Protecting patient data from cyber-attack

null

In recent years, healthcare organisations around the globe have increasingly come under fire from sophisticated cyber-attacks, compromising the security of private patient data and damaging public trust in healthcare institutions. From the WannaCry attack which saw mass disruption across NHS England to the theft of nearly 10,000 documents from 68 hospitals across the UK in 2017, protecting medical records has been firmly placed at the top of agendas for healthcare IT managers around the world.

As well as leading to a significant breakdown of trust between patients and medical staff, the monetary cost of healthcare data breaches is staggering. According to a report released by IBM and Ponemon Institute, healthcare data breaches cost on average $408 per record compromised. When compared to other industries globally, this ranks healthcare as the most negatively financially impacted by cyber-attacks for the eighth year in a row. 

Further, the introduction of new, tougher sanctions on company’s storing and processing of consumer data under the General Data Protection Regulation (GDPR) in Europe is adding additional pressure for healthcare IT managers to secure medical records. Failure to report a data breach within 73 hours could result in a fine of up to 20 million euros or 4 per cent of the worldwide annual revenue of the prior financial year, whichever is higher. In the US as well, all healthcare organisations must comply with the Health Insurance Portability and Accountability Act (HIPAA) for protecting sensitive patient data which stipulates that all physical, network and process security measures meet the high standards as required by the regulation; non-compliance of which can incur significant penalties. 

However, while these regulations do exist, it’s clear that more needs to be done by healthcare IT professionals to protect patients’ sensitive medical records from being abused and stolen. While it is still common practice for medical records to be shared with disparate third-parties, and in many cases absolutely essential for ensuring the continued and successful treatment of patients, the exchange of such health data across legacy, often outdated, IT systems is highly problematic.  

The ultimate question facing healthcare IT providers is deciding which technologies we further adopt into the fabric of society to not only improve patient care but also protect sensitive medical records from being compromised or stolen for malicious use. Research from Accenture’s 2018 Digital Health Tech Vision report found that 92 per cent of health executives believe that ensuring the security of consumer data is very important for gaining the trust of patients.   

Harness blockchain technology

While there has been significant hype around blockchain technology and the cryptocurrencies it supports over the last few years, the potential this technology has to bring genuine efficiencies and security to the global healthcare industry should not be understated. 

A blockchain is a vast, globally distributed ledger that runs on millions of devices and is able to record anything of value immutably. Medical records, personal health data collated from wearable devices, insurance contracts, digital currency and virtually any other form of asset can be transferred and stored peer-to-peer (P2P), privately and securely because trust is established through clever code, network consensus and cryptography. 

By securing personal health information on a blockchain, a number of the issues mentioned above are mitigated, chiefly protecting sensitive data from cyber-attack. It is virtually impossible to hack a blockchain because to add a block of data to the chain, each person on the vast network must solve a complex mathematical problem created by the cryptographic hash function. Each block then has a timestamp and a direct link to the previous block which forms the chronological chain reinforced through cryptography. As such, to change the data stored on one block in the chain would require altering every single previous block, something that would take significant computing power, time and require the consensus of every party on the blockchain’s authorisation. While no technology is 100 per cent unhackable, at this current time it would take a quantum computer to steal data stored on a blockchain. 

Harnessing this new technology also liberates personal medical data and places control over it back into the hands of the patient, establishing trust between patient and healthcare organisations. Only those who a patient grants access to view their medical records on the blockchain will be able to do so. Further, having all medical data in one place also creates a more complete view of personal health for both patients and doctors. With medical data ready to access at all times, patients will be able to simply unlock their medical records and provide access to chosen doctors, which is much faster than the existing process that sometimes takes up to months for meaningful health data to reach the right medical professionals. 

Introduce 24/7 cybersecurity monitoring

Healthcare IT is very similar to industrial control systems in that it needs to be up and running continuously to support essential life-saving machines and treatments. As such, it can be difficult to update the technology as downtime cannot be tolerated. This creates the perfect storm for cyber-attacks. 

Given the recent cyber-attacks on global healthcare organisations, prevention methods appear to be failing and trying to deflect zero-day attacks is still an impossibility for even the most sophisticated endpoint protection. However, by integrating 24/7 monitoring systems that can detect, respond and contain cyber-attacks when they do happen, the impact on healthcare organisations can be mitigated. All healthcare IT managers should look at having a holistic and strategic solution to resolve ongoing cyber-threats and ransomware attacks. 

With the rise of aging populations, outdated infrastructures and chronic diseases around the world, there is an urgent need for improved, technologically-driven healthcare solutions. From harnessing blockchain technology to improving firewalls and ensuring healthcare IT systems are monitored 24/7, healthcare organisations can protect their systems while also empowering people to leverage their personal health information for good. Ultimately, for global healthcare to help everyone, it must evolve to ensure absolute privacy and that collaboration where required is maintained, as this is central to the future of population health for a more mobile, global workforce.  

Chrissa McFarlane, Founder and CEO of Patientory Association 

Image Credit: Everything Possible / Shutterstock