After months of enduring quarantine and maintaining social distancing practices, many have decided that the 2020s will forever be known as a decade defined by disease. However, although the coronavirus has reshaped our interactions and made fashion industries out of masks, there is another, less flashier pandemic that is at risk of continuing long after we get our vaccines. The infections of our technology and the slew of cyberattacks that caused them has always been a problem. Similar to the coronavirus though, if such issues continue to go unaddressed, they will manifest into an even more harmful infection in the future. And we don’t have to look far to see these consequences.
While the coronavirus made it difficult to give our loved ones a hug, our devices enabled us to keep in touch, providing us an opportunity for connection that previous generations of the apocalypse had lacked. Yet with such an entrenchment in the online world comes the growth and exploitation of vulnerabilities that – albeit ever present – had previously not been acknowledged in the public sphere. PurpleSec, a cybersecurity company that provides both offensive and defensive security services, published a 2021 CyberSecurity Trends Report and noted that “cybercrime [is] up 600%” in comparison to previous years. Such a rise was accredited to communities’ inexperience with phishing attacks, as hackers tricked users into clicking on malicious links and downloading viruses from emails posing as the Center for Disease Control (CDC) and the World Health Organization.
But it’s not just our computer’s data that is at risk from such attacks. According to the US Department of Health and Human Services (DHHS), in almost every month of 2020, more than 1 million people were affected by data breaches at healthcare organizations. This was a 9,851% increase from 2019 leading to data breaches in more than 630 total healthcare organizations. These violations prevented healthcare providers from efficiently and effectively giving the care needed to save the lives of millions during the first pandemic of this millenium. Therefore, just as we pushed and supported pharmaceutical companies and research labs to find a cure for the coronavirus, the same efforts and innovations must be taken to find a panacea for our CyberSecurity problems. Fortunately, there is a promising new vaccine for our tech problems: blockchain.
The National Institute of Standards and Technology (NIST) defines blockchain as a “tamper evident and tamper resistant digital ledger” technology (or DLT) that allows copies of data to be shared across various systems without having a central authority/repository. Such use of DLTs allows blockchain to “reduce many risks associated with centrally stored data” as consolidated medical databases are usually the prime targets for attacks, as explained by associate consultant Yogesh Shelke from Infosys. Moreover, even if an attacker was to get a hold of the medical data stored within these DLTs, it is computationally arduous for them to be able to alter or hold such information for ransom.
This is achieved through blockchain’s unique set-up, where data is structured into ‘blocks’ of information and ‘chained’ together cryptographically. Thus, if an attacker were to try to change the contents of the block, its unique cryptographic hash would be altered, disrupting its connection to the rest of the chain and preventing any further medical data from being modified. Likewise, since there are copies of the DLT across multiple nodes (computers connected to the blockchain network), the cyberattacker is unable to cause such disruptions in the blockchain for all nodes at once, allowing hospital administrator’s to still have continuous and protected access to their patient’s information from various locations.
Additionally, blockchain can give power back to the patient, providing the opportunity for them to be in full control of how their information is used and shared as part of their treatment. Through the use of smart contracts (programs that automate the execution of agreements between parties without an intermediary), patients are able to have full control of their medical data and engage in informed ways to share that information flexibly and efficiently. Combined with multi-party computation technology to secure the transaction privacy of the parties engaged in the smart contract, such secure transfer of information can help re-assemble the disparate record systems of patient data and create a detailed profile of the patient’s medical history.
Despite such benefits, there are some limitations to blockchain’s applications in the medical sphere. For example, it’s important to note that there are various types of blockchain which provide varying access levels to the information it stores. Public blockchains cannot be used to store patients’ healthcare information as this would allow all connected nodes to have unlimited access to the patients’ information, regardless of that individual’s preferences. Therefore, as argued by the Healthcare Information and Management Systems Society (HIMSS), “privacy considerations for protected health information are critical when considering the technology for certain transactions.” Also, the immutability of the information stored within the blockchain is only useful for certain types of patient data. Healthcare providers seeking to make minor updates to their patients’ records would require large amounts of computational resources to ensure such changes are updated at every node, which is inefficient and time consuming. And just like any technology, there needs to be a constant maintenance of the systems that hold the information blockchain together. Policies must be in place to ensure that employees managing such information are not vulnerable to social engineering attacks (like the aforementioned phishing schemes).
Regardless, blockchain provides the best form of data security, organization and accessibility for medical organizations today. The previous concerns can be addressed through additional planning on the part of hospitals and their administration to map out in what ways their data security and infrastructure is lacking and how blockchain can be used to fill in those gaps. While there are “only a few [operational initiatives at the U.S. national level] focused on blockchain in healthcare”, according to the HIMSS, the programs that are being implemented span various governmental departments from the Food and Drug Administration to the DHHS and the CDC. Therefore, if we continue to push for the cure to our healthcare’s CyberSecurity problems and look towards the innovative solutions that new technology can provide us, we can ensure that not only are patients’ data secure but that their lives continue to be saved.