Example:
Security’s Blind Spot
Select the Start button to begin
Start
Select the Listen button to play the narration for this slide
Navigation
Listen
buttons
Use the following buttons to navigate through the course content
Listen
Play the audio for the current page
hOME
nEXT
PREVIOUS
Return to the previous page
Return to the course home page
Move to the next page
home
next
previous
Select the Listen button to play the narration for this slide
Listen
Hi, I’m Jason, and I want to walk you through a case that made an entire team rethink what “cybersecurity” means—because the incident didn’t start on a laptop. It started with a “helpful” device that was supposed to keep people safe.
home
next
previous
Select the Listen button to play the narration for this slide.
Listen
Part I – The Situation
You work for a regional hospital network that’s modernizing. They’re investing in smart devices to improve care quality and reduce staff workload. The hospital has IoT everywhere: smart temperature sensors in medication storage, connected infusion pumps, patient monitoring wearables, smart badge access, even “smart beds” that track movement to prevent falls. Leadership loves the story: technology makes care safer, faster, and more personalized.
To support patient safety, the hospital rolls out a new remote monitoring program for certain patients after being discharged. Patients receive a wearable device that tracks heart rate, sleep patterns, and oxygen levels. It’s connected to an app. Data flows to a dashboard reviewed by care teams. In theory, it’s great: early detection prevents emergencies, and patients feel supported at home.
home
next
previous
Select the Listen button to play the narration for this slide.
Listen
The Situation
A few months into the program, a nurse notices something odd.
A patient calls and says:
“My device keeps buzzing at night. It tells me my oxygen is low, but I feel fine. And then I get a message saying I should call the clinic immediately.” The nurse checks the dashboard. The data looks strange—sharp spikes and drops that don’t match the patient’s prior pattern. Then another patient calls. Same story. Then three more.
At first, the team suspects a device defect. Maybe a batch issue. Maybe a firmware bug. The vendor says they’re looking into it.
But then the incident becomes serious.
home
next
previous
Select the Listen button to play the narration for this slide.
Listen
The Situation
One patient shows up in the emergency department panicked because their wearable told them they were at risk. Their vital signs are normal. The device data, however, looks alarming.
Staff are now spending time calming patients, repeating tests, and answering urgent calls. It creates noise and stress across the system. And the big fear becomes: what if the device fails the other way—what if it misses a real emergency?
Now you’re in an IoB ethics moment:
- Trust in medical monitoring is being damaged.
- Patients’ anxiety is rising.
- Care teams are overloaded.
- Data quality is questionable.
- And the system depends on this technology.
home
next
previous
Select the Listen button to play the narration for this slide.
Listen
The Situation
Then cybersecurity enters the conversation. A security analyst asks: “Is it possible someone is manipulating the data stream?”
The room gets quiet because that idea feels almost impossible—until you remember: these are connected devices. They communicate. They update. They use apps, Bluetooth, Wi-Fi, and cloud APIs. And if they’re connected, they can be exploited.
home
next
previous
Listen
Select the Listen button to play the narration for this slide.
Part II – The Shift
The hospital launches a coordinated investigation, and you help shape it using the exact Week 5 thinking: sensors, data flow, trust, and consequences. First, you map the system:
- Device sensors collect readings.
- Readings go through the phone app.
- The phone app transmits to the vendor cloud.
- The cloud pushes to the hospital dashboard.
- Clinicians act on the dashboard outputs.
That map reveals something important: the hospital doesn’t control the full pipeline. A vendor cloud sits in the middle.
home
next
previous
Select the Listen button to play the narration for this slide.
Listen
Investigation
Next, you look for patterns:
- Are certain device models affected?
- Are cases clustered geographically?
- Do anomalies occur at similar times?
- Is the app version the same across affected patients?
You discover a strong clue: most affected patients use the same older phone OS version and have their Bluetooth settings in a permissive mode. Some also have a generic default password for their device app login—because the onboarding process was rushed, and the “quick start” guide made it easy.
home
next
previous
Select the Listen button to play the narration for this slide.
Listen
Investigation
Now you have risk factors:
- Weak authentication
- Older devices
- Permissive connectivity
- Rushed onboarding
- And a pipeline that includes third-party cloud
Security runs a deeper review and finds evidence that a malicious actor is exploiting a known weakness in the pairing process for the wearable model. The attacker can spoof device signals nearby or inject false data through a compromised Bluetooth connection—especially when pairing settings are loose. This is not “Hollywood hacking.” It’s an exploit of weak defaults and outdated patching.
home
next
previous
Listen
Select the Listen button to play the narration for this slide.
Response
Now comes the ethical side: what do you do immediately? You need to protect patients from harm and anxiety, but you can’t create panic.
So you take a multi-layer response:
Immediate safety actions
- Temporarily pause alerts for the affected devices unless confirmed by a second signal (a “two-signal” rule).
- Require a nurse review before patients receive urgent “call now” messages.
- Provide calm, clear patient communication: “We’re seeing technical anomalies and are updating the system; if you feel unwell, follow standard care instructions.”
home
next
previous
Select the Listen button to play the narration for this slide.
Listen
Response
Containment and technical actions
- Push a required firmware update.
- Force secure re-pairing with stronger authentication.
- Disable permissive Bluetooth pairing modes.
- Require stronger app credentials and default password resets.
- Work with the vendor to review API security and logging.
Governance actions
- Review contracts: security obligations, update timelines, incident response responsibilities.
- Implement an IoT/IoB onboarding standard: default credential changes, update checks, privacy consent clarity, and user education.
And you do something that matters ethically: you address consent and trust.You recognize patients didn’t sign up to become cybersecurity endpoints. They signed up to be cared for. So you design communication and protections that don’t offload the burden onto them.
home
next
previous
Select the Listen button to play the narration for this slide.
Listen
Part III – Results
Within two weeks, false alerts drop dramatically. Patients stop receiving alarming messages at night. Care teams regain confidence in the dashboard. But the program changes permanently in three ways:
- Security becomes part of clinical safety The hospital treats device security as patient safety, not “IT overhead.”
- Procurement becomes more rigorousNew device purchases require security requirements: update support, logging, authentication, encryption, and incident response commitments.
- Patient onboarding becomes ethical and realisticPatients get simple instructions: how to update, how to report issues, what the data is used for, and what the system can and cannot guarantee. Consent is clarified in plain language.
The hospital still uses remote monitoring, but now it’s designed with trust and security built in.
home
next
previous
Listen
Select the Listen button to play the narration for this slide.
Part IV – Takeaway
Here’s your Week 5 takeaway: IoT and IoB expand cybersecurity into everyday life—and sometimes into the body.
The risks aren’t just data leaks. They include manipulation, loss of trust, anxiety, and even physical harm. The best defense is mapping the system, securing data flow, strengthening defaults, and treating security as a core requirement of safety and ethics.
home
next
previous
Select the Listen button to play the narration for this slide
Listen
Congratulations!
You've successfully completed the example
home
previous
W5_LSTD517_Example
Griky Kontent
Created on February 3, 2026
Start designing with a free template
Discover more than 1500 professional designs like these:
View
Wall and Neon Infographic
View
Movies List
View
Hand-Drawn Infographic
View
Food Infographic
View
Neighborhood List
View
Volcano list
View
Pc mockup infographic
Explore all templates
Transcript
Example:
Security’s Blind Spot
Select the Start button to begin
Start
Select the Listen button to play the narration for this slide
Navigation
Listen
buttons
Use the following buttons to navigate through the course content
Listen
Play the audio for the current page
hOME
nEXT
PREVIOUS
Return to the previous page
Return to the course home page
Move to the next page
home
next
previous
Select the Listen button to play the narration for this slide
Listen
Hi, I’m Jason, and I want to walk you through a case that made an entire team rethink what “cybersecurity” means—because the incident didn’t start on a laptop. It started with a “helpful” device that was supposed to keep people safe.
home
next
previous
Select the Listen button to play the narration for this slide.
Listen
Part I – The Situation
You work for a regional hospital network that’s modernizing. They’re investing in smart devices to improve care quality and reduce staff workload. The hospital has IoT everywhere: smart temperature sensors in medication storage, connected infusion pumps, patient monitoring wearables, smart badge access, even “smart beds” that track movement to prevent falls. Leadership loves the story: technology makes care safer, faster, and more personalized.
To support patient safety, the hospital rolls out a new remote monitoring program for certain patients after being discharged. Patients receive a wearable device that tracks heart rate, sleep patterns, and oxygen levels. It’s connected to an app. Data flows to a dashboard reviewed by care teams. In theory, it’s great: early detection prevents emergencies, and patients feel supported at home.
home
next
previous
Select the Listen button to play the narration for this slide.
Listen
The Situation
A few months into the program, a nurse notices something odd.
A patient calls and says: “My device keeps buzzing at night. It tells me my oxygen is low, but I feel fine. And then I get a message saying I should call the clinic immediately.” The nurse checks the dashboard. The data looks strange—sharp spikes and drops that don’t match the patient’s prior pattern. Then another patient calls. Same story. Then three more.
At first, the team suspects a device defect. Maybe a batch issue. Maybe a firmware bug. The vendor says they’re looking into it. But then the incident becomes serious.
home
next
previous
Select the Listen button to play the narration for this slide.
Listen
The Situation
One patient shows up in the emergency department panicked because their wearable told them they were at risk. Their vital signs are normal. The device data, however, looks alarming.
Staff are now spending time calming patients, repeating tests, and answering urgent calls. It creates noise and stress across the system. And the big fear becomes: what if the device fails the other way—what if it misses a real emergency?
Now you’re in an IoB ethics moment:
home
next
previous
Select the Listen button to play the narration for this slide.
Listen
The Situation
Then cybersecurity enters the conversation. A security analyst asks: “Is it possible someone is manipulating the data stream?”
The room gets quiet because that idea feels almost impossible—until you remember: these are connected devices. They communicate. They update. They use apps, Bluetooth, Wi-Fi, and cloud APIs. And if they’re connected, they can be exploited.
home
next
previous
Listen
Select the Listen button to play the narration for this slide.
Part II – The Shift
The hospital launches a coordinated investigation, and you help shape it using the exact Week 5 thinking: sensors, data flow, trust, and consequences. First, you map the system:
That map reveals something important: the hospital doesn’t control the full pipeline. A vendor cloud sits in the middle.
home
next
previous
Select the Listen button to play the narration for this slide.
Listen
Investigation
Next, you look for patterns:
You discover a strong clue: most affected patients use the same older phone OS version and have their Bluetooth settings in a permissive mode. Some also have a generic default password for their device app login—because the onboarding process was rushed, and the “quick start” guide made it easy.
home
next
previous
Select the Listen button to play the narration for this slide.
Listen
Investigation
Now you have risk factors:
Security runs a deeper review and finds evidence that a malicious actor is exploiting a known weakness in the pairing process for the wearable model. The attacker can spoof device signals nearby or inject false data through a compromised Bluetooth connection—especially when pairing settings are loose. This is not “Hollywood hacking.” It’s an exploit of weak defaults and outdated patching.
home
next
previous
Listen
Select the Listen button to play the narration for this slide.
Response
Now comes the ethical side: what do you do immediately? You need to protect patients from harm and anxiety, but you can’t create panic. So you take a multi-layer response:
Immediate safety actions
home
next
previous
Select the Listen button to play the narration for this slide.
Listen
Response
Containment and technical actions
Governance actions
And you do something that matters ethically: you address consent and trust.You recognize patients didn’t sign up to become cybersecurity endpoints. They signed up to be cared for. So you design communication and protections that don’t offload the burden onto them.
home
next
previous
Select the Listen button to play the narration for this slide.
Listen
Part III – Results
Within two weeks, false alerts drop dramatically. Patients stop receiving alarming messages at night. Care teams regain confidence in the dashboard. But the program changes permanently in three ways:
The hospital still uses remote monitoring, but now it’s designed with trust and security built in.
home
next
previous
Listen
Select the Listen button to play the narration for this slide.
Part IV – Takeaway
Here’s your Week 5 takeaway: IoT and IoB expand cybersecurity into everyday life—and sometimes into the body.
The risks aren’t just data leaks. They include manipulation, loss of trust, anxiety, and even physical harm. The best defense is mapping the system, securing data flow, strengthening defaults, and treating security as a core requirement of safety and ethics.
home
next
previous
Select the Listen button to play the narration for this slide
Listen
Congratulations!
You've successfully completed the example
home
previous