Could Blockchain Put an End to Health Hacks?
In our increasingly digitized world, we have unwittingly volunteered lots of personal information to the cloud including our health data. As the industry continues to move to digital solutions, whether it’s remote tele-health or digital patient records, it is not out of the realm of possibility for a single, or even mass cyber attack to be aimed at stealing or sabotaging our collective healthcare data. This ever increasing stockpile of valuable information is a virtual dream for hackers looking to make a shady buck.
“Chronic underinvestment in cyber security has left many so exposed that they are unable to even detect cyber attacks when they occur,” a recent white paper from The Workgroup for Electronic Data Interchange said. The research paper cited roundtables in 2015 and 2016, which revealed that despite “heavy investment and implementation” of information technology in the healthcare sector, these organizations are “increasingly vulnerable” due to lack of cyber security.
Doctors and nurses are rarely seen using paper these days, often opting for tablets or devices that offer a sea of patient data at their fingertips. Yet patient records stolen en masse are both extremely costly for the breached party and incredibly lucrative for a hacker looking to sell them on the dark web. This information is so valuable in fact, that a set of patient records is now worth far more to a hacker than a stolen credit card.
Willful Neglect
HIPAA, the US Health Insurance Portability and Accountability Act, protects citizens by forcing healthcare organisations and their affiliates with compliance rules and dishes out 4 categories of fines depending on the severity and circumstances of the breach. The most severe, category 4, will cost hacked organisations $50,000 per breach, for “willful neglect…where no attempt has been made to correct the violation”.
“Patients seeking health care trust that their providers will safeguard and protect their health information,” said Office for Civil Rights Director Roger Severino in a recent announcement. “Compliance with the HIPAA Security Rule helps covered entities meet this important obligation to their patient communities.”
Top 5 US healthcare breaches in 2016
Breached | # Affected | Type of Breach |
Banner Health | 3,620,000 | Hacking/IT Incident |
Newkirk Products | 3,466,120 | Hacking/IT Incident |
21st Century Oncology | 2,213,597 | Hacking/IT Incident |
Valley Anesthesiology Consultants | 882,590 | Hacking/IT Incident |
Bon Secours Health System Incorporated | 651,971 | Unauthorized Access/Disclosure |
Source: Department of Health and Human Services’ Office for Civil Rights
So how secure is our data? According to research from the Ponemon Institute, not very. They found hacks cost US care organisations $6 billion in fines each year. The largest breach in the US last year was on Banner Health, which reported a potential 3.6 million individuals were affected, including staff and people who had purchased food and beverages in their premises without receiving any care at all.
“Health systems need to recognise that many patients will suffer personal financial loss from cyber attacks of their medical information,” says Reza Chapman, managing director of cyber security in Accenture’s health practice. “Not only do health organisations need to stay vigilant in safeguarding personal information, they need to build a foundation of digital trust with patients to help weather the storm of a breach.”
In some instances, medical details are leaked through sheer carelessness. An NHS Trust in the UK was fined £200,000 for the mishandling of over 2,900 patient records – some of which were sold by the very company handling the destruction of records. While the records were not sold as records themselves, more than 3 dozen computers were sold via internet auction websites. Four of these computers in total still held private medical records that were not properly removed.
Is Blockchain the Key?
One solution, recently touted by Deloitte, is to incorporate a blockchain ledger framework which the healthcare industry may be able to use for patient records and prescription authentication. It has proven to be an effective security solution in other industries thanks to its baked-in encryption and distributed ‘trust’.
In a Medium post, Edward Bukstel, CEO of Clinical Blockchain writes: “Blockchain incorporates crazy ridiculous security that could take the world’s most powerful supercomputers, working every second of every day, over 10,000 years to crack,. How is this security so strong? Well, imagine multiplying 2 prime numbers so large that if you typed the result of their multiplication onto 8.5 x 11 paper, the stack of paper would be large enough to go to the moon and back and further.”
In order to fake or take a record on the ledger, you must be able to simultaneously alter all ledgers held throughout countless encryption, potentially a different encryption key for each record. By providing those permission layers to specific endpoints, trusted medical professionals, we may be able to bring patient record information hacking to a screeching halt.
