Security

Blockchain security should include protecting the confidentiality, integrity, and availability of sensitive data and systems. For effective overall security of the blockchain network, it is important to secure the blockchain, each of the blockchain nodes, and the healthcare organizations and enterprise systems that are connecting to the blockchain. [1]

Confidentiality

Protecting the confidentiality of data on the blockchain requires ensuring only authorized access to data in shared ledgers, the validity and consistency of which are maintained by blockchain nodes using several mechanisms, including consensus mechanisms. Healthcare organizations are using a multi-layered approach to achieve this through the use of private blockchains, where all of the healthcare organizations connecting to the blockchain are well known and trusted. Permissioning may also be used to restrict the privileges of each healthcare organization on the blockchain network to only what is required to fulfill their role in the network. Data on the blockchain may be encrypted to further protect its confidentiality and ensure only authorized access.

Different distributed ledger technology (DLT) platforms employ various additional strategies to achieve confidentiality. For example, Hyperledger Fabric deploys a channel architecture, Quorum leverages a constellation network, and Corda uses notary services. An organization’s strategy to maintain confidentiality is critical in the implementation process.

Integrity

Blockchain provides strong protection for the integrity of data with chained hash codes that enforce immutability. Any invalid modification or deletion of blockchain data is easily detectable and does not propagate across the blockchain network, making blocks of data already committed to the blockchain effectively immutable, and protecting associated data from an integrity standpoint.

Availability

Availability of the overall blockchain is enhanced through the decentralization of the blockchain network such that if one or more blockchain nodes fails, the overall blockchain network lives on, and when the nodes recover, they “catch up” to ensure the consistency and validity of their shared ledgers.

However, blockchain technology does not protect the availability of each individual blockchain node. As a healthcare organization grows to depend on blockchain for mission critical services, it is important that the access of that organization to the blockchain network is protected. This is the responsibility of the healthcare organization in deploying their blockchain node(s). As similarly deployed in non-blockchain systems, blockchain nodes can be protected with redundancy across availability zones, load balancing and automated failover, backup and restore, business continuity and disaster recovery, and several other safeguards. [2]

 

For further questions or content suggestions, please email blockchain@himss.org