In May 2017, hackers made worldwide news by infecting some 230,000 computers with ransomware that disrupted systems from FedEx all the way to NHS hospitals in the UK.
The hackers used a program, WannaCry, that exploited a security hole in Windows machines that locked users, including thousands of NHS nurses and doctors, out of their computers until they paid a ransom -- at least $300 per machine, payable in bitcoin, The Atlantic's Adrienne LaFrance reports.
The attack revealed a number of worrisome truths, including the fact that the NSA had helped build the technology that exploited the vulnerability, and the fact that so many large organizations rely on machines that run unsupported operating systems.
But there's a more fundamental concern here: Why is it so easy to compromise access to patient data in any system? Shouldn't there be stronger protocols in place so that a ransomware attack doesn't endanger someone's life?
This is one of the primary reasons that we believe the future of healthcare data will be built on blockchain technology, providing heightened levels of security, accountability, and transparency that legacy systems cannot.
We'll explore why this is in a moment. First, however, it's important to examine why healthcare data today is uniquely vulnerable.
What Makes Healthcare Systems Such Vulnerable Targets?
Because healthcare systems are often complex organisms with lots of competing priorities, it is not uncommon for them to default to the status quo. As cyberwarfare researcher Conor Deane-McKenna writes, a 2016 report from VICE found that the vast majority of National Health System (NHS) hospitals in England still used Windows XP on at least some of their computers. That's alarming because Windows stopped supporting XP in April 2014, Deane-McKenna says.
This isn't a problem for just the UK. In June, the Health Care Industry Cybersecurity Task Force told Congress "that all aspects of health IT security are in critical condition and that action is needed both by government and the industry to shore up security," Ars Technica's Sean Gallagher reports.
"... [S]ome of the legacy medical devices on hospitals' networks now are unpatchable or unsecurable, and they would have to be completely retired and replaced. The task force recommended government incentives to get rid of these devices, following a 'cash for clunkers' model."
Complicating matters is the fact that healthcare data -- and access to it -- is extremely valuable, which makes it attractive for ransomware attackers.
Blockchains Could Have Prevented a Ransomware Attack
The WannaCry attack, and previous ransomware attacks, take advantage of the fact that users only have one way to access the data they need. Legacy healthcare databases are like towns with just one road going in and out: barricade the road, and you hold the entire town ransom.
Blockchains, on the other hand, are distributed ledgers and not susceptible to such an attack. "A blockchain system could have made such an attack ineffective by essentially having continuous synchronised and secure backups of your personal information," writes Michael Smolenski, a blockchain developer at MotionWerk. "... I believe this could create a better model for securing personal information, preventing large amounts of data being lost or stolen."
Entrepreneur Tom Serres agrees that blockchains are ideal for storing medical records. "This could lead to a greater level of security for health data over existing systems where access is centralized and does not include the patient directly. As there would be numerous copies of the pointers of such encrypted data, it would be extremely difficult for a cyberattack to hold them all to ransom."
Further, distributing patient data on blockchains takes a great deal of responsibility off of a healthcare provider's plate. Instead, that data becomes the responsibility of individual patients, who then have the power to grant access as they choose, PWC researcher Johnathon Marshall writes. "No state agency, private sector organisation, or indeed any malicious hacker, can change the record without being visible to the whole network, including the patient, in real time."
In other words, your ability to receive timely care wouldn't be limited by whether the clinic you go to is using a 15-year-old computer that runs on XP.
Building a More Secure Future With Blockchains
By reshaping the entire architecture of healthcare data at the industry level (or even a global level), we open new doors to innovation. As MIT researchers Andrew Lippman and Ariel Ekblaw, and John D. Halamka, MD, CIO at Beth Israel Deaconess Medical Center, write at the Harvard Business Review, a blockchain "generalizes past medical records" so that no custom programming is necessary for it to work with individual EHR vendors.
That means implementation could scale very quickly.
There are some questions that will need to be answered, first, such as how to grant private-key access to a trusted friend or family member (a blockchain analog to power of attorney) in the event of an emergency in which the patient is incapacitated, explains University of Miami professor Robert Plant [subscription required].
But momentum is on our side. In fact, other countries are already experimenting with blockchain-based health records at the governmental level. This includes Estonia, which in early 2017 hired a local blockchain company to secure the health records of nearly half its citizens, The Medical Futurist writes.
While America has a lot of work to do before we can get half of our citizens' data secured on blockchains, it must be on our road map. PokitDok is doing our part through DokChain, our distributed network of transaction processors that operate on financial and clinical data across the healthcare industry. Our goal is to help bring about a new healthcare economy in which data and services are quantifiable and exchangeable, and where the security and privacy of sensitive information is reinforced by strong guarantees and transaction histories that can be audited longitudinally.
Images by: stevanovicigor/©123RF Stock Photo, sasha85ru/©123RF Stock Photo, leowolfert/©123RF Stock Photo