The Internet of Things (IoT) is expected to bring nearly fifty billion new devices online by 2020. This sounds great, until you read that an estimated 70% of IoT devices are hackable.

That cute Google Nest in your kitchen? Your car’s brake system? Your implanted insulin pump? Yeah, they’re all hackable.

Welcome to “the internet of things to be hacked,” as Marc Goodman likes calling it.

Goodman, Singularity University’s faculty chair for Policy, Law, and Ethics, gave an eye-opening keynote at the Exponential Medicine conference this week on security and privacy threats in healthcare, and what we can all do about them.

Goodman has a long history in law enforcement, including previously working as an LAPD officer, serving as Futurist in Residence at the FBI, and working in over 70 countries with Interpol, the US Secret Service, and many police departments. Last year Goodman wrote Future Crimes, which became both a Wall Street Journal and New York Times bestseller.

Goodman’s main point and call-to-action: there’s a flip side to the incredible technology breakthroughs that are revolutionizing healthcare and medicine.

Many of the breakthroughs that are rapidly digitizing medicine are also making medical data, devices, and hospitals vulnerable to massive cybercrime and security breaches.

Goodman asked the room, “Who here likes big data and analytics?” Everyone raised their hands. To which he responded, “Criminals love big data and analytics too.”

Today in healthcare, there are a few key security threats that patients, practitioners, and hospitals all need to be aware of so they can take measures to prevent them.

For any time spent working toward bringing more of healthcare online, there must be equal time spent keeping it secure. This is especially true with medical records and patient information, which are both huge targets for hackers and cybercrime in healthcare.

Why do hackers go after medical records?

According to Goodman, a medical record is worth ten times more than a credit card number on the black market. If you think about all of the valuable information contained in an individual medical record—a social security number, full history of doctor visits, prescribed medicine, lab results, health insurance policy number—it makes a lot of sense.

Ransomware, software that encrypts data and holds it hostage until a payment is made, is wreaking havoc on hospitals. In February, the medical records system at LA’s Hollywood Presbyterian Hospital was nearly shut down for 10 days due to a ransomware attack.

In 2015, nearly 113 million health records were leaked. As the volume of medical data increases, the volume of compromised medical records and patient data will likely skyrocket too.

But it isn’t just about records. Medical devices are vulnerable too.

In 2012, MIT Technology Review published an article titled Computer Viruses Are “Rampant” on Medical Devices in Hospitals, which detailed malware infections in hospital equipment like X-ray machines and patient monitors. Six years later, with more medical devices being implanted inside of us, this threat should be top of mind to all.

If you’re wondering how to protect yourself or your company, there’s hope. We don’t have to be apathetic towards cybercrime or simply wait around hoping not to become victims too.

Goodman reminds us there are actually a lot of steps we can take individually and collectively. For example, if you haven’t updated your software recently, update it. It turns out, 76% of malware that’s two years old still works, so update your software to keep it secure.

There are also powerful platforms, such as hackerone and Bugcrowd, that tech giants like Facebook, Google, and Reddit use to crowdsource their security, and you can use these as well.

How do these “bug bounty programs” work? Companies send their code out to hackers and web developers, who then try to hack it and find potential weak spots and bugs. In return, they receive compensation, and you save yourself from a potential security breach.

Goodman says “95% of all data breaches are due to human error.” Training and educating yourself, your family, and employees can be one of the most powerful steps to counteracting cybersecurity attacks.

Healthcare is shifting from reactive to preventative — this should also be the way we prevent cybercrime before it hits.


Want to keep up with coverage from Exponential Medicine? Get the latest insights here.

Image source: Shutterstock

Alison tells the stories of purpose-driven leaders and is fascinated by various intersections of technology and society. When not keeping a finger on the pulse of all things Singularity University, you'll likely find Alison in the woods sipping coffee and reading philosophy (new book recommendations are welcome).