In the digital economy, every industry runs on data. In the healthcare industry, there is no greater need than to have total view and capitalization of data. But this need inherits others—the need for security, transparency, and interoperability.
In an industry rife with inefficiencies and systemic vulnerabilities (e.g. counterfeit prescription drugs), the benefits of using blockchain to address these needs cannot be ignored. The application of this technology will provide secure organization and transfer of patient medical records and claims and can prevent costly data breaches as well as even more expensive errors in patient care. In a competitive, value-led care market, it is no surprise that healthcare is investing in blockchain. IDC reports that by 2020, 20 percent of healthcare organizations will use blockchain to manage patient information and operations.
Proper adoption requires time and resource investment to ensure a level of security worthy of migration to the distributed hyperledger.
Blockchain empowers healthcare providers by providing transparency, interoperability, and accountability. Human-centric healthcare isn’t possible if technological adoption is limited to electronic health records that are siloed.
Patients deserve providers who communicate with one another, share knowledge, and work in concert for the well-being of the patient.
For blockchain readiness, the best defense is a great offense: attack vulnerabilities by understanding threats and take proactive measures. The greatest threats to blockchain security include (but are not limited to):
• Decentralized Autonomous Organizations (DAOs)
• Stolen keys
• No regulations
First, we’ll look at these threats, and then preventative solutions.
The DAO of blockchain
A decentralized autonomous organization (DAO)—the equivalent of a venture capital fund for blockchain—is powered by crowdsourcing. Medical DAOs are already in use for areas such as malpractice insurance but blockchain adoption is only just emerging outside of cryptocurrency. The inherent risk of DAOs is that—in response to growing blockchain demand—developers may introduce vulnerable code to the market at any time.
After raising $150M in 2016, Ethereum’s “The DAO” was the first to be hacked. $55M was stolen before the hacker ceased the operation for unknown reasons. Whether it was to prove a point or the hacker had a conscience (or both)—the forewarned attack commanded attention.
Decrypting a blockchain security key is virtually impossible because both public and private keys are required. Instead, hackers focus their efforts on attempting to steal these keys. Without the key, a hacker is powerless. With keys in hand, the hacker owns the chain.
If this sounds familiar, it should. We think about personal account vulnerability frequently, if not daily. Computers, laptops, and mobile devices are the path of least resistance for hackers stealing blockchain security keys—like passwords on our plethora of devices.
Demand for blockchain and DLT in healthcare is on the rise. The need for third-party vendors to meet this demand means increased risk for companies that contract for blockchain services. No matter how strong in-house security measures are, healthcare blockchains (and all blockchains for that matter) are only as strong as the weakest link. Apps and platforms may open a Pandora’s box of less than optimal security, user error, and bad code originating with the vendor—not the company.
These potentially viral vulnerabilities are especially dangerous in regards to smart contracts. When two or more parties agree to share what is essentially a crypto-security deposit box, the negative ramifications of vendor-caused vulnerability can’t be overstated.
The vaccine to this vulnerability virus, is expertise. Just as it takes many years to learn and perfect science, there’s an art to understanding and combating cyber-criminals. Certified Ethical Hackers (CEH) are the best example of the expertise required to combat potential threats.
Setting cryptocurrency regulation arguments between governments and providers aside, it’s foolish to suggest that regulation and standardization have no place in blockchain integration beyond Bitcoin—especially in healthcare.
Eventually, standardization and regulation will empower developers to learn from each other’s mistakes, while preventing avoidable issues with disparate chain mergers and integrations. Until there is industry wide alignment, however, blockchains will continue to be developed independently and increased risk of security incidents, service disruptions, etc. will grow in parallel.
It is far better to take a conservative security posture with regard to blockchain than to discover and manage the hard lessons that result from a compromised chain.
Foundational countermeasures for blockchain security include:
• Vet all product and service providers thoroughly for reputation and expertise
• Independent testing and firewall integration for smart contracts
• Expert peer-review of code prior to deployment
• Ensure keys are never shared in word documents, text, or easy to read files
• Regular malware scans and proven anti-virus software
For true success managers need to know how/when to anticipate security breaches and respond appropriately.
About Rich Herrington
Rich is EVP, Client Success Team Leader at SoftServe. He is a technology and management executive with 20 years of software product development and management experience at companies ranging from SMEs to multinationals. Throughout his career, Rich has implemented strategic partnering relationships to increase productivity, quality and time to market for his clients’ products and projects.