Security Model for Blockchain-Based Shared Electronic Health Records
Blockchain has emerged as one of the leading solutions in the information technology sector’s privacy and security domains (Badr, Gomaa, and Abd-Elrahman 159). Due to the level of confidentiality required in electronic health records (EHR) shared between health care facilities, most organizations are opting for Blockchain solutions. The security concerns raised by this new technology have, however, received little consideration in light of the lofty promises provided Blockchain security models. In this paper, we discuss the latest security vulnerabilities discovered in the Blockchain technologies, and some solutions proposed. This paper analyzes these security vulnerabilities concerning their impact on shared EHRs and their efficacy.
Blockchain Application in Shared EHRs
The concept of Blockchain relies on a distributed database that contains a record of all transactions conducted by the members, and these transactions need the approval and consensus of a majority (Efanov and Roschin 116). Electronic health records utilized by most organizations often have incomplete segments of medical data for clients, and each organization relies on the available files in the treatment of these patients. Healthcare is one of the most data-intensive industries in the world, with humongous volumes of information captured each day in all departments (Esposito et al. 31). As a result of the necessity to share patient medical records, organizations and governments in most states in the US are creating shared EHRs. Previous EHR systems provided fragmented data due to their isolated nature, while healthcare advancements required cohesive medical records (Ekblaw et al. 2). The shared electronic health records help in consolidating patient medical records and centralizing the information for easier access. These records can, therefore, circulate between stakeholders, clients, insurance providers, researchers, and any other entity with enough authorization.
Although the Blockchain technology initially developed as a solution to manage financial ledgers, it can also extend to provide generalized solutions for decentralized computing resources (Ekblaw et al. 3). Each computing resource in the chain is a single state machine that can transition between states and requires a majority consensus to authorize each transition. Each authorized transaction is secured cryptographically to ensure the confidentiality and integrity of the information stored in the database (Ekblaw et al. 3). EHRs contain sensitive information concerning patient diagnoses, treatments, health monitoring situations, among other confidential detains concerning the patients’ health care. Security is, therefore, of the utmost importance in systems that store and distribute this information to various stakeholders and the responsible healthcare provider (Esposito et al. 32). Loss of critical patient data is a significant concern in shared EHR systems since this would compromise the integrity of the information provided, leading to disastrous consequences. Attacks by malicious entities have also been recorded in EHR systems already in use. Since Blockchain eliminates the need for a centralized administrator or server, this paper will discuss the security concerns raised by this revolutionary technology.
Security Concerns and Proposed Solutions
The most significant security concerns in Blockchain-based shared EHRs involve the confidentiality and integrity of data stored in the distributed database. These concerns include authorization concerns, cryptographic key thefts, and private key management concerns, and trust concerns. The authenticity of the data stored in the medical records needs to be verified and, therefore, a Blockchain-based medical records management system needs mechanisms to authorize members (Dubovitskaya et al. 653). Considering that Blockchain is decentralized, traceability solutions and logging systems help in this task, although breaches in this trust can prove very cumbersome to handle and standardize the records. Most researchers fail to investigate scenarios where the technology may open up a security vulnerability in the system leading to a vast void in the understanding of Blockchain security risks.
Most proposed and implemented EHR systems that rely on Blockchain for sharing of information apply multiple authority attribute-based signature methods (Guo et al. 11680). These methods provide anonymous but secure authentication and authorization claims to parties making changes to blocks of information in the database. A party making changes to a patient’s record may acquire authorization claims that give her the authentication required to make these changes from different independent authorities guaranteeing her authenticity (Guo et al. 11680). Corruption in one signature authority may not impede the claims from the other authorities from holding during the process. This process provides a standard privacy-preserving model for patient information sharing, where authorization requires multiple signature authorities providing a guarantee of claims and entities making transactions are trusted based on these guarantees (Guo et al. 11680). Breaches of trust in these authorities only affect claims that they have guaranteed, while information guaranteed by other authorities remains valid. This method ensures the integrity of data stored in the records while protecting the confidentiality of the patient information.
Technical Security Challenges
Blockchain has also identified some technical vulnerabilities unique to its architecture that requires critical evaluation. The 51% attack is unique to the technology and occurs when one node acquires control of over 51% of the processing power in the Blockchain (Zhao et al. 3). This situation would grant the node enough privilege to modify the Blockchain data with impunity, making the chain useless in its primary security mandate. This technology is also vulnerable to Denial of Service attacks, in addition to the 51% attack. The FDA has been looking at some solutions to these vulnerabilities before endorsing the technology in the healthcare sector. Although a 51% attack had not occurred since 2009, when the genesis block was added (Xu 5), smaller Blockchain technologies that lack mechanisms to prevent this threat are still vulnerable. Shared EHR systems utilizing the Blockchain technology should provide a mechanism to ensure that a single node may not acquire enough processing power to supersede all other nodes. This policy will ensure that a single node may not obtain super-administrator privileges in a system meant to be decentralized and self-authorizing.
Identity theft is a critical vulnerability in Blockchain technologies (Xu, 6). The security of assets in the Blockchain requires the safeguarding of a private key, which is a digital identifier for the user. This requirement places the responsibility for the security of this key to the user. Any physical breach that leads to the theft of the key exposes the user critically. No third party can recover a lost private key (Xu 6) since there does not exist a central repository for managing private keys in a decentralized system. The centralization of such information would create a security bottleneck where a malicious user can compromise the entire system in one swoop. Theft of this kind is also tough to trace in the Blockchain system since the thief meets all authorization requirements before the assets disappear without a trace (Xu 6). Blockchain technology also relies on the difficulty in cracking cryptographically secured assets, but the advent of quantum computing may change all that (Xu 6). The organizations considering employing the technology in the management of shared medical records need to consider these challenges and innovate solutions to increase the security offered by cryptography. They should also provide regulations and policies to govern the physical safety of private keys and their distribution, and standardize the programming methodologies used to prevent hacking scenarios.
Conclusion
Electronic health records stored by most health organizations in the modern world are fragmented and non-cohesive due to the variety in technologies used to store these records. Blockchain technology has emerged as a solution to the necessity for the sharing of medical information. This technology offers a decentralized database to store data and a consensus-based authorization system for the modification of these records. The security benefits provided by the technology outweigh those of the traditional methods, making the technology one of the most advocated to replace these old systems. This paper has discussed some of the security vulnerabilities created by the adoption of the Blockchain technology, including the 51% attack and other security breaches that may affect the integrity of the data stored. Some solutions have been recommended for these vulnerabilities, although researchers have noted that the advent of quantum computing may invalidate the security advantages offered by cryptographic methods extensively utilized in the Blockchain technology. Further research will help to overcome the shortcoming of the technology, including the standardization of programming paradigms and innovation of cryptography alternatives in preparation for quantum computing.
Works Cited