Life-or-death risks: Rising ID theft, deepfakes can cost lives, experts in Dubai warn

Khaleej Times

4 days ago

As artificial intelligence tools become increasingly accessible, cybersecurity experts are sounding the alarm about how AI is now being weaponised to commit identity theft, biometric spoofing, and healthcare fraud — threats that could carry life-threatening consequences.
Speaking at the FutureSec Summit 2025 hosted by Khaleej Times in Dubai on Wednesday, specialists from the healthcare, retail, and government sectors highlighted how deepfakes, spoofed identities, and gaps in digital infrastructure are exposing both companies and individuals to serious risk.
"In the world of digital identity, this isn't just an administrative issue. It has life-or-death consequences," said James Wiles, Chief Information Security Officer for Cigna Healthcare MEA. "If you're misidentifying a patient, whether through identity theft or an error, that could result in the wrong drug being administered or a wrong diagnosis."
Wiles detailed how cybercriminals have increasingly targeted healthcare systems across the Middle East, Africa, and the Americas, leveraging fake identities to submit fraudulent insurance claims.
Stay up to date with the latest news. Follow KT on WhatsApp Channels.
"We've seen cases where stolen identities were used to file multiple false claims, up to $100,000, before the fraud was flagged," he said. "That money is almost impossible to recover. And with AI now enabling video and voice deepfakes, the problem is only escalating, especially in telehealth."
The FutureSec Summit 2025, hosted by Khaleej Times in Dubai, brought together leading voices from government, healthcare, retail, and technology under the theme "Innovation, Resilience, and Ethical Vigilance." The one-day event explored how AI and cybersecurity intersect in a rapidly digitising world, with a sharp focus on identity as the most vulnerable access point in modern digital ecosystems.
Weakest links
The discussion highlighted that identity is now the weakest link in digital ecosystems, particularly in contexts where remote services, such as telehealth or e-commerce, are involved. While large institutions may have the resources to adopt advanced defences, smaller entities, such as clinics or pharmacies, remain vulnerable.
"We are only as strong as the weakest link in our ecosystem," Wiles added. "Our systems may be advanced, but if a clinic can't authenticate patients properly, say, through weak video identification, attackers will exploit that."
To address this, he said, AI and machine learning are now being used not just to attack but also to defend. "We're using AI to track anomalies: IP changes, VPN access, behavioural patterns, even typing styles. But applying these tools across the full chain, from the insurer to the clinic, is the real challenge."
For Dee Deu, Director of Information Security at Chalhoub Group, the stakes lie not just in financial risk but also in consumer trust, especially as identity-based breaches increasingly impact the retail sector.
"Our customers are our brand. When there's a data breach or identity compromise, the damage to trust is massive," she said. "We're seeing a shift in how identity access is being handled and how it impacts every touchpoint with the consumer."
Chalhoub Group, a luxury retailer operating across seven countries, has already conducted internal campaigns to educate staff on the power and threat of deepfakes.
"We've run simulations using deepfakes to train staff and audit our own defences," Deu said. "But beyond technology, the fundamentals remain. If you're not getting basic cybersecurity controls right, AI will just magnify the problem."
She also highlighted the dual responsibility companies now hold, both in using AI for operational efficiency and in ensuring that the very AI being adopted is secure and unbiased.
"We must secure the AI we adopt just as much as we secure against external threats. This isn't just about protecting systems. It's about educating people, internally and externally, so they can recognise evolving risks and respond."
Borders don't exist online
Representing the public sector, Jacob Mathew, Technology and Cybersecurity Leader at a UAE government entity said the Emirates is "ahead of the curve" when it comes to regulation, pointing to federal laws and data protection frameworks already in place.
"We have laws like Federal Decree-Law No. 45 on personal data protection and No. 34 on cybercrimes, which give us a strong foundation," Mathew said. "But deepfakes and AI-fueled identity theft aren't confined by geography. These are global threats, and we need international cooperation, maybe even through the UN, to establish unified standards and responses."
He praised initiatives like the European Union's AI Act, which mandates risk classification and AI content tagging. However, he emphasised that awareness and education are just as critical.