In an era where technology is deeply integrated into healthcare, the introduction of smart eyewear, such as the Meta-AI Ray-Ban glasses, has sparked significant privacy and security concerns. Garrett Zickgraf, a cybersecurity expert with LBMC, highlighted that these glasses are equipped with microphones and cameras, enabling them to connect to artificial intelligence and potentially compromise patient confidentiality in medical environments.
Zickgraf warned that the glasses could inadvertently record private information without anyone being aware, stating, “At any point, these glasses could be listening, gathering private information and then potentially disclosing that.” The capability to capture patient images and conversations raises alarms, particularly given that protected health information (PHI) could be transmitted without explicit consent. While Meta glasses feature a visible LED indicator that illuminates when in use, there are reports of products designed to obscure this light, which could further facilitate unauthorized recording.
He pointed out the alarming fact that PHI could be recorded silently or even streamed to social platforms, as these glasses maintain a direct connection to Meta’s Facebook and Instagram services. “These are unmanaged devices that are either brought in by the patients themselves or by staff unaware that such technology is present in the hospital,” Zickgraf remarked.
What differentiates smart glasses from traditional smartphones is their inconspicuous design, which makes it challenging for individuals to realize they may be under surveillance. This unique characteristic contributes to an environment where people may not be cognizant of being photographed or recorded, further complicating privacy considerations.
During an interview, Zickgraf elaborated on several critical aspects. He detailed the functionality of smart glasses, discussed potential threats from malicious insiders as well as unintentional breaches involving such devices, and outlined measures that healthcare organizations can implement to mitigate the associated security and privacy risks.
Zickgraf, who leads cybersecurity consulting at LBMC, has over seven years of experience in governance, risk management, and compliance. He specializes in assisting enterprise clients in sectors like healthcare, retail, and manufacturing, navigating complex frameworks such as HIPAA, NIST Cybersecurity Framework, and ISO 27001. His contributions to strategic cybersecurity programs underscore the importance of addressing emerging risks in a rapidly evolving technological landscape.
Given the growing presence of smart devices in sensitive environments, a thorough risk assessment is essential for healthcare organizations. The MITRE ATT&CK framework can help identify the potential adversary tactics used in these scenarios. Relevant tactics may include initial access through unmanaged devices brought in by individuals, persistence via continuous monitoring, and the risk of privilege escalation if unauthorized recordings lead to inappropriate access to sensitive data.
As the lines between technology and personal privacy blur, healthcare organizations must remain vigilant and proactive in establishing robust security protocols to protect patient privacy and comply with regulatory standards, thus minimizing the risks posed by the emerging landscape of smart eyewear.
