacks have undoubtedly evolved into market stressors. The magnitude of the problem might surprise you.  Despite the…