Security challenges in healthcare

One of the primary foundations of healthcare is the famed doctor-patient confidentiality. No medical service can be provided without this tenet being followed, and that places great emphasis on how sensitively an individual views their medical records.

Over the past decade, the healthcare sector has seen many advancements, like telehealth, COVID19 tracking and electronic health records. Yet, all these cutting-edge digital technologies have ended up expanding the potential attack surfaces for attackers to steal sensitive data, and that puts at risk the very sanctity of the confidentiality agreement.

For the 13th consecutive year, the healthcare industry maintained its position as the most expensive sector when it comes to data breaches in IBM’s 2023 Cost of Data Breach Report. The average healthcare data breach costs $10.93 million, more than twice the average cost of all breaches. Clearly, the added sensitivity of medical records compared to other personal data results in attackers demanding higher amounts than usual. 

The sector has seen some of the biggest ever data breaches, from the Anthem data breach in 2015 that compromised health records of over 80 million individuals to the recent Change Healthcare breach which saw records of a third of all Americans released on the dark web. In such circumstances, it’s no surprise that according to the HIPAA Journal, an overwhelming 95% of patients worry about potential theft or online leaks of their sensitive health data.

It doesn’t help that a majority of patient records are still stored in hospital operations & management IT systems, a coveted target for vulnerability-seeking attackers. This has serious ramifications – the breaches don’t just affect your bottom line. They also compromise patient privacy, jeopardize medical treatments and prove to be detrimental to patients’ financial well-being & safety.

The role of blockchain and biometrics in enhancing security

The breaches mentioned above either involve stolen credentials and centralized database vulnerabilities – two of the biggest, most targeted vectors in the healthcare field. Any kind of solution to transform healthcare security must first resolve these two issues. BlockID, a solution from the iValue-1Kosmos partnership, tackles these two pain points using two transformative concepts – biometrics & blockchain.

Biometrics solves the issue of stolen credentials by replacing outdated and increasingly vulnerable usernames and passwords with a verified identity. Using live biometrics for verification and matching them with government certified credentials like AADHAAR ensures users are who they say they are. Moreover, they provide far greater speed of authentication than other methods, and that can be critical in a high-pressure sector like healthcare where every second counts. 

Blockchain, on the other hand, solves the issue of centralized database vulnerabilities using the revolutionary concept of decentralization. Rather than keeping all those sensitive records in one potentially vulnerable place, decentralization disperses all the data throughout the blockchain and ensures no single point of failure. Integrity of the records is maintained through the property of immutable records, and automated compliance to regulations like HIPAA are maintained through smart contracts,

1Kosmos healthcare solutions combine the two through BlockID, a healthcare security blockchain biometrics solution. Using a private blockchain with distributed ledgers, BlockId encrypts digital identities in Secure Enclaves that are only accessible through advanced FIDO2 biometric verification. 

With this, patient data security for your organization is at the optimal level, dramatically reducing the attack vectors for a breach. But the beauty of these technologies is that they don’t just provide better security – they provide better overall care, and that can truly transform this sector. 

At the intersection of our blockchain and biometrics-based solution is something called a digital identity. This is an electronic, portable representation of someone’s real world identity, and will consist of data like identity information (name, DOB) as well as sensitive personal information (medical records, insurance coverage and financial history). In our solution, this digital identity and all the data that comes with it is stored in a digital wallet completely under the owner’s control.

Traditional processes in healthcare have left sensitive records scattered across many, many different providers. If implemented correctly, digital wallets have the ability to empower patients and completely transform the healthcare sector:

• It gives patients more control over their health data. They will have the ability to choose what information to share to which provider. For example, your primary health provider should get access to your full medical data, but it may not be necessary for secondary or one-time providers.
• It makes it easier for providers to access relevant records, and as such, gives them the capacity to provide better care. Medical errors cost healthcare systems billions of dollars every year, and a major contributing factor is the difficulty in accessing complete & accurate patient records. That changes with the emergence of the digital wallet, which leads to easy access, less mistakes and everyone working in sync with up-to-date information.
• It helps eradicate all kinds of frauds, whether it’s people using fake identities to receive free healthcare or practicians abusing their power. Verification using live biometrics ensures prime levels of authentication accuracy.

Digital wallets can transform user experiences for both patients and practitioners. Another such medical advancement in the recent past is e-prescriptions, which is enforced in the US through a DEA-enabled regulation called electronic prescribing for controlled substances (EPCS). This was introduced to ensure prescriptions were securely transmitted from clinicians to pharmacies without any risk of forgery or alteration. To uphold this, the DEA mandates that anyone who e-prescribes a controlled substance must be identity proofed using NIST compliance, specifically called IAL2 verification.

Recently, a healthcare technology organization came to 1Kosmos with a mandate to replace their legacy approach to identity proofing (which was costing them $35 per manual verification) to an online, automated user workflow that delivered an IAL2 verification with every single practitioner authentication.

Here were all the ways 1Kosmos transformed this organization’s processes:

• Digital identity proofing: We transformed their physical legacy systems by replacing it with BlockID’s digital identity onboarding & verification solution, which is certified against NIST 800-63-3 and UK DIATF standards.
• Complete IAL2 verification support: DEA regulations demand that the user’s IAL2 context has to be validated with every authentication request. This was done swiftly using live biometrics as the backbone of authentication.
• Improved User Experience: They asked us not to make the user experience any worse. In fact, we made it significantly better and in turn increased productivity significantly for the end users. We also made it quicker by eliminating the legacy 2FA solution.
• Ability to handle large volumes of authentication: They needed a solution to manage upto 10 million authentications a year. Our scalable infrastructure easily handled these requirements. 

This solution led to proofing cost savings of $1.25 million per year for the organization. Therefore, our solution doesn’t just fortify your patient data security – it also has the capacity to transform your entire organization for the better.

Click here to learn how 1Kosmos can secure your healthcare systems with advanced technology.