There has been a surge the past few years in ransomware attacks, one of the most problematic threats to cybersecurity. Cybercriminals are earning hundreds of thousands of dollars every month by deploying malware that locks victims’ computer files until a ransom fee is paid. There is a harrowing pattern found recently in these crimes: the targeting of hospitals and healthcare organizations. According to a 2016 report by NTT Security, a major cybersecurity firm, 88 percent of all detected ransomware attacks were against the firm’s healthcare clients, despite the fact that healthcare organizations made up only 7.4 percent of the firm’s client base. There have been numerous occurrences to evidence this trend over the last few years. Hollywood Presbyterian Medical Center declared an “internal emergency” after ransomware left patient files inaccessible by employees. Hancock Health, a hospital in Greenfield, Indiana, had more than 1,400 files locked with names changed to “I’m sorry” until a ransom was paid. The largest recent ransomware attack severely disrupted the UK’s National Health Service (NHS), forcing 45 NHS organizations to cancel operations and appointments. Unfortunately, this story goes on and on.
So what makes hospitals and other healthcare facilities such appealing targets? Their daily operations completely depend on up-to-date information from electronic medical records. Healthcare providers need quick access to patient histories, drug allergies, surgery directives, and other critical information to provide the appropriate care. This means hospitals are more likely to pay ransom fees to avoid the risks of death or malpractice accusations brought on by delays in patient care. Additionally, medical data is extremely valuable. In fact, stolen health information is worth ten times more than a credit card number on the dark web. Fraudsters can use names, birth dates, billing information, policy numbers, and diagnosis codes to create fake medical identities that allow them to buy medical equipment and drugs or file fictional insurance claims. Finally, healthcare operations are often known for their aging legacy IT infrastructure and a focus on HIPAA compliance instead of employing robust IT security practices. These two factors also contribute to the lack of interoperability across healthcare providers and institutions, which makes securely sharing accurate, comprehensive medical data especially challenging.
Another trend found across these ransomware attacks is the request by cybercriminals for the ransoms to be paid in Bitcoin. Ironically, the technology that supports Bitcoin is also the most promising solution for the security of electronic medical records: Blockchain. Blockchain’s association with hackers gives blockchain an undeservedly bad reputation. Blockchain is not inherently evil, it is simply an effective tool that lazy criminals find easy to use. In fact, blockchain is an especially effective tool to fight against the hackers threatening health data security in exchange Bitcoins. This is true because blockchain is a distributed ledger or public record, that can store multiple copies of the same encrypted data across a network of users on multiple devices. When a hacker breaches a traditional database, they have access to large quantities of information. When a hacker breaches a blockchain, however, they only have access to one or two blocks of siloed data without the important context of the full blockchain.
As one might be able to tell from above, using blockchain to secure medical records would deter hackers from launching cyber-attacks because they would be unable to obtain any valuable health information. This would help healthcare organizations become much less appealing targets for cybercrimes and empower patients to take control of their medical data with a distributed application like Patientory’s. Our blockchain-based platform ensures end-to-end encryption of sensitive medical data and allows patients to decide who can access that information and for what purpose. We envision a future where blockchain has defeated the reign of ransomware and become a key defender of healthcare security.