An outlook on data privacy — the healthbank case study

2018 has been a year of major data breaches. Since 2005, there have been almost 8,200 recorded data security breaches with more than a billion personal records stolen by data thieves. A 2016 computer security report projects that cybercrime will cost the world more than $6 trillion by 2021, doubling from the annual $3 trillion in 2015.

Some of the more memorable attacks this past year have been in the headlines, Facebook, Marriot, Uber, and Underarmor were attacks that received quite a bit of mainstream media attention. Millions of people trusted these corporations as competent custodians of their most sensitive data and were exposed when the networks were compromised.

These attacks leaked sensitive information like social security information, credit card details, name, addresses, and other very personal data into the hands of fraudsters. The personal nature of the data often makes victims vulnerable to crimes beyond the scope of identity theft such as blackmail, as noted in this FBI warning.

But a more vulnerable and less publicized variety of data breach has been taking place, right under our noses, which shows an even deeper and more personal nature of our very own data:

Data thieves have been targeting and seeking medical records!

This article sums it up pretty well:

“Social Security numbers, addresses, birthdates, family members’ contact information, payment information, and insurance policy data — as well as historical medical information (prescriptions, test results, treatment plans) that cannot be changed — the stakes are higher for identity theft”

There have been 47 major medical data breaches, impacting 6.1 million patients in 2018 alone, with no signs of slowing down. Some of these attacks have exposed victims to identity theft and fraud.

The largest medical data breach of all-time was Anthem Blue Cross with 78 million people’s records becoming vulnerable. Health records sell for as much as 10 times the price of commonly stolen personal data on Dark web markets.

Why is health data so valuable?

Well, besides common fraud like identity theft, medical records can be used by thieves to get medical attention, procedures, medications and other therapies on your tab.

This can be very deadly if the wrong medical info makes it into your records.

Often times a victim has no idea, and does not discover their data has been stolen until long after. The stolen data is often used to forge credentials to buy medical equipment, prescription medications, or to use patient info to file false claims with insurers. Attackers have been utilizing leaked NSA hacking tools, and employing ransomware as well. In Britain this resulted in both doctors and patients being locked out of patient files and medical history. It affected 36 hospitals, doctor’s offices and ambulance companies across the UK.

Unlike Identity theft or fraud, there is no system to help victims. A bank or credit card company has a protocol in place to refund and protect victims of fraud and identity theft. For victims of medical fraud, there is no such recourse, victims are often on their own. The permanent nature of this data makes it a much more serious problem with long-lasting consequences.

Why do these breaches keep occurring?

Simply put, people don’t know better, are lazy and computer security is often difficult to understand and manage.

It’s hard work to develop good security habits and a computer hygieneroutine, especially at an enterprise network level.

It’s very tough to secure data and that data’s integrity making sure that only authorized parties can access or alter that data. Current databases store data, and control authorized access, creating a situation requiring a high-level of trust.

This means if a breach does occur an attacker can access everything stored on the database and also alter data. Too often, data custodians spend most of their resources on perimeter defenses like firewalls, instead of solutions to limit damage if a breach does occur.

In the security world, there is a constant battle between security and convenience. It’s an art finding the right balance between the two when creating your data security plan. Many companies sacrifice security for convenience with devastating consequences.

Can Blockchain be a secure data storage solution?

Blockchain has been paraded and lauded as a miracle solution for every problem imaginable.

Take a look at this list of cryptocurrency tokens. That being said, secure data storage has been one of the few use cases that blockchain might actually be useful for.

Distributed networks are said to be most useful as marketplaces or as infrastructure. There are several innovative projects utilizing blockchains for secure, trustless and decentralized data storage, the most famous of which is Filecoin (a decentralized, secure data-storage marketplace).There may be a viable case for industry-wide disruption, this includes secure storage of medical records.

Blockchains utilize security measures like end-to-end encryption, cryptographic hashing, timestamps, trustless verification, and public/private key encryption.

Public key encryption uses a pair of keys, one private, (which only you have), and a public key you can share with anyone. Your public key is derived from the private key, but the private key can’t be discovered from the public key (because of math). Anyone can send data to your public key which remains encrypted until (only) you unlock the data with your private key. Only you have your private key, allowing only you to also sign messages and authenticate data with your unique cryptographic signature.

This ensures only authorized parties have access to data, allows users to choose who they share access with (by signing/authenticating). Having your data in secure cloud storage also allows access from anywhere at any time using your private key.

Additionally, every single participant in the network would have a unique cryptographic key as well, allowing network-wide accountability, timestamps, authorized access and custody of data recorded by the immutable ledger of the blockchain itself.

Blockchain networks were designed with an adversarial environment in mind, which makes them extremely resilient to attackers.

Projects like healthbank, that are implementing this kind of secure blockchain infrastructure and creating secure medical data exchange platforms may completely disrupt the healthcare industry.

In this context, blockchain may very well be a gamechanger for securing medical data. A distributed network structure is designed for an adversarial environment. They have no single point of failure, ensuring data integrity with cryptography, timestamps, and a public ledger, giving data custodians the tools to ensure breaches become a thing of the past.

Many companies simply do not prioritize expensive investments in security infrastructure and training until it’s too late. The reality is that your highly-sensitive personal data is at risk daily and you should care about how competent the custodians of that data are.

Blockchains may be the best solution, by adding secure countermeasures, dramatically reducing the threat model and vulnerability to attackers.

To learn more about our platform, visit our Website and our Telegram Channel