Client’s Story: healthcare portal
Safeguarding vital records is crucial in today’s health sector where several hospitals and doctors’ surgeries could be forced to turn away patients and cancel appointments against their will.
That was the case recently in England when the WannaCry virus attack hit the British National Health Service NHS in May with a software that targets Microsoft’s widely used Windows operating system locking their computers by encrypting certain files and asking for a digital ransom before control is granted.
Though not a new phenomenon totally except for the increased speed in cases of recent hackings, medical institutions have been targets of ransomware and other forms of cyberattacks because of the vast amounts of patient information at their disposal. It is a more crucial reason why institutions need to put measures in place to protect their service and users.
In the $3 trillion U.S. healthcare industry, one of the largest U.S. hospital operators, Community Health Systems Inc, claimed Chinese hackers broke into its computer network and stole the personal information of 4.5 million patients in 2014.
This data which include names, birth dates, policy numbers, diagnosis codes and billing information are considered to be more valuable than credit card numbers in the black market as they are used to create fake IDs for buying medical equipment or drugs and to file false insurance claims.
In addition to the medical identity theft which could — in some cases — go unnoticed immediately by a patient or their health service provider giving criminals months or even years of unfettered access to their data, such hacks could have a more debilitating effect on some already sick patients who are either denied timely medical treatment due to the disruption in the record system or caused to be delayed.
About the Client
Constitutional Health has a digitally unique and specialized care model that is customized to help individuals optimize lifestyle programs based on the patient’s input and larger health data sets. It deals with people who are ready to make a change in their life and uses its platform to gather information about users through comprehensive medical questionnaire. The health data, which it guarantees its users is protected and is 100% confidential, is combined with its database to create a highly customized and perfectly crafted lifestyle plan for individuals. The organization is not a medical services provider and neither render advice nor diagnose any diseases or illnesses or propose treatment for any condition. Rather, they offer proven unbiased information, expert opinions and options that allow users to better understand their doctor’s advice and to make informed health-related decisions that would help them maintain control over their wellness.
It is expedient to provide secure access for website admins and other personnel that access the database of a medical institution — or users of other connected devices which could make the organization’s server accessible to cybercriminals.
Hacking is no longer the preserve of experts these days. It is very common and gradually becoming a normal experience. Simple video tutorials on how to hack others’ systems are not hard to find online. With the wide reach and easy access that the Internet offers, it is necessary to protect medical institutions’ websites and their network as a whole to avoid patients’ data being stolen.
It makes a lot of sense then that Constitutional Health, a US-based operator of an Artificial Intelligence-infused health information database, has chosen to have the REMME solution implemented as a module on its Wordpress-based website and works as an add-on for its SSL certificate technology.
REMME replaced the operator’s centralized database with the distributed blockchain technology and adds two-factor authorization as an additional layer of security. Now, the data of administrators do not get stored on the server. Rather, they are in the certificate that the administrators provide when they log in while the data container is signed with the master key of the master administrator.
The administrator’s role and permissions as well as information about the second factor authorization are stored in the X.509 container with the help of add-ons. Such approach allows Constitutional Health to protect their system using cryptography and the blockchain instead of storing these information on a central server. Blockchain replaces the hierarchical system for managing the certificates to be distributed and allows the company to manage the certificates by itself.
The Telegram app was chosen for the 2FA verification. The secure messenger’s bot makes it possible for admins not to only confirm the authorization but also to cooperate interactively with the project administrator to help configure the reception of the system’s status or monitor events.
With the implementation of the REMME technology, a key aspect of Constitutional Health’s operation has been taken care of.
“REMME passwordless authentication ensures that our clients vulnerable data is secured from most types of cyberattacks, so we can focus our efforts on developing our main business.” — Sergey Stetsenko, Co-founder Constitutional Health