Blockchains Reduce the Impact of Data Breaches in 2021

Can Blockchains Reduce the Impact of Data Breaches?:

Another day, another catastrophic data breach. This time it’s the medical records in Singapore, where I live. We are currently almost immune to this type of title:

Cyberattack on Singapore health database steals information from over 1.5 million, including the prime minister (Reuters)

It doesn’t look good. In honor of him, SingHealth notified all interested parties via SMS shortly after the disclosure of the breach in Blockchains.

What do you want to do? It’s time to understand that while personal information is potentially useful and commercially profitable, it is also a burden. These are toxic data; the details of your liability; The “Plan prepared by the Commission” is provided. But things can be different.

In my article A Gentle Introduction to Self-Sovereign Identity, I explain the concept of self-sovereign identity. Since writing this, my understanding has become more nuanced and I will explain in more detail the elements of a more secure system for storing sensitive data.

Data warehouses that hold large amounts of personally identifiable data are honey pots and very attractive to criminals who want to copy the data. They don’t need to alter or tamper with the data, just make a copy of it.

But how can we remove that data source and still keep it available to extract relevant and current data when, for example, a doctor needs access to a patient’s data or a bank has access to a client’s records? documents?

The key is to maintain data structures and standards, decentralize data storage and accessibility. This means that it is necessary for any system to ensure that there are machine-readable “blocks” or data fields that contain standard data (name, address, etc.), but to store this data – as far as possible – in multiple places. rather than in the bank’s data center, and encrypt such data with multiple keys held by different subjects (usually the stakeholder or the subject to whom the data refers). While a given attacker can still get data from someone if they try hard, it is much more difficult to collect all the data in one rich and efficient database file.

Part of the solution is to allow users to store their data in a consistent standard format, but encrypt it with their own keys (obviously there are no master keys or doors, even if an attacker could download them, they would decrypt the data from every patient with devices different.

The other part of the solution is to physically decentralize the data to be stored in different repositories, a known number of locations in different cloud service providers, managed by the healthcare provider, or even more decentralized and stored in a specific location. by the end-user (for example, on their smartphone or in their personal mailbox or iCloud).

Where does the blockchain fit into this? This is the last part of the solution. Something needs to be coordinated to coordinate authorization, access, and revocation. Something that connects different health centers, clinics, and patients. An immutable, at least inviolable, account for those who applied for permission, indicating when and, if applicable, which data fields they visited. This is possible, perhaps not in a traditional blockchain (because the metadata must also be private), but in a distributed private ledger such as Corda.

I declare my interest. Corda was developed by my R3 employer together with a large number of financial institution clients in Blockchains.

Customers R3 and 39 recently completed a “KYC-on blockchain” project that demonstrates the concept of a “decentralized data warehouse” and I have heard there are plans to commercialize it. Tip: Personal data is not widely shared during registration; The “authorization token” has been moved to Corda.

Translate »