February 2017 - E-Health | DDoS

Who Wants to Get Hold of Your Health Data?

Maik Morgenstern from AV-Test talks about fitness trackers, smart hospitals, who wants your private health data, and why.

Who wants to get hold of your health data

Source: Adobe Stock | boscorelli

Maik Morgenstern, CTO, AV-Test

Maik Morgenstern, CTO, AV-Test

What would you pay to protect your personal information? Is some information more valuable to you than others? When asked in a 2014 study, respondents gave an approximate amount of what they would be prepared to pay to protect certain types of personal data. Indian respondents replied that protecting their credit card information was worth around $22, Chinese respondents said protecting their digital communication was worth just $4.50. In the United States, people said they would pay over a hundred dollars to protect their government identification data. And whereas Britons would pay an average of $60 to protect their health history data, Germans are prepared to pay three times as much, so over $180. 

How much would you be prepared to pay to protect historical and current data on your health? How at risk is that data? How much would someone else be willing to pay to access your health data? Why should you even be worried about it falling into the wrong hands?

To answer some of these questions, dotmagazine spoke to Maik Morgenstern, the CTO of AV-Test, an independent IT security institute which evaluates and rates antivirus and security suite software.

Listen to the around 13-minute interview above, download it for later, or jump to the individual questions here:

  1. AV-Test were involved in the recent ENISA study on security and resilience for smart health services and infrastructures in smart hospitals. How exactly did AV-Test contribute to this study?

  2. Is it conscionable for hospitals to introduce more and more smart and Internet of Things elements when the security infrastructure available to them is not yet mature enough to protect patient data? 

  3. How much is a patient record or a set of personal health data worth on the black market today?

  4. The mining of health data has huge positive potential, but what are the potential abuse scenarios for health data falling into the wrong hands? 

  5. A denial of service, or DDoS attack, could take a hospital’s IT infrastructure offline, which could potentially totally disrupt a patient care process. What could that scenario look like, and how paralyzed would a smart hospital be?

  6. Germans are said to give IT Security and data protection a higher priority than other nationalities. Do you notice any significant differences internationally when it comes to data protection?

  7. In recent months, botnets have been used to carried out major DDoS attacks – the Mirai botnet was central to one of the biggest attacks we’ve seen so far. The source code for the Mirai malware has been published openly and a new command and control center can be set up at any time. Hundreds and thousands of IoT devices are still infected and could be used again in future DDoS attacks. How can the Mirai botnet be wiped out? Won’t it just keep coming back? 

  8. Let’s have a look at an IoT dystopia. Are botnets like Mirai, which are continually growing and cannot yet be eradicated, the potential seeds for malicious intelligent networks like Skynet in the Terminator films?

Please note: The opinions expressed in Industry Insights published by dotmagazine are the author's own and do not reflect the view of the publisher, eco – Association of the Internet Industry.