By Li Jun, Founder of Ontology, the high performance, public blockchain specializing in decentralized identity and data
In May of this year, the Republic of Ireland’s Health Service Executive (HSE), suffered a “catastrophic” cyberattack. In addition to directly causing the number of hospital appointments in some areas of the system to drop by 80%, the hackers also stole and shared sensitive medical and personal information of patients online as well as details of correspondence with patients. While three quarters of the HSE’s servers have been unlocked since the attack, the HSE’s CEO recently said that it will still be “many more weeks” before health services return to normal.
Meanwhile, in the UK, statistics from the Information Commissioner’s Office (ICO) show that 3,557 personal data breaches were reported across the health sector, the majority within the NHS, in a two year period to the end of March this year. Not all data breaches are reported, so the total is likely to be much higher. The private health data of thousands of people was shared with strangers, with one patient even having strangers turning up at her door to let her know her private details, including her home address, had been mistakenly sent to other patients. Malicious actors have the opportunity to blackmail and disrupt the system when they gain access to sensitive health information, which is arguably the lifeblood of our societies’ public health.
Data breaches and the potential for data breaches such as this are a perfect example of the dangers of storing sensitive identity and health data on centralized systems. While the continued rise of digital services have made maintaining a secure digital identity, a trusted digital format of a company or person’s identity, increasingly important, unfortunately, many healthcare facilities and systems still use centralized systems such as excel spreadsheets on centralized computer systems that are easy for malicious actors to hack — or even pen and paper — to house patient data. In order for health data to be stored securely, it should be stored on decentralized systems built on blockchain technology that are encrypted and secure.
Digital transformation, accelerated by the pandemic in areas from cloud computing, big data, ecommerce, and, perhaps most importantly, health, is continuing to pick up pace. In healthcare, there is enormous potential for digital transformation and the increasing use of health data to improve the efficiency of systems and wellbeing of people worldwide.
In the US, innovation in healthcare and increasing reliance on health data has been compared to the dot-com boom of the late 1990s. Elsewhere, the reliance on data is strong, the UK’s Department of Health and Social Care recently published a policy paper titled “Data Saves Lives”. This paper asserted that in the midst of “the greatest public health emergency that this country has tackled for generations” data was essential in identifying those “who are most vulnerable to coronavirus” helping the system to protect its citizens. Data was essential in their progress in the fight against Covid-19, powering vital research and analysis. Nonetheless, throughout the pandemic, the UK and other countries were managing huge amounts of personal identity and health data that were highly sensitive and could lead to malicious practise if placed in the wrong hands, on insecure centralized systems that are susceptible to breaches.
Reflecting, Phil Booth, Coordinator at MedConfidential, an organization that campaigns for better confidentiality and security for patient data, summarised the key issue of trust and health data storage when he claimed that the major risk of the GP data programme is that it destroys trust. Booth said that convincing patients and GPs to opt into the programme, which involves increased collection and sharing of health data, given the inherent risks involved whether through mismanagement or from malicious actors like hackers, “undermines trust”. Reliance on health data and maintaining secure digital identities for healthcare is only going to become more important in the coming years. With this in mind, it is vital that patients can be confident that when they hand over sensitive data it is being stored and managed securely. Unfortunately, the nature of centralized systems for health data storage, as recently evidenced by these statistics from the UK and the HSE cyberattack, have inherent security risks. The infrastructure behind the systems is too weak to withstand technologically advanced hackers.
The solution lies in decentralized data storage and management. Decentralized systems that are built on blockchain provide an encrypted and secure means for companies and organizations to store their data. Unlike centralized systems, their immutable format makes them very difficult to infiltrate; they are trustless and essentially don’t require users to put their faith in archaic technology or systems prone to human error. As well as this, patients must invest in decentralized identity solutions that help them manage their personal information. Using decentralized identity platforms, users can take back control of the information they share with institutions, ensuring that security and private data management are at the forefront of every exchange.
As digital transformation in healthcare continues to gain traction, it is likely that data breaches will become more, not less, common. Anticipating this, adopting decentralized solutions for health data that puts the control of the data in the hands of the patient, rather than on a centralized database, will reduce both the malicious and unintended dissemination of patient data while ensuring that the true potential of healthcare data and innovation can be realized.