Last August, a federal district judge in California approved a $115 million settlement against healthcare provider Anthem for a 2015 data breach that exposed 78 million records. The judgment reinforced growing concerns about healthcare-related data breaches, accessing private information from a personal device without the users’ authorization or consent.
Similar data breaches at hospitals and health organizations large and small occur on a regular basis. In 2018 alone, these entities reported roughly 400 data breaches to the federal government. Amazingly, the number of healthcare security breaches perpetrated each year continues to surge. Why the interest?
Accessing patient information (whether medical or personal), can be a highly rewarding endeavor. Criminals who do so may be able to obtain prescription drugs, submit fraudulent medical insurance claims, or even attempt to blackmail patients. And while many hospitals store patient data in an electronic health record format, this change has failed to discourage criminal activity.
A Shift Toward Hacking
In the past seven years, hacking has gradually replaced theft as the primary means by which data breaches occur. As noted above, this shift reflects the move toward electronic records and away from paper records. And while hacking a data repository is far more complicated than pilfering paper files, hackers can surreptitiously access multiple records at once. As a recent report on the matter noted, “although networked digital health records have the potential to improve clinical care and facilitate learning health systems, they also have the potential for harm to vast numbers of patients at once if data security is not improved.”
Given the growth in healthcare-related cyber attacks, hospitals and other healthcare entities may finally cast about for an all-encompassing solution. Blockchain technology appears to fit the bill nicely, as it dramatically reduces the risk of hacking. However, the healthcare industry must first overcome its propensity for data silos, as patient data placed on the blockchain exists in a decentralized state. Fortunately, several leading health-related organizations are moving in this direction. Only the remote risk of a 51% attack gives such institutions pause. And even that reality will soon change.
How Cybercriminals Operate
Aside from hacking into a patient data repository, cybercriminals also send employees email links attached to malware. Once such malware embeds itself into an operating system, a piece of code can take over the computer of an unsuspecting user. Consequently, “the hacker then has a direct foothold into the company. From this foothold, the hacker can attack other computers, take them over and add them to their network of zombie machines” (Georgia Health News). The hacker can then sell this stolen information on the dark web, a collection of websites that sell drugs, hacking software, personal consumer data, and more.
Fortunately, cryptography prevents bad actors from accessing patient data listed on the blockchain (unless someone provides them with a private key). Moreover, any attempts to alter patient data could not be covered up.
The Costs Involved
The costs associated with healthcare security breaches go far beyond software upgrades or revenue lost to competitors. According to a recent report from The American Journal of Managed Care, hospitals victimized by such incidents feel compelled to increase their advertising expenditures by an average of 64 percent.
Data breaches leave hospitals with a damaged reputation, one that any PR team would be hard-pressed to quickly repair. In addition, these hospitals may also be subject to fines and class-action lawsuits. Of course, hospitals eventually pass these costs onto patients in one form or another. As the above report states, “Regardless of the motivation, breach response adds a financial burden to hospitals and the healthcare system. Advertising and the efforts to fix the damages from a data breach increase healthcare costs and may divert resources and attention away from initiatives to improve care quality.”
Healthcare Security Breaches: What Can Be Done?
Blockchain technology appears to be a highly reliable safeguard against such attacks, at least from external sources. Nonetheless, even blockchain technology leaves open just the slightest risk of hacking. And while blockchain is far and away a superior security risk, it cannot yet claim to be entirely secure. Unfortunately, healthcare CEOs may not appreciate claims of near-perfect security (particularly if they previously received such assurances).
Nonetheless, XTRABYTES may soon be able to back up such a claim. An emerging blockchain development platform, its STATIC node network renders hacking practically impossible. In short, it’s impossible for anyone to know the entire private key used by its several thousand STATIC nodes. Thus, hackers cannot fraudulently create a signature-verified block. And should a malicious node attempt to compromise the chain, it will be blacklisted automatically.
While blockchain itself is a superior solution, full confidence in its security capabilities is not a given. XTRABYTES is intent on changing the perception once and for all.