An Outlook On Data Privacy In The Healthcare Industry

2018 was a year of major data breaches. Since 2005, there have been almost 8,200 recorded data security breaches, with more than a billion personal records stolen by data thieves. A 2016 computer security report projects that cybercrime will cost the world more than $6 trillion by 2021, doubling from the annual $3 trillion in 2015.

Some of the more memorable attacks this past year have been in the headlines, Facebook, Marriot, Uber, and Underarmor were attacks that received quite a bit of mainstream media attention. Millions of people trusted these corporations as competent custodians of their most sensitive data and were exposed when the networks were compromised.

But a more vulnerable and less publicized variety of data breach has been taking place: data thieves have been targeting and seeking medical records.

There have been 47 major medical data breaches, impacting 6.1 million patients in 2018 alone, with no signs of slowing down. Some of these attacks have exposed victims to identity theft and fraud. The largest medical data breach of all-time was Anthem Blue Cross with 78 million people’s records becoming vulnerable. Health records sell for as much as 10 times the price of commonly stolen personal data on Dark web markets.

Why is health data so valuable?

Besides common fraud like identity theft, medical records can be used by thieves to get medical attention, procedures, medications and other therapies on your tab.

Often times a victim has no idea and does not discover his data has been stolen until long after. The stolen data is often used to forge credentials to buy medical equipment, prescription medications, or to use patient info to file false claims with insurers. Attackers have been utilizing leaked NSA hacking tools and employing ransomware as well. In the UK, this resulted in both doctors and patients being locked out of patient files and medical history. It affected 36 hospitals, doctor’s offices, and ambulance companies across the UK.

Unlike identity theft or fraud, there is no system to help victims. A bank or credit card company has a protocol in place to refund and protect victims of fraud and identity theft. For victims of medical fraud, there is no such recourse, victims are often on their own. The permanent nature of this data makes it a much more serious problem with long-lasting consequences.

Why do these breaches keep occurring?

It’s very tough to secure data and that data’s integrity making sure that only authorized parties can access or alter that data. Current databases store data, and control authorized access, creating a situation requiring a high-level of trust.

This means if a breach does occur an attacker can access everything stored on the database and also alter data. Too often, data custodians spend most of their resources on perimeter defenses like firewalls, instead of solutions to limit damage if a breach does occur.

In the security world, there is a constant battle between security and convenience. It’s an art finding the right balance between the two when creating your data security plan. Many companies sacrifice security for convenience with devastating consequences.

Can blockchain be a secure data storage solution?

Blockchain has been paraded and lauded as a miracle solution for every problem imaginable.

Blockchains utilize security measures like end-to-end encryption, cryptographic hashing, timestamps, trustless verification, and public/private key encryption. Public key encryption uses a pair of keys, one private, and a public key you can share with anyone. Your public key is derived from the private key, but the private key can’t be discovered from the public key. Anyone can send data to your public key which remains encrypted until you unlock the data with your private key. You have your private key, allowing only you to also sign messages and authenticate data with your unique cryptographic signature.

This ensures only authorized parties have access to data, allows users to choose who they share access with (by signing/authenticating). Having your data in secure cloud storage also allows access from anywhere at any time using your private key. Additionally, every single participant in the network would have a unique cryptographic key as well, allowing network-wide accountability, timestamps, authorized access and custody of data recorded by the immutable ledger of the blockchain itself.

Blockchain networks were designed with an adversarial environment in mind, which makes them extremely resilient to attackers.

Projects like healthbank, that enable patients to securely upload their medical data to the blockchain which is then end-to-end encrypted, may completely disrupt the healthcare industry.
In this context, blockchain may very well be a gamechanger for securing medical data. A distributed network structure is designed for an adversarial environment. They have no single point of failure, ensuring data integrity with cryptography, timestamps, and a public ledger, giving data custodians the tools to ensure breaches become a thing of the past.

Many companies simply do not prioritize expensive investments in security infrastructure and training until it’s too late. The reality is that your highly-sensitive personal data is at risk daily and you should care about how competent the custodians of that data are.

Blockchains may be the best solution, by adding secure countermeasures, dramatically reducing the threat model and vulnerability to attackers.

___________

Sharing is caring!