The hacker collective known as the Dark Overlord first surfaced in June 2016, when it advertised more than 600,000 patient files from three U.S. healthcare organizations for sale on the dark web. The group, which also attempted to extort ransom from its victims, soon offered another 9 million records pilfered from health insurance companies and provider networks across the country.
Since 2009, federal regulators have counted nearly 5,000 major data breaches in the United States alone, affecting some 260 million individuals.
Last October, apparently seeking publicity as well as cash, the hackers stole a trove of potentially scandalous data from a celebrity plastic surgery clinic in London—including photos of in-progress genitalia- and breast-enhancement surgeries. "We have TBs [terabytes] of this shit. Databases, names, everything," a gang representative told a reporter. "There are some royal families in here."
Bandits like these are prowling healthcare's digital highways in growing numbers. Since 2009, federal regulators have counted nearly 5,000 major data breaches in the United States alone, affecting some 260 million individuals. Although hacker incidents represent less than 20 percent of the total breaches, they account for almost 80 percent of the affected patients. Such attacks expose patients to potential blackmail or identity theft, enable criminals to commit medical fraud or file false tax returns, and may even allow hostile state actors to sabotage electric grids or other infrastructure by e-mailing employees malware disguised as medical notices. According to the consulting agency Accenture, data theft will cost the healthcare industry $305 billion between 2015 and 2019, with annual totals doubling from $40 billion to $80 billion.
Blockchain could put patients in control of their own data, empowering them to access, share, and even sell their medical information as they see fit.
One possible solution to this crisis involves radically retooling the way healthcare data is stored and shared—by using blockchain, the still-emerging information technology that underlies cryptocurrencies such as Bitcoin. And blockchain-enabled IT systems, boosters say, could do much more than prevent the theft of medical data. Such networks could revolutionize healthcare delivery on many levels, creating efficiencies that would reduce medical errors, improve coordination between providers, drive down costs, and give researchers unprecedented insights into patterns of disease. Perhaps most transformative, blockchain could put patients in control of their own data, empowering them to access, share, and even sell their medical information as they see fit. Widespread adoption could result in "a new kind of healthcare economy, in which data and services are quantifiable and exchangeable, with strong guarantees around both the security and privacy of sensitive information," wrote W. Brian Smith, chief scientist of healthcare-blockchain startup PokitDok, in a recent white paper.
Around the world, entrepreneurs, corporations, and government agencies are hopping aboard the blockchain train. A survey by the IBM Institute for Business Value, released in late 2016, found that 16 percent of healthcare executives in 16 countries planned to begin implementing some form of the technology in the coming year; 90 percent planned to launch a pilot program in the next two years. In 2017, Estonia became the first country to switch its medical-records system to a blockchain-based framework. Great Britain and Dubai are exploring a similar move. Yet in countries with more fragmented health systems, most notably the U.S., the challenges remain formidable. Some of the most advanced healthcare applications envisioned for blockchain, moreover, raise technological and ethical questions whose answers may not arrive anytime soon.
By creating a detailed, comprehensive, and immutable timeline of medical transactions, blockchain-based recordkeeping could help providers gauge a patient's long-term health patterns in a way that's never before been possible.
What Exactly Is Blockchain, Anyway?
To understand the buzz around blockchain, it's necessary to grasp (at least loosely) how the technology works. Ordinary digital recordkeeping systems rely on a central administrator that acts as gatekeeper to a treasury of data; if you can sneak past the guard, you can often gain access to the entire hoard, and your intrusion may go undetected indefinitely. Blockchain, by contrast, employs a network of synchronized, replicated databases. Information is scattered among these nodes, rather than on a single server, and is exchanged through encrypted, peer-to-peer pathways. Each transaction is visible to every computer on the network, and must be approved by a majority in order to be successfully completed. Each batch of transactions, or "block," is date- and time-stamped, marked with the user's identity, and given a cryptographic code, which is posted to every node. These blocks form a "chain," preserved in an electronic ledger, that can be read by all users but can't be edited. Any unauthorized access, or attempt at tampering, can be quickly neutralized by these overlapping safeguards. Even if a hacker managed to break into the system, penetrating deeply would be extraordinarily difficult.
Because blockchain technology shares transaction records throughout a network, it could eliminate communication bottlenecks between different components of the healthcare system (primary care physicians, specialists, nurses, and so on). And because blockchain-based systems are designed to incorporate programs known as "smart contracts," which automate functions previously requiring human intervention, they could reduce dangerous slipups as well as tedious and costly paperwork. For example, when a patient gets a checkup, sees a specialist, and fills a prescription, all these actions could be automatically recorded on his or her electronic health record (EHR), checked for errors, submitted for billing, and entered on insurance claims—which could be adjudicated and reimbursed automatically as well. "Blockchain has the potential to remove a lot of intermediaries from existing workflows, whether digital or nondigital," says Kamaljit Behera, an industry analyst for the consulting firm Frost & Sullivan.
The possible upsides don't end there. By creating a detailed, comprehensive, and immutable timeline of medical transactions, blockchain-based recordkeeping could help providers gauge a patient's long-term health patterns in a way that's never before been possible. In addition to data entered by their caregivers, individuals could use app-based technologies or wearables to transmit other information to their records, such as diet, exercise, and sleep patterns, adding new depth to their medical portraits.
Many experts expect healthcare blockchain to take root more slowly in the U.S. than in nations with government-run national health services.
Smart contracts could also allow patients to specify who has access to their data. "If you get an MRI and want your orthopedist to see it, you can add him to your network instead of carrying a CD into his office," explains Andrew Lippman, associate director of the MIT Media Lab, who helped create a prototype healthcare blockchain system called MedRec that's currently being tested at Beth Israel Deaconess Hospital in Boston. "Or you might make a smart contract to allow your son or daughter to access your healthcare records if something happens to you." Another option: permitting researchers to analyze your data for scientific purposes, whether anonymously or with your name attached.
The Recent History, and Looking Ahead
Over the past two years, a crowd of startups has begun vying for a piece of the emerging healthcare blockchain market. Some, like PokitDok and Atlanta-based Patientory, plan to mint proprietary cryptocurrencies, which investors can buy in lieu of stock, medical providers may earn as a reward for achieving better outcomes, and patients might score for meeting wellness goals or participating in clinical trials. (Patientory's initial coin offering, or ICO, raised more than $7 million in three days.) Several fledgling healthcare-blockchain companies have found powerful corporate partners: Intel for Silicon Valley's PokitDok, Kaiser Permanente for Patientory, Philips for Los Angeles-based Gem Health. At least one established provider network, Change Healthcare, is developing blockchain-based systems of its own. Two months ago, Change launched what it calls the first "enterprise-scale" blockchain network in U.S. healthcare—a system to track insurance claim submissions and remittances.
No one, however, has set a roll-out date for a full-blown, blockchain-based EHR system in this country. "We have yet to see anything move from the pilot phase to some kind of production status," says Debbie Bucci, an IT architect in the federal government's Office of the National Coordinator for Health Information Technology. Indeed, many experts expect healthcare blockchain to take root more slowly here than in nations with government-run national health services. In America, a typical patient may have dealings with a family doctor who keeps everything on paper, an assortment of hospitals that use different EHR systems, and an insurer whose system for processing claims is separate from that of the healthcare providers. To help bridge these gaps, a consortium called the Hyperledger Healthcare Working Group (which includes many of the leading players in the field) is developing standard protocols for blockchain interoperability and other functions. Adding to the complexity is the federal Health Insurance and Portability Act (HIPAA), which governs who can access patient data and under what circumstances. "Healthcare blockchain is in a very nascent stage," says Behera. "Coming up with regulations and other guidelines, and achieving large-scale implementation, will take some time."
The ethical implications of buying and selling personal genomic data in an electronic marketplace are doubtless open to debate.
How long? Behera, like other analysts, estimates that relatively simple applications, such as revenue-cycle management systems, could become commonplace in the next five years. More ambitious efforts might reach fruition in a decade or so. But once the infrastructure for healthcare blockchain is fully established, its uses could go far beyond keeping better EHRs.
A handful of scientists and entrepreneurs are already working to develop one visionary application: managing genomic data. Last month, Harvard University geneticist George Church—one of the most influential figures in his discipline—launched a business called Nebula Genomics. It aims to set up an exchange in which individuals can use "Neptune tokens" to purchase DNA sequencing, which will be stored in the company's blockchain-based system; research groups will be able to pay clients for their data using the same cryptocurrency. Luna DNA, founded by a team of biotech veterans in San Diego, plans a similar service, as does a Moscow-based startup called the Zenome Project.
Hossein Rahnama, CEO of the mobile-tech company Flybits and director of research at the Ryerson Centre for Cloud and Context-Aware Computing in Toronto, envisions a more personalized way of sharing genomic data via blockchain. His firm is working with a U.S. insurance company to develop a service that would allow clients in their 20s and 30s to connect with people in their 70s or 80s with similar genomes. The young clients would learn how the elders' lifestyle choices had influenced their health, so that they could modify their own habits accordingly. "It's intergenerational wisdom-sharing," explains Rahnama, who is 38. "I would actually pay to be a part of that network."
The ethical implications of buying and selling personal genomic data in an electronic marketplace are doubtless open to debate. Such commerce could greatly expand the pool of subjects for research in many areas of medicine, enabling the kinds of breakthroughs that only Big Data can provide. Yet it could also lead millions to surrender the most private information of all—the secrets of their cells—to buyers with less benign intentions. The Dark Overlord, one might argue, could not hope for a more satisfying victory.
These scenarios, however, are pure conjecture. After the first web page was posted, in 1991, Lippman observes, "a whole universe developed that you couldn't have imagined on Day 1." The same, he adds, is likely true for healthcare blockchain. "Our vision is to make medical records useful for you and for society, and to give you more control over your own identity. Time will tell."
At age 52, Glen Rouse suffered from arm weakness and a lot of muscle twitches. “I first thought something was wrong when I could not throw a 50-pound bag of dog food over the tailgate of my truck—something I use to do effortlessly,” said the 54-year-old resident of Anderson, California, about three hours north of San Francisco.
In August, Rouse retired as a forester for a private timber company, a job he had held for 31 years. The impetus: amyotrophic lateral sclerosis, or ALS, a progressive neuromuscular disease that is commonly known as Lou Gehrig’s disease, named after the New York Yankees’ first baseman who succumbed to it less than a month shy of his 38th birthday in 1941. ALS eventually robs an individual of the ability to talk, walk, chew, swallow and breathe.
Rouse is now dependent on ventilation through a nasal mask and uses a powerchair to get around. “I can no longer walk or use my arms very well,” he said. “I can still move my wrists and fingers. I can also transfer from my chair to the toilet if I have two of my friends help me.”
It’s “shocking” that modern medicine has very little to offer to people with this devastating condition, Rouse said. But there is hope on the horizon. Yesterday, the U.S. Food and Drug Administration approved Relyvrio, a drug made up of two parts, sodium phenylbutyrate and taurursodiol, to treat patients with ALS.
“This approval provides another important treatment option for ALS, a life-threatening disease that currently has no cure,” said Billy Dunn, director of the Office of Neuroscience in the FDA’s Center for Drug Evaluation and Research, in a statement. “The FDA remains committed to facilitating the development of additional ALS treatments.”
Until this point, the FDA had approved only two other medications—Riluzole (rilutek) in 1995 and Radicava (edaravone) in 2017—to extend life in patients with ALS, which typically kills within two to five years after diagnosis. That’s why earlier this week, Rouse was optimistic about the FDA’s likely approval of a controversial new drug for ALS.
When Relyvrio is taken in addition to Riluzole, it appears to slow functional decline by an additional 25 percent and extend life by another 6 to 10 months, said Richard Bedlak, director of the Duke ALS Clinic. “It is not a cure, but it is definitely a step forward.”
“The whole ALS community is extremely excited about it,” he said the day before Relyvrio’s expected approval. “We are very hopeful. We’re on pins and needles.”
A study of 137 ALS patients did not result in “substantial evidence” that Relyvrio was effective, the agency’s Peripheral and Central Nervous System Drugs Advisory Committee concluded in March. However, after some persuasion from FDA officials, patients and their families, the committee met again and decided to recommend approving the drug.
In January 2019, following an ALS diagnosis at age 58 in October the previous year, Jeff Sarnacki, of Chester, Maryland, was accepted into a trial for Relyvrio. “Because of the trial, we did experience hope and a greater sense of help than had we not had that opportunity,” said Juliet Taylor, his wife and caregiver. They both believed the drug “worked for him in giving him more time.”
In June 2019, Sarnacki chose an open-label extension, offered to patients by drug researchers after a study ends, and took the active drug until he died peacefully at home under hospice care in May 2020, five days after his 60th birthday. A retired agent with the federal Bureau of Alcohol, Tobacco, Firearms and Explosives who later worked as a security consultant, Sarnacki lived about 19 months after diagnosis, which is shorter than the typical prognosis.
His symptoms began with leg cramps in fall 2017 and foot drop in early 2018. A feeding tube was placed in 2019, as it became necessary early in his illness, Taylor said. He also took Radicava and Riluzole, the two previously approved drugs, for his ALS. “We were both incredulous that, so many years after Lou Gehrig’s own diagnosis, there were so few treatments available,” she said.
The dearth of successful treatments for ALS is “certainly not for lack of trying,” said Karen Raley Steffens, a registered nurse and ALS support services coordinator at the Les Turner ALS Foundation in Skokie, Ill. “There are thousands of researchers and scientists all over the world working tirelessly to try to develop treatments for ALS.”
Unfortunately, she added, research takes time and exorbitant amounts of funding, while bureaucratic challenges persist. The rare disease also manifests and progresses in many different ways, so many treatments are needed.
As of 2017, the Centers for Disease Control and Prevention estimated that more than 31,000 people in the U.S. live with ALS, and an average of 5,000 people are newly diagnosed every year. It is slightly more common in men than women. Most people are diagnosed between the ages of 55 and 75.
Most cases of ALS are sporadic, meaning that doctors don’t know the cause. There is about a one-year interval between symptom onset and an ALS diagnosis for most patients, so many motor neurons are lost by the time individuals can enroll in a clinical trial, said Richard Bedlack, professor of neurology and director of the Duke ALS Clinic in Durham, North Carolina.
Bedlack found the new drug, Relyvrio, to be “very promising,” which is why he testified to the FDA in favor of approval. (He’s a consultant and disease state speaker for multiple companies including Amylyx, manufacturer of Relyvrio.)
The “drug has different mechanisms of action than the currently approved treatments,” Bedlack said. He added that, when Relyvrio is taken in addition to Riluzole, it appears to slow functional decline by an additional 25 percent and extend life by another 6 to 10 months. “It is not a cure, but it is definitely a step forward.”
T. Scott Diesing, a neurohospitalist and director of general neurology at the University of Nebraska Medical Center in Omaha, said he hopes the drug is “as good as people anticipated it should be, because there are not too many options for these patients.”
"FDA went out on a limb in approving Relyvrio based on limited results from a small trial while a larger study remains in progress," said Florian P. Thomas, co-director of the ALS Center at Hackensack University Medical Center and the Meridian School of Medicine. "While it is definitely promising, clearly, the last word on this drug has not been spoken."
So far, Rouse's voice is holding up, but he knows the day will come when ALS will steal that and much more from him.
ALS is 100 percent fatal, with some patients dying as soon as a year after diagnosis. A few have lasted as long as 15 years, but those are the exceptions, Diesing said.
“If this drug can provide even months of additional life, or would maintain quality of life, that’s a big deal,” he noted, adding that “the patients are saying, ‘I know it’s not proven conclusively, but what do we have to lose?’ So, they would like to try it while additional studies are ongoing.” The drug has already been conditionally approved in Canada.
As his disease progresses, Rouse hopes to get a speech-to-text voice-generating computer that he can control with his eyes. So far, his voice is holding up, but he knows the day will come when ALS will steal that and much more from him. He works at I AM ALS, a patient-led community, and six of his friends have already died of the disease.
“Every time I lose a friend to ALS, I grieve and am sad but I resolve myself to keep working harder for them, myself and others,” Rouse said. “People living with ALS find great purpose in life advocating and trying to make a difference.”
The Friday Five covers important stories in health and science research that you may have missed - usually over the previous week, but today's episode is a lookback on important studies over the month of September.
Most recently, on September 27, pharmaceuticals Biogen and Eisai announced that a clinical trial showed their drug, lecanemab, can slow the rate of Alzheimer's disease. There are plenty of controversies and troubling ethical issues in science – and we get into many of them in our online magazine – but this news roundup focuses on scientific creativity and progress to give you a therapeutic dose of inspiration headed into the weekend and the new month.
This Friday Five episode covers the following studies published and announced over the past month:
- A new drug is shown to slow the rate of Alzheimer's disease
- The need for speed if you want to reduce your risk of dementia
- How to refreeze the north and south poles
- Ancient wisdom about Neti pots could pay off for Covid
- Two women, one man and a baby