When reading the news over the past few days, the following article posted by the Washington Post triggered something in me: ‘Seizure-inducing tweet leads to a new kind of prosecution’. In short, the case is about a journalist named Kurt Eichenwald, who suffers from epilepsy and received a Tweet late last year containing a flashing image. The journalist claimed to have suffered from a seizure due to the tweet. The actor’s motive for sending the Tweet containing the animated strobe image was revenge for a critical piece the journalist wrote on President Trump. He probably never thought of the possibility of being convicted for “aggressive assault with a deadly weapon”.
Normally, someone’s medical condition is not publicly available unless you openly discuss it on social media. But, I have to wonder, was this a one-of-a-kind situation or is this something we need to start becoming more aware of?
Last year, we reported several occasions of ransomware attacks targeting the healthcare sector, a sector that was formerly a no-go for most cybercriminals. Besides ransomware, 2016 was also the year where databases with patient-records and PII were being offered on the underground markets (see our report)
What if someone buys a database from a hospital, selects all epileptic patients, combines it with other leaked data around social accounts, and sends an ‘extortion note’ to the hospital? I bet that gave you the same chills as it did me.
Past research by Barnaby Jack has demonstrated vulnerabilities in insulin pumps, and he was looking into pacemakers right before he passed away. What if vulnerabilities in these devices are matched up with leaked patient records?
I have no intention to scare you, but do want to create awareness around the possible scenarios that could develop if we are not paying attention. We need to work better together, discuss the risks, and unite to help. That way, we can truly protect and defend the vulnerable people in our society.