Page 344 - Special Topic Session (STS) - Volume 4
P. 344
STS1080 Asma A. et al.
According to a panel of experts at the digital health conference in 2011,
Electronic medical records (EHRs) are valued at $50 at the black market which
is extremely high in comparison to $0.25 for a credit card number (Adefala,
2018). One incident occurred at Howard University Hospital in 2012, where the
medical technician released the patients’ names, addresses and Medicare
numbers to black market, solely for financial gains. Other attack on healthcare
industry is the CEO Phishing attacks, where the hacker masquerades as an
authority to induce individuals to reveal personal data. These attacks have high
risks as the reveal data can include patients’ information, or employees’
distinct details including social security number, addresses, salaries etc. One
example of CEO Phishing attack is the attack on Magnolia Health Corporation
(MHC), where the hacker was successful to obtain substantial information
about its employees using a spoofed email from its CEO. Other recent attack
incidents include the ransomware attack on National Health Service (NHS) in
2017, where, the hackers used malware to encrypt NHS files. In order to access
the data, the hackers demand a ransomware of about 300$ in the form of
bitcoins (Gayle, 2017). Further, these attacks result in the cancellation of over
6,900 NHS appointments.
1.2. Related work
In order to secure data and prevent attacks, various solutions are proposed
to tackle such scenarios. We categorize these solutions into two major
categories: (1) Cloud-based solutions, and (2) Blockchain-based solutions.
Indeed, various cloud applications have been explored within healthcare
industry specifically for managing EHRs and patient’s information. Clouds can
minimize the cost subsequently, thus motivating to improve different
healthcare services. For instance, prescription expenses can be reduced by
80% while utilizing cloud-based services (Omar Alia, 2018). Due to centralized
and ubiquitous nature of the clouds, it provides a fantastic opportunity to
access data (patient or employee) at any time from any place. One such cloud-
based system is proposed by Dhatri, which allowed physicians to access
patients medical data at any given time (Vassiliki Koufi, 2010). On the other
hand, blockchain is in its early stage of development, and there are few use-
cases in healthcare industry. For example, applications such as BitHealth and
MedRec, which are designed to support healthcare applications. BitHealth
uses bitcoin for storing and securing healthcare data and focuses on privacy.
Bitcoin is used for payments and for insurance companies to retrieve medical
history. However, it uses proof of work algorithm and depending on the size
of the blockchain it will be slow and energy inefficient. The other use-case,
MedRed, is an EHR management system created by MIT which focuses on
improving tracking of these records. Patients also have some degree of control
with their information and permissions are given to the patients, so they can
decide whether to share data with professionals. MedRed is based on
333 | I S I W S C 2 0 1 9