The hacker collective known as the Dark Overlord first surfaced in June 2016, when it advertised more than 600,000 patient files from three U.S. healthcare organizations for sale on the dark web. The group, which also attempted to extort ransom from its victims, soon offered another 9 million records pilfered from health insurance companies and provider networks across the country.
Since 2009, federal regulators have counted nearly 5,000 major data breaches in the United States alone, affecting some 260 million individuals.
Last October, apparently seeking publicity as well as cash, the hackers stole a trove of potentially scandalous data from a celebrity plastic surgery clinic in London—including photos of in-progress genitalia- and breast-enhancement surgeries. "We have TBs [terabytes] of this shit. Databases, names, everything," a gang representative told a reporter. "There are some royal families in here."
Bandits like these are prowling healthcare's digital highways in growing numbers. Since 2009, federal regulators have counted nearly 5,000 major data breaches in the United States alone, affecting some 260 million individuals. Although hacker incidents represent less than 20 percent of the total breaches, they account for almost 80 percent of the affected patients. Such attacks expose patients to potential blackmail or identity theft, enable criminals to commit medical fraud or file false tax returns, and may even allow hostile state actors to sabotage electric grids or other infrastructure by e-mailing employees malware disguised as medical notices. According to the consulting agency Accenture, data theft will cost the healthcare industry $305 billion between 2015 and 2019, with annual totals doubling from $40 billion to $80 billion.
Blockchain could put patients in control of their own data, empowering them to access, share, and even sell their medical information as they see fit.
One possible solution to this crisis involves radically retooling the way healthcare data is stored and shared—by using blockchain, the still-emerging information technology that underlies cryptocurrencies such as Bitcoin. And blockchain-enabled IT systems, boosters say, could do much more than prevent the theft of medical data. Such networks could revolutionize healthcare delivery on many levels, creating efficiencies that would reduce medical errors, improve coordination between providers, drive down costs, and give researchers unprecedented insights into patterns of disease. Perhaps most transformative, blockchain could put patients in control of their own data, empowering them to access, share, and even sell their medical information as they see fit. Widespread adoption could result in "a new kind of healthcare economy, in which data and services are quantifiable and exchangeable, with strong guarantees around both the security and privacy of sensitive information," wrote W. Brian Smith, chief scientist of healthcare-blockchain startup PokitDok, in a recent white paper.
Around the world, entrepreneurs, corporations, and government agencies are hopping aboard the blockchain train. A survey by the IBM Institute for Business Value, released in late 2016, found that 16 percent of healthcare executives in 16 countries planned to begin implementing some form of the technology in the coming year; 90 percent planned to launch a pilot program in the next two years. In 2017, Estonia became the first country to switch its medical-records system to a blockchain-based framework. Great Britain and Dubai are exploring a similar move. Yet in countries with more fragmented health systems, most notably the U.S., the challenges remain formidable. Some of the most advanced healthcare applications envisioned for blockchain, moreover, raise technological and ethical questions whose answers may not arrive anytime soon.
By creating a detailed, comprehensive, and immutable timeline of medical transactions, blockchain-based recordkeeping could help providers gauge a patient's long-term health patterns in a way that's never before been possible.
What Exactly Is Blockchain, Anyway?
To understand the buzz around blockchain, it's necessary to grasp (at least loosely) how the technology works. Ordinary digital recordkeeping systems rely on a central administrator that acts as gatekeeper to a treasury of data; if you can sneak past the guard, you can often gain access to the entire hoard, and your intrusion may go undetected indefinitely. Blockchain, by contrast, employs a network of synchronized, replicated databases. Information is scattered among these nodes, rather than on a single server, and is exchanged through encrypted, peer-to-peer pathways. Each transaction is visible to every computer on the network, and must be approved by a majority in order to be successfully completed. Each batch of transactions, or "block," is date- and time-stamped, marked with the user's identity, and given a cryptographic code, which is posted to every node. These blocks form a "chain," preserved in an electronic ledger, that can be read by all users but can't be edited. Any unauthorized access, or attempt at tampering, can be quickly neutralized by these overlapping safeguards. Even if a hacker managed to break into the system, penetrating deeply would be extraordinarily difficult.
Because blockchain technology shares transaction records throughout a network, it could eliminate communication bottlenecks between different components of the healthcare system (primary care physicians, specialists, nurses, and so on). And because blockchain-based systems are designed to incorporate programs known as "smart contracts," which automate functions previously requiring human intervention, they could reduce dangerous slipups as well as tedious and costly paperwork. For example, when a patient gets a checkup, sees a specialist, and fills a prescription, all these actions could be automatically recorded on his or her electronic health record (EHR), checked for errors, submitted for billing, and entered on insurance claims—which could be adjudicated and reimbursed automatically as well. "Blockchain has the potential to remove a lot of intermediaries from existing workflows, whether digital or nondigital," says Kamaljit Behera, an industry analyst for the consulting firm Frost & Sullivan.
The possible upsides don't end there. By creating a detailed, comprehensive, and immutable timeline of medical transactions, blockchain-based recordkeeping could help providers gauge a patient's long-term health patterns in a way that's never before been possible. In addition to data entered by their caregivers, individuals could use app-based technologies or wearables to transmit other information to their records, such as diet, exercise, and sleep patterns, adding new depth to their medical portraits.
Many experts expect healthcare blockchain to take root more slowly in the U.S. than in nations with government-run national health services.
Smart contracts could also allow patients to specify who has access to their data. "If you get an MRI and want your orthopedist to see it, you can add him to your network instead of carrying a CD into his office," explains Andrew Lippman, associate director of the MIT Media Lab, who helped create a prototype healthcare blockchain system called MedRec that's currently being tested at Beth Israel Deaconess Hospital in Boston. "Or you might make a smart contract to allow your son or daughter to access your healthcare records if something happens to you." Another option: permitting researchers to analyze your data for scientific purposes, whether anonymously or with your name attached.
The Recent History, and Looking Ahead
Over the past two years, a crowd of startups has begun vying for a piece of the emerging healthcare blockchain market. Some, like PokitDok and Atlanta-based Patientory, plan to mint proprietary cryptocurrencies, which investors can buy in lieu of stock, medical providers may earn as a reward for achieving better outcomes, and patients might score for meeting wellness goals or participating in clinical trials. (Patientory's initial coin offering, or ICO, raised more than $7 million in three days.) Several fledgling healthcare-blockchain companies have found powerful corporate partners: Intel for Silicon Valley's PokitDok, Kaiser Permanente for Patientory, Philips for Los Angeles-based Gem Health. At least one established provider network, Change Healthcare, is developing blockchain-based systems of its own. Two months ago, Change launched what it calls the first "enterprise-scale" blockchain network in U.S. healthcare—a system to track insurance claim submissions and remittances.
No one, however, has set a roll-out date for a full-blown, blockchain-based EHR system in this country. "We have yet to see anything move from the pilot phase to some kind of production status," says Debbie Bucci, an IT architect in the federal government's Office of the National Coordinator for Health Information Technology. Indeed, many experts expect healthcare blockchain to take root more slowly here than in nations with government-run national health services. In America, a typical patient may have dealings with a family doctor who keeps everything on paper, an assortment of hospitals that use different EHR systems, and an insurer whose system for processing claims is separate from that of the healthcare providers. To help bridge these gaps, a consortium called the Hyperledger Healthcare Working Group (which includes many of the leading players in the field) is developing standard protocols for blockchain interoperability and other functions. Adding to the complexity is the federal Health Insurance and Portability Act (HIPAA), which governs who can access patient data and under what circumstances. "Healthcare blockchain is in a very nascent stage," says Behera. "Coming up with regulations and other guidelines, and achieving large-scale implementation, will take some time."
The ethical implications of buying and selling personal genomic data in an electronic marketplace are doubtless open to debate.
How long? Behera, like other analysts, estimates that relatively simple applications, such as revenue-cycle management systems, could become commonplace in the next five years. More ambitious efforts might reach fruition in a decade or so. But once the infrastructure for healthcare blockchain is fully established, its uses could go far beyond keeping better EHRs.
A handful of scientists and entrepreneurs are already working to develop one visionary application: managing genomic data. Last month, Harvard University geneticist George Church—one of the most influential figures in his discipline—launched a business called Nebula Genomics. It aims to set up an exchange in which individuals can use "Neptune tokens" to purchase DNA sequencing, which will be stored in the company's blockchain-based system; research groups will be able to pay clients for their data using the same cryptocurrency. Luna DNA, founded by a team of biotech veterans in San Diego, plans a similar service, as does a Moscow-based startup called the Zenome Project.
Hossein Rahnama, CEO of the mobile-tech company Flybits and director of research at the Ryerson Centre for Cloud and Context-Aware Computing in Toronto, envisions a more personalized way of sharing genomic data via blockchain. His firm is working with a U.S. insurance company to develop a service that would allow clients in their 20s and 30s to connect with people in their 70s or 80s with similar genomes. The young clients would learn how the elders' lifestyle choices had influenced their health, so that they could modify their own habits accordingly. "It's intergenerational wisdom-sharing," explains Rahnama, who is 38. "I would actually pay to be a part of that network."
The ethical implications of buying and selling personal genomic data in an electronic marketplace are doubtless open to debate. Such commerce could greatly expand the pool of subjects for research in many areas of medicine, enabling the kinds of breakthroughs that only Big Data can provide. Yet it could also lead millions to surrender the most private information of all—the secrets of their cells—to buyers with less benign intentions. The Dark Overlord, one might argue, could not hope for a more satisfying victory.
These scenarios, however, are pure conjecture. After the first web page was posted, in 1991, Lippman observes, "a whole universe developed that you couldn't have imagined on Day 1." The same, he adds, is likely true for healthcare blockchain. "Our vision is to make medical records useful for you and for society, and to give you more control over your own identity. Time will tell."
"Making Sense of Science" is a monthly podcast that features interviews with leading medical and scientific experts about the latest developments and the big ethical and societal questions they raise. This episode is hosted by science and biotech journalist Emily Mullin, summer editor of the award-winning science outlet Leaps.org.
Hear the episode:
Stacey Khoury felt more fatigued and out of breath than she was used to from just walking up the steps to her job in retail jewelry sales in Nashville, Tennessee. By the time she got home, she was more exhausted than usual, too.
"I just thought I was working too hard and needed more exercise," recalls the native Nashvillian about those days in December 2010. "All of the usual excuses you make when you're not feeling 100%."
As a professional gemologist, being hospitalized during peak holiday sales season wasn't particularly convenient. There was no way around it though when her primary care physician advised Khoury to see a blood disorder oncologist because of her disturbing blood count numbers. As part of a routine medical exam, a complete blood count screens for a variety of diseases and conditions that affect blood cells, such as anemia, infection, inflammation, bleeding disorders and cancer.
"If approved, it will allow more patients to potentially receive a transplant than would have gotten one before."
While she was in the hospital, a bone marrow biopsy revealed that Khoury had acute myeloid leukemia, or AML, a high-risk blood cancer. After Khoury completed an intense first round of chemotherapy, her oncologist recommended a bone marrow transplant. The potentially curative treatment for blood-cancer patients requires them to first receive a high dose of chemotherapy. Next, an infusion of stem cells from a healthy donor's bone marrow helps form new blood cells to fight off the cancer long-term.
Each year, approximately 8,000 patients in the U.S. with AML and other blood cancers receive a bone marrow transplant from a donor, according to the Center for International Blood and Marrow Transplant Research. But Khoury wasn't so lucky. She ended up being among the estimated 40% of patients eligible for bone marrow transplants who don't receive one, usually because there's no matched donor available.
Khoury's oncologist told her about another option. She could enter a clinical trial for an investigational cell therapy called omidubicel, which is being developed by Israeli biotech company Gamida Cell. The company's cell therapy, which is still experimental, could up a new avenue of treatment for cancer patients who can't get a bone marrow transplant.
Omidubicel consists of stem cells from cord blood that have been expanded using Gamida's technology to ensure there are enough cells for a therapeutic dose. The company's technology allows the immature cord blood cells to multiply quickly in the lab. Like a bone marrow transplant, the goal of the therapy is to make sure the donor cells make their way to the bone marrow and begin producing healthy new cells — a process called engraftment.
"If approved, it will allow more patients to potentially receive a transplant than would have gotten one before, so there's something very novel and exciting about that," says Ronit Simantov, Gamida Cell's chief medical officer.
Khoury and her husband Rick packed up their car and headed to the closest trial site, the Duke University School of Medicine, roughly 500 miles away. There they met with Mitchell Horowitz, a stem cell transplant specialist at Duke and principal investigator for Gamida's omidubicel study in the U.S.
He told Khoury she was a perfect candidate for the trial, and she enrolled immediately. "When you have one of two decisions, and it's either do this or you're probably not going to be around, it was a pretty easy decision to make, and I am truly thankful for that," she says.
Khoury's treatment started at the end of March 2011, and she was home by July 4 that year. She say the therapy "worked the way the doctors wanted it to work." Khoury's blood counts were rising quicker than the people who had bone marrow matches, and she was discharged from Duke earlier than other patients were.
By expanding the number of cord blood cells — which are typically too few to treat an adult — omidubicel allows doctors to use cord blood for patients who require a transplant but don't have a donor match for bone marrow.
Patients receiving omidubicel first get a blood test to determine their human leukocyte antigen, or HLA, type. This protein is found on most cells in the body and is an important regulator of the immune system. HLA typing is used to match patients to bone marrow and cord blood donors, but cord blood doesn't require as close of a match.
Like bone marrow transplants, one potential complication of omidubicel is graft-versus-host disease, when the donated bone marrow or stem cells register the recipient's body as foreign and attack the body. Depending on the severity of the response, according to the Mayo Clinic, treatment includes medication to suppress the immune system, such as steroids. In clinical trials, the occurrence of graft-versus-host disease with omidubicel was comparable with traditional bone marrow transplants.
"Transplant doctors are working on improving that," Simantov says. "A number of new therapies that specifically address graft-versus-host disease will be making some headway in the coming months and years."
Gamida released the results of the Phase 3 study in February and continues to follow Khoury and the other study patients for their long-term outcomes. The large randomized trial evaluated the safety and efficacy of omidubicel compared to standard umbilical cord blood transplants in patients with blood cancer who didn't have a suitable bone marrow donor. Around 120 patients aged 12 to 65 across the U.S., Europe and Asia were included in the trial. The study found that omidubicel resulted in faster recovery, fewer bacterial and viral infections and fewer days in the hospital.
The company plans to seek FDA approval this year. Simantov anticipates the therapy will receive FDA approval by 2022.
"Opening up cord blood transplants is very important, especially for people of diverse ethnic backgrounds," says oncologist Gary Schiller, principal investigator at the David Geffen School of Medicine at UCLA for Gamida Cell's mid- and late-stage trials. "This expansion technology makes a big difference because it makes cord blood an available option for those who do not have another donor source."
As for Khoury, who proudly celebrated the anniversary of her first transplant in April—she remains cancer free and continues to work full-time as a gemologist. When she has a little free time, she enjoys gardening, sewing, or maybe traveling to national parks like Yellowstone or the Grand Canyon with her husband Rick.