Pavel Novik, QA Unit Manager and the head of the Mobile Testing Center of Excellence at a1qa, explains how blockchain can ensure comprehensive protection of medical device data, the key target for cybercriminals in the healthcare industry.
With the ongoing advancement of the medical IoT, hospitals get equipped with more and more medical devices. They not only play a role in diagnosing, preventing, and curing diseases; they also continuously gather vital patient data and transmit it to clinical information systems.
On the one hand, this technology facilitates treatment and automates laborious data management workflows, but on the other, it came to be the most common target of cybercriminals.
Typically, hackers are after protected health information — it is either sold on the black market or returned for a hefty ransom. As a result, such breaches cost organisations insane amounts of money and a tarnished reputation.
In a threat landscape where medical device data is the primary target, healthcare providers need to prioritise their protection to deliver safe and efficient treatment to their patients. Blockchain is a revolutionary solution for IoMT security that forward-minded security leaders are actively exploring at the moment. Even the first tentative implementations show that the technology harbours the potential to elevate the security standards of a connected healthcare facility, blockchain app testers from a1qa admit.
Let’s see how healthcare providers can apply blockchain to protect sensitive medical device data against common security vulnerabilities and ever-evolving cybersecurity exploits.
Full device visibility
Poor control over IoT endpoints and devices is perhaps the most persistent security challenge for corporate security leaders. Despite the proliferation of IT monitoring tech, companies with sprawling connected infrastructures still tend to let connected devices slip out of sight. As a result, unaccounted devices become hackers’ loophole into the facility network and, eventually, patient data.
In the meanwhile, a distributed blockchain-based database (DB) can enable complete visibility into medical IoT assets. As records in a distributed ledger are immutable, medical equipment gets implemented right into the network and can never slip off the radar due to negligence or oversight.
Also, all device configurations or physical relocations, including those conducted with malicious intent, will be automatically noted down in the history of changes, making it impossible for hackers to undermine security undetected in case they do gain access to the network. In addition to providing healthcare facilities with complete control over their distributed device network, blockchain-enabled monitoring promises to cut IoMT maintenance costs while elevating the network performance.
An impregnable data storage
Today, many healthcare providers are abandoning their server-based medical data storage areas in favour of cloud-based solutions — and rightfully so. The cloud is a better option for many reasons: it has a nearly unlimited storage capacity, does not require meticulous maintenance, and is compliant with universal and regional standards of data protection. Nevertheless, according to the Netwrix Cloud Data Security Report, 35% of healthcare companies who store sensitive information in the cloud experienced security incidents in 2019, which is still a relatively high breach probability.
Blockchain offers to step up the security of cloud-based health records storage spaces. In a blockchain-enabled cloud storage, medical device data is encrypted, divided into segments, which are interlinked with a hash function, and then distributed around the network in a decentralised way.
Such advanced provisions as hashed blocks and transaction ledgers ensure robust protection against various security exploits, while a verifiable blockchain architecture allows owners to track the storage history, which prevents data tampering. What is more, in an unlikely event of hackers decrypting some data, they will end up with a small and disjointed segment of information, not an entire file.
Efficient data management
IoT-enabled healthcare facilities are oversaturated with big data that requires thorough management to prove valuable. However, since their data is typically distributed across various DBs and is neither consistent nor interoperable, organisations relying on the traditional approach often find it hard to manage this data efficiently.
Ineffective medical device data administration leads to low-quality treatment as well as threatens to dent corporate cybersecurity in the long run. Veritas reports that 27% of IT decision-makers admit that poor information management made their enterprises vulnerable to data-related security threats. Since both long-term and short-term outcomes are undesirable for any well-reputed healthcare institution, the owners should step up their data management game to forestall these risks.
Blockchain-enabled platforms promise to meet data management requirements unique to the IoMT environment. The technology’s key differentiator compared to traditional systems is that it enables decentralised governance and smooth collaboration between different healthcare stakeholders.
Blockchain also provides for automatic and tamper-proof data provenance tracking, which is a must for productive and secure clinical trials. Beyond this, the technology promises to render heterogeneous medical device data robust and reusable.
Reliable access controls
Selective restriction of physical and digital access to data-generating connected devices is a common security technique at healthcare facilities. However, when it comes to an IoMT network, this practice fails to prove efficient.
The reason is that mainstream access technologies rest upon centralised models that do not allow for interoperability, which is needed to effectively manage the mobile, distributed, and dynamic IoT environment. Also, a centralised system implies a unified access control policy and a single administrator to manage it all — the arrangement not only impractical but also rendering the entire network susceptible to attacks.
Leveraging blockchain technology, medical facilities can build a more suitable decentralised architecture to manage roles and permissions in their geographically distributed IoT infrastructures.
In 2019, the University Health Network (Canada) presented the result of their collaboration with IBM — a proof of concept of a health consent management blockchain. Based on individual consent, the platform allows authorised patients to easily and securely access their encrypted electronic health records found across the health system’s silos and manage them as necessary.
Another advantage of blockchain-enabled access controls is that once set, the policies are impossible to tamper with. While each administrator is free to modify access controls in their area of responsibility, each change needs to be verified by other parties.
Above all, blockchain is a way more scalable technology than traditional access management systems, which makes it a better fit for constantly expanding IoMT infrastructures.