The hacker collective known as the Dark Overlord first surfaced in June 2016, when it advertised more than 600,000 patient files from three U.S. healthcare organizations for sale on the dark web. The group, which also attempted to extort ransom from its victims, soon offered another 9 million records pilfered from health insurance companies and provider networks across the country.
Since 2009, federal regulators have counted nearly 5,000 major data breaches in the United States alone, affecting some 260 million individuals.
Last October, apparently seeking publicity as well as cash, the hackers stole a trove of potentially scandalous data from a celebrity plastic surgery clinic in London—including photos of in-progress genitalia- and breast-enhancement surgeries. "We have TBs [terabytes] of this shit. Databases, names, everything," a gang representative told a reporter. "There are some royal families in here."
Bandits like these are prowling healthcare's digital highways in growing numbers. Since 2009, federal regulators have counted nearly 5,000 major data breaches in the United States alone, affecting some 260 million individuals. Although hacker incidents represent less than 20 percent of the total breaches, they account for almost 80 percent of the affected patients. Such attacks expose patients to potential blackmail or identity theft, enable criminals to commit medical fraud or file false tax returns, and may even allow hostile state actors to sabotage electric grids or other infrastructure by e-mailing employees malware disguised as medical notices. According to the consulting agency Accenture, data theft will cost the healthcare industry $305 billion between 2015 and 2019, with annual totals doubling from $40 billion to $80 billion.
Blockchain could put patients in control of their own data, empowering them to access, share, and even sell their medical information as they see fit.
One possible solution to this crisis involves radically retooling the way healthcare data is stored and shared—by using blockchain, the still-emerging information technology that underlies cryptocurrencies such as Bitcoin. And blockchain-enabled IT systems, boosters say, could do much more than prevent the theft of medical data. Such networks could revolutionize healthcare delivery on many levels, creating efficiencies that would reduce medical errors, improve coordination between providers, drive down costs, and give researchers unprecedented insights into patterns of disease. Perhaps most transformative, blockchain could put patients in control of their own data, empowering them to access, share, and even sell their medical information as they see fit. Widespread adoption could result in "a new kind of healthcare economy, in which data and services are quantifiable and exchangeable, with strong guarantees around both the security and privacy of sensitive information," wrote W. Brian Smith, chief scientist of healthcare-blockchain startup PokitDok, in a recent white paper.
Around the world, entrepreneurs, corporations, and government agencies are hopping aboard the blockchain train. A survey by the IBM Institute for Business Value, released in late 2016, found that 16 percent of healthcare executives in 16 countries planned to begin implementing some form of the technology in the coming year; 90 percent planned to launch a pilot program in the next two years. In 2017, Estonia became the first country to switch its medical-records system to a blockchain-based framework. Great Britain and Dubai are exploring a similar move. Yet in countries with more fragmented health systems, most notably the U.S., the challenges remain formidable. Some of the most advanced healthcare applications envisioned for blockchain, moreover, raise technological and ethical questions whose answers may not arrive anytime soon.
By creating a detailed, comprehensive, and immutable timeline of medical transactions, blockchain-based recordkeeping could help providers gauge a patient's long-term health patterns in a way that's never before been possible.
What Exactly Is Blockchain, Anyway?
To understand the buzz around blockchain, it's necessary to grasp (at least loosely) how the technology works. Ordinary digital recordkeeping systems rely on a central administrator that acts as gatekeeper to a treasury of data; if you can sneak past the guard, you can often gain access to the entire hoard, and your intrusion may go undetected indefinitely. Blockchain, by contrast, employs a network of synchronized, replicated databases. Information is scattered among these nodes, rather than on a single server, and is exchanged through encrypted, peer-to-peer pathways. Each transaction is visible to every computer on the network, and must be approved by a majority in order to be successfully completed. Each batch of transactions, or "block," is date- and time-stamped, marked with the user's identity, and given a cryptographic code, which is posted to every node. These blocks form a "chain," preserved in an electronic ledger, that can be read by all users but can't be edited. Any unauthorized access, or attempt at tampering, can be quickly neutralized by these overlapping safeguards. Even if a hacker managed to break into the system, penetrating deeply would be extraordinarily difficult.
Because blockchain technology shares transaction records throughout a network, it could eliminate communication bottlenecks between different components of the healthcare system (primary care physicians, specialists, nurses, and so on). And because blockchain-based systems are designed to incorporate programs known as "smart contracts," which automate functions previously requiring human intervention, they could reduce dangerous slipups as well as tedious and costly paperwork. For example, when a patient gets a checkup, sees a specialist, and fills a prescription, all these actions could be automatically recorded on his or her electronic health record (EHR), checked for errors, submitted for billing, and entered on insurance claims—which could be adjudicated and reimbursed automatically as well. "Blockchain has the potential to remove a lot of intermediaries from existing workflows, whether digital or nondigital," says Kamaljit Behera, an industry analyst for the consulting firm Frost & Sullivan.
The possible upsides don't end there. By creating a detailed, comprehensive, and immutable timeline of medical transactions, blockchain-based recordkeeping could help providers gauge a patient's long-term health patterns in a way that's never before been possible. In addition to data entered by their caregivers, individuals could use app-based technologies or wearables to transmit other information to their records, such as diet, exercise, and sleep patterns, adding new depth to their medical portraits.
Many experts expect healthcare blockchain to take root more slowly in the U.S. than in nations with government-run national health services.
Smart contracts could also allow patients to specify who has access to their data. "If you get an MRI and want your orthopedist to see it, you can add him to your network instead of carrying a CD into his office," explains Andrew Lippman, associate director of the MIT Media Lab, who helped create a prototype healthcare blockchain system called MedRec that's currently being tested at Beth Israel Deaconess Hospital in Boston. "Or you might make a smart contract to allow your son or daughter to access your healthcare records if something happens to you." Another option: permitting researchers to analyze your data for scientific purposes, whether anonymously or with your name attached.
The Recent History, and Looking Ahead
Over the past two years, a crowd of startups has begun vying for a piece of the emerging healthcare blockchain market. Some, like PokitDok and Atlanta-based Patientory, plan to mint proprietary cryptocurrencies, which investors can buy in lieu of stock, medical providers may earn as a reward for achieving better outcomes, and patients might score for meeting wellness goals or participating in clinical trials. (Patientory's initial coin offering, or ICO, raised more than $7 million in three days.) Several fledgling healthcare-blockchain companies have found powerful corporate partners: Intel for Silicon Valley's PokitDok, Kaiser Permanente for Patientory, Philips for Los Angeles-based Gem Health. At least one established provider network, Change Healthcare, is developing blockchain-based systems of its own. Two months ago, Change launched what it calls the first "enterprise-scale" blockchain network in U.S. healthcare—a system to track insurance claim submissions and remittances.
No one, however, has set a roll-out date for a full-blown, blockchain-based EHR system in this country. "We have yet to see anything move from the pilot phase to some kind of production status," says Debbie Bucci, an IT architect in the federal government's Office of the National Coordinator for Health Information Technology. Indeed, many experts expect healthcare blockchain to take root more slowly here than in nations with government-run national health services. In America, a typical patient may have dealings with a family doctor who keeps everything on paper, an assortment of hospitals that use different EHR systems, and an insurer whose system for processing claims is separate from that of the healthcare providers. To help bridge these gaps, a consortium called the Hyperledger Healthcare Working Group (which includes many of the leading players in the field) is developing standard protocols for blockchain interoperability and other functions. Adding to the complexity is the federal Health Insurance and Portability Act (HIPAA), which governs who can access patient data and under what circumstances. "Healthcare blockchain is in a very nascent stage," says Behera. "Coming up with regulations and other guidelines, and achieving large-scale implementation, will take some time."
The ethical implications of buying and selling personal genomic data in an electronic marketplace are doubtless open to debate.
How long? Behera, like other analysts, estimates that relatively simple applications, such as revenue-cycle management systems, could become commonplace in the next five years. More ambitious efforts might reach fruition in a decade or so. But once the infrastructure for healthcare blockchain is fully established, its uses could go far beyond keeping better EHRs.
A handful of scientists and entrepreneurs are already working to develop one visionary application: managing genomic data. Last month, Harvard University geneticist George Church—one of the most influential figures in his discipline—launched a business called Nebula Genomics. It aims to set up an exchange in which individuals can use "Neptune tokens" to purchase DNA sequencing, which will be stored in the company's blockchain-based system; research groups will be able to pay clients for their data using the same cryptocurrency. Luna DNA, founded by a team of biotech veterans in San Diego, plans a similar service, as does a Moscow-based startup called the Zenome Project.
Hossein Rahnama, CEO of the mobile-tech company Flybits and director of research at the Ryerson Centre for Cloud and Context-Aware Computing in Toronto, envisions a more personalized way of sharing genomic data via blockchain. His firm is working with a U.S. insurance company to develop a service that would allow clients in their 20s and 30s to connect with people in their 70s or 80s with similar genomes. The young clients would learn how the elders' lifestyle choices had influenced their health, so that they could modify their own habits accordingly. "It's intergenerational wisdom-sharing," explains Rahnama, who is 38. "I would actually pay to be a part of that network."
The ethical implications of buying and selling personal genomic data in an electronic marketplace are doubtless open to debate. Such commerce could greatly expand the pool of subjects for research in many areas of medicine, enabling the kinds of breakthroughs that only Big Data can provide. Yet it could also lead millions to surrender the most private information of all—the secrets of their cells—to buyers with less benign intentions. The Dark Overlord, one might argue, could not hope for a more satisfying victory.
These scenarios, however, are pure conjecture. After the first web page was posted, in 1991, Lippman observes, "a whole universe developed that you couldn't have imagined on Day 1." The same, he adds, is likely true for healthcare blockchain. "Our vision is to make medical records useful for you and for society, and to give you more control over your own identity. Time will tell."
Jessica Ware is obsessed with bugs.
My guest today is a leading researcher on insects, the president of the Entomological Society of America and a curator at the American Museum of Natural History. Learn more about her here.
You may not think that insects and human health go hand-in-hand, but as Jessica makes clear, they’re closely related. A lot of people care about their health, and the health of other creatures on the planet, and the health of the planet itself, but researchers like Jessica are studying another thing we should be focusing on even more: how these seemingly separate areas are deeply entwined. (This is the theme of an upcoming event hosted by Leaps.org and the Aspen Institute.)
Listen to the Episode
Entomologist Jessica Ware
D. Finnin / AMNH
Maybe it feels like a core human instinct to demonize bugs as gross. We seem to try to eradicate them in every way possible, whether that’s with poison, or getting out our blood thirst by stomping them whenever they creep and crawl into sight.
But where did our fear of bugs really come from? Jessica makes a compelling case that a lot of it is cultural, rather than in-born, and we should be following the lead of other cultures that have learned to live with and appreciate bugs.
The truth is that a healthy planet depends on insects. You may feel stung by that news if you hate bugs. Reality bites.
Jessica and I talk about whether learning to live with insects should include eating them and gene editing them so they don’t transmit viruses. She also tells me about her important research into using genomic tools to track bugs in the wild to figure out why and how we’ve lost 50 percent of the insect population since 1970 according to some estimates – bad news because the ecosystems that make up the planet heavily depend on insects. Jessica is leading the way to better understand what’s causing these declines in order to start reversing these trends to save the insects and to save ourselves.
The first thing Jeroen Perk saw after he partially regained his sight nearly a decade ago was the outline of his guide dog Pedro.
“There was a white floor, and the dog was black,” recalls Perk, a 43-year-old investigator for the Dutch customs service. “I was crying. It was a very nice moment.”
Perk was diagnosed with retinitis pigmentosa as a child and had been blind since early adulthood. He has been able to use the implant placed into his retina in 2013 to help identify street crossings, and even ski and pursue archery. A video posted by the company that designed and manufactured the device indicates he’s a good shot.
Less black-and-white has been the journey Perk and others have been on after they were implanted with the Argus II, a second-generation device created by a Los Angeles-based company called Second Sight Medical Devices.
The Argus II uses the implant and a video camera embedded in a special pair of glasses to provide limited vision to those with retinitis pigmentosa, a genetic disease that causes cells in the retina to deteriorate. The camera feeds information to the implant, which sends electrical impulses into the retina to recapitulate what the camera sees. The impulses appear in the Argus II as a 60-pixel grid of blacks, grays and whites in the user’s eye that can render rough outlines of objects and their motion.
Smartphone and computer manufacturers typically stop issuing software upgrades to their devices after two or three years, eventually rendering them bricks. But is the smartphone approach acceptable for a device that helps restore the most crucial sense a human being possesses?
Ross Doerr, a retired disability rights attorney in Maine who received an Argus II in 2019, describes the field of vision as the equivalent of an index card held at arm’s length. Perk often brings objects close to his face to decipher them. Moreover, users must swivel their heads to take in visual data; moving their eyeballs does not work.
Despite its limitations, the Argus II beats the alternative. Perk no longer relies on his guide dog. Doerr was uplifted when he was able to see the outlines of Christmas trees at a holiday show.
“The fairy godmother department sort of reaches out and taps you on the shoulder once in a while,” Doerr says of his implant, which came about purely by chance. A surgeon treating his cataracts was partnered with the son of another surgeon who was implanting the devices, and he was referred.
Doerr had no reason to believe the shower of fairy dust wouldn’t continue. Second Sight held out promises that the Argus II recipients’ vision would gradually improve through upgrades to much higher pixel densities. The ability to recognize individual faces was even touted as a possibility. In the winter of 2020, Doerr was preparing to travel across the U.S. to Second Sight’s headquarters to receive an upgrade. But then COVID-19 descended, and the trip was canceled.
The pandemic also hit Second Sight’s bottom line. Doerr found out about its tribulations only from one of the company’s vision therapists, who told him the entire department was being laid off. Second Sight cut nearly 80% of its workforce in March 2020 and announced it would wind down operations.
Ross Doerr has mostly stopped using his Argus II, the result of combination of fear of losing its assistance from wear and tear and disdain for the company that brought it to market.
Second Sight’s implosion left some 350 Argus recipients in the metaphorical dark about what to do if their implants failed. Skeleton staff seem to have rarely responded to queries from their customers, at least based on the experiences of Perk and Doerr. And some recipients have unfortunately returned to the actual dark as well, as reports have surfaced of Argus II failures due to aging or worn-down parts.
Product support for complex products is remarkably uneven. Although the iconic Ford Mustang ceased production in the late 1960s, its parts market is so robust that it’s theoretically possible to assemble a new vehicle from recently crafted components. Conversely, smartphone and computer manufacturers typically stop issuing software upgrades to their devices after two or three years, eventually rendering them bricks. Consumers have accepted both extremes.
But is the smartphone approach acceptable for a device that helps restore the most crucial sense a human being possesses?
Margaret McLean, a senior fellow at the Markkula Center for Applied Ethics at Santa Clara University in California, notes companies like Second Sight have a greater obligation for product support than other consumer product ventures.
“In this particular case, you have a great deal of risk that is involved in using this device, the implant, and the after care of this device,” she says. “You cannot, like with your car, decide that ‘I don’t like my Mustang anymore,’ and go out and buy a Corvette.”
And, whether the Argus II implant works or not, its physical presence can impact critical medical decisions. Doerr’s doctor wanted him to undergo an MRI to assist in diagnosing attacks of vertigo. But the physician was concerned his implant might interfere. With the latest available manufacturer advisories on his implant nearly a decade old, the procedure was held up. Doerr spent months importuning Second Sight through phone calls, emails and Facebook postings to learn if his implant was contraindicated with MRIs, which he never received. Although the cause of his vertigo was found without an MRI, Doerr was hardly assured.
“Put that into context for a minute. I get into a serious car accident. I end up in the emergency room, and I have a tag saying I have an implanted medical device,” he says. “You can’t do an MRI until you get the proper information from the company. Who’s going to answer the phone?”
Second Sight’s management did answer the call to revamp its business. It netted nearly $78 million through a private stock placement and an initial public offering last year. At the end of 2021, Second Sight had nearly $70 million in cash on hand, according to a recent filing with the Securities and Exchange Commission.
And while the Argus II is still touted at length on Second Sight’s home page, it appears little of its corporate coffers are earmarked toward its support. These days, the company is focused on obtaining federal approvals for Orion, a new implant that would go directly into the recipient’s brain and could be used to remedy blindness from a variety of causes. It obtained a $6.4 million grant from the National Institutes of Health in May 2021 to help develop Orion.
Presented with a list of written questions by email, Second Sight’s spokesperson, Dave Gentry of the investor relations firm Red Chip Companies, copied a subordinate with an abrupt message to “please handle.” That was the only response from a company representative. A call to Second Sight acting chief executive officer Scott Dunbar went unreturned.
Whether or not the Orion succeeds remains to be seen. The company’s SEC filings suggest a viable and FDA-approved device is years away, and that operational losses are expected for the “foreseeable future.” Second Sight reported zero revenue in 2020 or 2021.
Moreover, the experiences of the Argus II recipients could color the reception of future Second Sight products. Doerr notes that his insurer paid nearly $500,000 to implant his device and for training on how to use it.
“What’s the insurance industry going to say the next time this crops up?” Doerr asks, noting that the company’s reputation is “completely shot” with the recipients of its implants.
Perk, who made speeches to praise the Argus II and is still featured in a video on the Second Sight website, says he also no longer supports the company.
Jeroen Perk, an investigator for the Dutch customs service, cried for joy after partially regaining his sight, but he no longer trusts Second Sight, the company that provided his implant.
Nevertheless, Perk remains highly reliant on the technology. When he dropped an external component of his device in late 2020 and it broke, Perk briefly debated whether to remain blind or find a way to get his Argus II working again. Three months later, he was able to revive it by crowdsourcing parts, primarily from surgeons with spare components or other Argus II recipients who no longer use their devices. Perk now has several spare parts in reserve in case of future breakdowns.
Despite the frantic efforts to retain what little sight he has, Perk has no regrets about having the device implanted. And while he no longer trusts Second Sight, he is looking forward to possibly obtaining more advanced implants from companies in the Netherlands and Australia working on their own products.
Doerr suggests that biotech firms whose implants are distributed globally be bound to some sort of international treaty requiring them to service their products in perpetuity. Such treaties are still applied to the salvage rights for ships that sunk centuries ago, he notes.
“I think that in a global tech economy, that would be a good thing,” says McLean, the fellow at Santa Clara, “but I am not optimistic about it in the near term. Business incentives push toward return on share to stockholders, not to patients and other stakeholders. We likely need to rely on some combination of corporately responsibility…and [international] government regulation. It’s tough—the Paris Climate Accord implementation at a slow walk comes to mind.”
Unlike Perk, Doerr has mostly stopped using his Argus II, the result of combination of fear of losing its assistance from wear and tear and disdain for the company that brought it to market. At 70, Doerr says he does not have the time or energy to hold the company more accountable. And with Second Sight having gone through a considerable corporate reorganization, Doerr believes a lawsuit to compel it to better serve its Argus recipients would be nothing but an extremely costly longshot.
“It’s corporate America at its best,” he observes.