SEPTEMBER 11 13, 2017 BOSTON, MA Opportunities in Healthcare HealthcareSecurityForum.com/Boston/2017 #HITsecurity
Blockchain Applications for Securing the Healthcare Ecosystem MARIA PALOMBINI Director, Communities and Initiatives Development, GBSI, IEEE Standards Association (IEEE-SA)
IEEE-SA IEEE ¾ World largest technical association ¾ A non-profit with 423,000 members in 160 countries ¾ More than 100 years old Standards Association ¾ Build standards for technology through consensus ¾ Building consistent protocols that can be universally understood ¾ Most notable Standards: 802.11 (Wi-Fi) and 802.3-2015 (Standards of Ethernet) Full list of standards at http://standards.ieee.org 3
Some Blockchain Primers ¾ Bitcoin is not blockchain and vice versa ¾ There is a lot of hype around blockchain ¾ Blockchain will not deliver world peace ¾ Blockchain is not meant to wipe out existing legacy systems ¾ It s a young and emerging technology failures and re-sets are to be expected ¾ There are still quite a few challenges that need to be resolved in order to make adoption happen ¾ There are many new companies coming into the market to develop blockchain solutions for healthcare ( top 25 available on Becker s Hospital Review as of August 2017) 4
Healthcare Breaches on the Rise 233 breaches reported to the HHS by mid-year 2017. Expected to surpass the total 450 incidents in 2016 The total number of patients records impacted is 3.1 million (2 nd Q 2017) Hacking incidents are up by 20% 133% increase in ransomware attacks compared to the 1 st half of 2016 41% of data breaches were to tied to insider error or wrongdoing, comprising nearly 1.2 million records as of June 2017. Source: Fierce Healthcare, Healthcare data breaches haven t slowed down in 2017, and insiders are mostly to blame, 3 August 2017, https://goo.gl/xwtn6x 5
Where does Medical Data Fit In? http://www.informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/ 6
Health vs Financial Record Data which is worth more on the black market? Your Social Security number? $0.10 Your Credit Card number? $0.25 Your EHR? >$1,000.00 Source: Forbes.com, Your Electronic Medical Records Could Be Worth $1000 To Hackers, April 2017. https://goo.gl/shhavt 7
WHY is the Health Record so Valuable in the Black Market? ü Contains exploitable information about you and potentially other family members ü It s immutable. You can change a credit card and even a social security number, but you can t change your health record ü It s the most comprehensible record about your identity that exists today ü Can be exploited for public harassment or political gain (ie. 2016 Presidential election; celebrity exploitation (i.e Charlie Sheen) Source: Forbes.com, Your Electronic Medical Records Could Be Worth $1000 To Hackers, April 2017. https://goo.gl/shhavt 8
How Easy is it to Hack a Medical Device? Too Easy ¾ Researchers in Belgium and the UK have demonstrated that it s possible to transmit life-threatening (if not fatal) signals to implanted medical devices such as pacemakers, defibrillators, and insulin pumps. ¾ A catheter lab in a Virginia facility was temporarily closed when malware was discovered on the computers supporting cardiac surgery. ¾ Malware capable of opening up backdoor access to a hospital s IT network was found in software residing on X-ray, blood gas analyzer, and communications devices. ¾ The list goes on. 9
Bitcoin vs Blockchain: What s the Difference? One of the world s most volatile currencies Considered an alternative currency It s value is not pegged to a currency but rather it s backed by the users on its peer-to-peer exchange system Distributed ledger system providing anonymity and trust to audit transactions.
What is/not Blockchain? Blockchain Is ü Decentralized ü Transparent ü Verifiable ü Secure and Private ü Young and rapidly evolving technology ü Transactions are created by the participants in the system Blockchain is Not ü A magical database in the cloud ü Going to change the world ü Free ü Only one blockchain ü Used for everything and everyone ü Unhackable or unalterable 11
This is Blockchain Figure 1: The structure of a blockchain Source: The Dzone Newsletter (dzone.com) 12
Types of Blockchains Source: Ahmed Banafa - https://www.linkedin.com/in/ahmedbanafa// 13
Types of Blockchain PERMISSIONLESS PERMISSIONED PUBLIC PRIVATE ENTERPRISE APPLICATIONS EASY READ ON TYPES OF BLOCKCHAINS https://blockchainhub.net/blockchains-in-general 14
Public Blockchains Open source and not permissioned Anyone can download the code and start running a public node on their local device, validating transactions in the network, thus participating in the consensus process Anyone in the world can send transactions through the network and expect to see them included in the blockchain if they are valid Anyone can read transaction on the public block explorer Examples: Bitcoin, Ethereum (SLACK), Monero, Dash, Litecoin, Dodgecoin, etc. Effects: (1) Potential to disrupt current business models through disintermediation (2) No infrastructure costs! No need to maintain servers or system admins radically reduces the costs of creating and running decentralized applications (dapps). 15
Federated Blockchain ¾ Under the Leadership of a Group Not open to anyone with an internet connection to participate in the verification of transactions process Are faster (higher scalability) and provide more transaction privacy. The consensus process is controlled by a pre-selected set of nodes; for example, one might imagine a consortium of 15 financial institutions, each of which operates a node and of which 10 must sign every block in order for the block to be valid The right to read the blockchain may be public, or restricted to the participants Example: B3i (Insurance) Consortium Benefits: Reduces transaction costs and data redundancies and replaces legacy systems, simplifying document handling and getting rid of semi manual compliance mechanisms 16
Private Blockchains ¾ Centralized to one organization Read permissions may be public or restricted to an arbitrary extent. Likely applications include database management, auditing, and more that are internal to a single company Private blockchains are a way of taking advantage of blockchain technology by setting up groups and participants who can verify transactions internally. (Risk Factor) Private blockchains have their use case, especially when it comes to scalability and state compliance of data privacy rules and other regulatory issues. Examples: MONAX, Multichain Benefits: (1) reduces transaction costs and data redundancies and replaces legacy systems, simplifying document handling and getting rid of semi manual compliance mechanisms 17
Blockchain Securing the Health Ecosystem Source: Frost & Sullivan, https://goo.gl/htzifk 18
Blockchain Use Cases in Health Ecosystem ¾ Healthcare Data ¾ Insurance/Payments ¾ Drug Supply Chain ¾ Clinical Trials ¾ IoMT (internet of medical things) 19
Use Case: Health Data Public Blockchain Source: Blockchain For Health Data and Its Potential Use in Health IT and Health Care Related Research, Laura A. Linn; Martha Koo, MD. https://goo.gl/vrwdyh 20
Use Case: Health Data Public Blockchain Source: Blockchain For Health Data and Its Potential Use in Health IT and Health Care Related Research, Laura A. Linn; Martha Koo, MD. https://goo.gl/vrwdyh 21
Use Case: Blockchain & Health Data Interoperability Source: 5 Infographics Explaining How Blockchain Can Change Healthcare https://goo.gl/7vvctn 22
Use Case Pharma Supply Chain Source: 5 Infographics Explaining How Blockchain Can Change Healthcare https://goo.gl/7vvctn 23
Pharma Blockchain Ecosystem for Securing the Pharma Supply Chain ¾ BlockRx Youtube Video https://www.youtube.com/watch?v=rspikuvtlh0 24
IEEE: State of Blockchain Adoption in the Pharmaceutical Supply Chain Research Report First report of its kind publish date October 2017 Benefits of Blockchain Technology Total Sample More secure 20% When asked about benefits of blockchain, security, advanced technology and better control are most mentioned. (sample: N=300) Database to record transactions/advanced technology 16% Better control/control of inventory 15% Deterrent of fraud/counterfeit 11% More efficient 9% 25
Use Case Blockchain and Clinical Trials Improving data transparency in clinical trials using blockchain smart contracts (CROs); Timothy Nugent, David Upton, and Mihai Cimpoesu A private, permissioned Ethereum blockchain network maintained by regulators (e.g. MHRA, FDA), pharma and contract research organisations used in parallel with traditional clinical data management systems (CDMS) https://www.ncbi.nlm.nih.gov/pmc/articles/pmc5357027/ 26
Use Case Blockchain and Clinical Trials ¾ YouTube Demo https://www.youtube.com/watch?v=jgumtdlrdne 27
Trends in Healthcare Devices 28
Blockchain & IoMT Device Security The global healthcare IoT security market will reach $15.82 billion by 2022. The market is currently valued at $4.8 billion. https://goo.gl/jj61jk Source: Security Ledger https://goo.gl/ykh6he 29
Blockchain, an IoT Security Protocol Build trust, accelerate transactions, maintain regulatory compliance. ¾ Track billions of devices ¾ Enable process of transactions and coordination between devices ¾ Decentralization eliminates single points of failure ¾ Cryptographic algorithms would make patient data more private ¾ The ledger is tamper-proof and cannot be altered by hackers as it does not exist in any one location ¾ Maintain a duly decentralized, trusted ledger of all transactions occurring in a network. This capability is essential to enable the many compliance and regulatory requirements 30
Is Blockchain Hackable? If you place a bullet-proof, earthquake-proof, act of God proof steel door on your house, you would consider that safe. What could be the one thing that breaches the door? 31
Why IEEE? The IEEE was part of blockchain from the beginning! In Satoshi Nakamoto s famous paper {that set Bitcoin in motion} he references the Merkle Tree, which was a paper originally presented by R.C. Merkle, "Protocols for Public Key Cryptosystems," at the 1980 Symposium on Security and Privacy. IEEE Computer Society, In. Proc. pages 122-133, April 1980. Bitcoin: A Peer-to-Peer Electronic Cash System https://bitcoin.org/bitcoin.pdf 32
Initiatives State of Blockchain Adoption in Pharma Supply Chain Research Study Oct 2017 https://blockchain.ieee.org/events/2017-sba-psc/ Digital Inclusion through Trust & Agency Trust Agency Industry Connections Program http://standards.ieee.org/develop/indconn/digital_inclusion/index.html Supply Chain/Clinical Trials Technology Implementations Industry Connections Program - NEW IEEE P2418 - Standard for the Framework of Blockchain Use in Internet of Things (IoT) https://standards.ieee.org/develop/project/2418.html Blockchain.ieee.org Blockchain Special Interest Group (SIG) 33
Representation of Blockchain Companies in IEEE incubator Programs ¾ Healthcare GEM.co Youbase.io HealthLinkages.com IBM ¾ Pharmaceutical Supply Chain isolve/blockrx Initiative www.blockrx.com The LinkLab www.thelinklab.com ¾ Clinical Trials and Blockchain ClinicalBlockchain.com 34
Interested in Participating ¾ Visit our website http://blockchain.ieee.org ¾ Join us on slack https://blockchain-ieee.slack.com ¾ Connect with me M.Palombini@ieee.org Linkedin.com/in/mpalombini @DisruptiveRx