Share this post:
This weekend saw a large scale ‘ransomware’ attack. It affected among other institutions, the National Health Service in the UK. Patient treatment was delayed and new born babies had to stay at hospitals a little longer than they should, because their identity couldn’t be registered. This made me wonder if health records stored in blockchain could have helped prevent ransomware attacks.
I’d been slow to take an interest in blockchain or Bitcoin technology. I have never really been interested in cyber finance, or cyber security (much to the horror of many of my more informed software development colleagues) until I started work on a blockchain project last month.
However, when I started learning more about it, I came to see that blockchain is a shift in thinking about the ‘value’ of data, and human interaction, as much as it is about technology.
Peer to peer exchange of ‘value’
Security is just one aspect of blockchain. The big shift with this technology to me is in ‘reframing’ much of our current use of software into decentralized, encrypted transactions of value. Not just obvious or classic financial transactions, but even little human interaction ‘contracts’ … things as simple ( or as complicated! ) as participating in a coffee pool at work … for example.
Further to formalizing human interactions, the transaction history of the ledger itself is a goldmine for fueling behavioural insight in the future, across the board.
Although I’ve only scratched the surface in my understanding of blockchain technologies, I’ve found myself recognizing opportunity, after opportunity for blockchain concepts to dramatically improve how we work with data, and transactions today.
But I’m probably getting carried away from where we are right now.
Blockchain to prevent ransomware attacks
As I stated at the beginning of this post, the attacks over the weekend got me to thinking. Several factors contributed to the attack – business/IT models, legacy systems, leaked vulnerabilities.
Could blockchain possibly protect against future ransomware attacks?
After all, healthcare decisions and treatments are, at some level, a peer to peer transaction of value. Health records are one of the areas being seriously considered for blockchain.
For one thing, blockchain solutions are decentralized – which means that there wouldn’t be a single copy of the data that could be held to ransom. Data could be safely accessed from a range of privileged clients.
For another, blockchain is immutable. When data has been written to a blockchain no one, not even a system administrator, can change it. This provides benefits for audit.
As a provider of data you can prove that your data hasn’t been altered, and as a recipient of data you can be sure that the data hasn’t been altered.
Trust in blockchain fabric
Blockchain uses sequential hashing – the data content of transactions in a block has a mathematical function performed on it, to generate a unique ‘fingerprint’ ( hash ). The blocks of transactions are linked by the hashes to create a unique history that tests and secures the integrity of the chain every 10 minutes.
Along with data encryption, it makes it almost impossible for someone to unilaterally alter data on the ledger without it being immediately noticed.
Organizations handling sensitive information can trust the integrity of data.
Only those with permission to see any aspect of it can see that data.
Integrated systems of trust
If we go further, we can seal the data within the blockchain transaction fabric with very trusted sources of input ( for example with smart devices, biometrics, or location awareness ). We might end up with a system that is harder to hack, and more reliable to trust than many that we’ve seen historically.
There are some obvious social and ethical questions around that too, that are beyond this post, around the management and trust of personal information. Yet we’re already storing patient data ( in ways that are evidently vulnerable ) and digital mistakes can happen even when there isn’t a cyber attack.
Human data through a different lens
The irony for me is that these cyber blackmailers are holding data to ransom, and receiving payment in bitcoins – built on blockchain technology. It feels to me like they’re exploiting the flaws of past networks while benefiting from the strength of future ones.
Working with and studying blockchain technology sort of makes me consider our human transactions and data through a ‘value’ lens. So this recent attack made me ask more questions. At the end of the day, a blackmailer typically holds something to ransom only if it is valuable. It will be interesting to see how protection of health data evolves in light of these attacks.
For more insight on the attack …
[ Caleb Barlow, Vice President of Threat Intelligence at IBM Security, and Kevin Albano, IBM X-Force IRIS Global Lead for Threat Intelligence, share their insights on the emerging situation and offered recommendations for organizations that may be impacted ]