×

Why hackers want your health-care data

Perhaps you've heard of the "Internet of Things" – the imminent, pervasive maze of data networks fed by billions of "smart" devices. One particular category of IoT devices poses unique security challenges because it is literally close to our hearts: wearable and other health-care technologies linked to the Internet.

There's a new moniker for devices that collect and transmit such personal data — the "Internet of People." Biometric sensors, small machines that monitor body chemistry or drug reactions, identification technologies using bio factors all fall into the IoP category.


Source: Fitbit

Protecting that data is a priority for us in the security business. Think of what happens when millions of people's health information gets on networks and into data centers, home and work computers, smart watches, and other wearables now being designed. The data security industry began to address some of these issues at the huge RSA Conference in San Francisco in April, and with the massive data breaches at Anthem, Premera Blue Cross and LifeWise still fresh in everyone's minds, there's no better time to focus on medical data security.

Cyber criminals prize medical files because the information tends to stay fresh and usable longer than credit card or checking-account numbers. When bad guys buy and sell swiped health-care data, the going rate is 10 to 20 times the price of a stolen MasterCard account, according to Dell Secure Works. In unauthorized hands, a patient file with a Social Security number, address and family history, and a confidential medical history can enable insurance fraud and other swindles, even blackmail. That's why such a file brings up to a princely $20 on the black market.

Read MoreIRS breach: What victims should do now

Nearly half of U.S. health-care providers – 48 percent – already link their IT systems to consumer devices via public networks, according to accounting firm PriceWaterhouseCoopers. When you log onto a secure data portal to view test results or seek a private physician consult, you're part of the trend. It's just the beginning. On the horizon: data from wristbands or insulin pumps being sent back to doctors automatically; networked heart monitors that allow patients to recuperate at home while medical providers keep tabs remotely; even biochips in pill form you'll swallow to see how your body tolerates medications.

The IoP revolution can lead to higher quality of life – especially if it helps seniors remain independent longer – and new efficiencies. The healthcare industry anticipates saving an estimated $63 billion globally deploying an IoP strategy, according to a 2012 report from General Electric.

But protection must keep pace with breakneck innovation. While more than 60 percent of health-care companies say they already have some security measures in place to protect patients' data, according to PriceWaterhouseCoopers, the "Internet of People" needs a better, more secure mousetrap.

Read More Jawbone sues Fitbit over data 'plundering' NYT

Security-industry players large and small must do a better job collaborating – leveraging our collective knowledge of threats to health-care systems. For the Internet of People to deliver on its potential to transform health care, security leaders must account for the increasing "connectedness" of people, devices, and sensitive, high-value data. And beyond information sharing, it's absolutely necessary that we build security into IoP systems so we can better protect, detect and correct attacks. Patchwork security solutions won't work as well as "security by design" integrated at the genesis of a new technology. Manufacturers must work with the security industry and regulators at the very beginning, through all stages of innovation, to delivery.

‎Health-care consumers have a role here, too. The more they query providers about how they're securing private information, the more attention they'll pay. They need not be tech experts to speak up, any more than they have to be registered dieticians to ask about the calories in a restaurant entrée. It's simply good practice to take a healthy interest in security and privacy, and with the IoP wave breaking, it's certainly time. So, next time you're in a paper gown in an exam room, when the provider asks if your insurance is up to date, turn the tables. Ask the same question about their digital security.

Christopher Young is general manager of the Intel Security Group at Intel Corp. Follow him on Twitter @youngdchris.