Last year, the now infamous WannaCry ransomware attack crippled NHS England for 48 hours and nearly 10,000 documents were stolen from 68 hospitals in a separate attack.
Healthcare breaches cost a healthcare organisation on average $408 per every medical record compromised, according to a report by IBM. While new regulations, such as the General Data Protection Regulation (GDPR), have come in to play to protect sensitive consumer data, more needs to be done by IT professionals to protect critical social infrastructure from malicious cyber-attacks.
Taking the global healthcare industry as our main use case, patients’ medical records are often shared with third parties in order to support life-saving treatments and care. Yet the transfer of this critically sensitive data is still done via old, outdated legacy IT systems, and even by paper in some cases.
The reality however is that cyber-attacks have become significantly more sophisticated. Those who manage healthcare IT systems must start to seriously look at improving technologies used to protect the security of sensitive medical data and safeguard ongoing patient care.
One of the biggest barriers to updating unfit-for-purpose IT systems in healthcare is that, like industrial control systems, healthcare IT infrastructure cannot be shut off at any point. It must be running online every single day of the year to support vital life-saving machines, systems and treatments. However, this creates a perfect target for cyber-criminals launching malicious attacks.
Deflecting zero-day attacks is an impossible task for even the most sophisticated software for endpoint prevention
Attempting to deflect zero-day attacks is an impossible task for even the most sophisticated software for endpoint prevention. The next generation of cybersecurity measures should involve 24/7 monitoring of networks every single day to detect, respond to and contain cyber-attacks as and when they happen.
This constant, proactive vigilance combined with reactive measures to combat attacks would limit damage to hospitals and healthcare organisations resulting from an attack. Healthcare IT managers should look at implementing holistic cybersecurity measures that cover all disparate systems to protect patient data from cyber-threats.
According to a report by Accenture on the future of digital health tech, 92% of health executives believe that protecting consumer data is very important for gaining patients’ trust in the medical profession. One of the latest emerging technologies, blockchain, is slated to increase trust in the industry.
A blockchain is a distributed ledger that runs on multiple devices and can record anything of value using cryptography. Data stored in a blockchain is highly resistant to modification.
By using blockchain as a service for medical records, healthcare organisations could empower consumers to take control of their own health data while solving problems surrounding sharing sensitive medical data in a secure way with doctors and third parties.
Breach a blockchain and you only gain access to siloed data from one or two blocks
Securing patient data with a blockchain would put many hackers off launching cyber-attacks as it’s very difficult to hack a blockchain to steal usable amounts of information. Whereas hacking a regular database can give you access to large quantities of data at once, were one to breach a blockchain you would only gain access to siloed data from one or two blocks on the chain without any of its related, contextual data.
Further, to change data on one block would require you to alter the hash on every single previous block on the chain. Today, it would take a quantum computer to do so without the whole network knowing.
Using blockchain as a service in healthcare would also give control over personal data back to patients, ultimately creating a consumer-focused healthcare system. It would be in the hands of patients to decide who can access their medical records, ensuring only those who need to access it can. With a holistic view of a patients’ medical data in one place, medical professionals will also be able to diagnose and prevent diseases much more quickly than before.
As the global population becomes older and healthcare treatment costs rise, increasingly sophisticated cyber-attacks are a grave threat. We must safeguard our global healthcare systems before it’s too late.
From harnessing blockchain as a service to implementing 24/7 monitoring for cyber-attacks, critical healthcare IT infrastructures can and must be protected more effectively.
