top of page
  • Writer's pictureNancy Langdon

Of frogs, mice and Russian hackers: Why we need to disperse and compartmentalize sensitive data across secure nodes

Updated: Mar 21




How a new management architecture could have potentially thwarted a ransomeware attack and safeguarded patient information from exploitation


Aesop recalled an incident of a mouse and a frog looking for adventure at the pond’s shore. While the mouse could swim somewhat, he was not a creature of the water. Therefore the frog offered to bind his leg to the mouse’s leg with a reed, “Friend mouse, so bound at the leg, should you venture too far into the water, I will push you to safer ground.”


All was well until a hawk spotted the slow-moving mouse and came swooping down from the heavens for an easy meal. The frog, bound to the mouse by the reed, was unable to slip beneath the surface of the water and escape. And thus, as the mouse was snatched up into the hawk’s talons, so too did the frog meet his fate.


Digital systems are crafted in many instances like the reed binding the mouse and the frog, and the American public is tied unknowingly at the leg to countless digital systems. Recently, a Russian hacker group known as ALPHV attacked UnitedHealthCare Group's Change Health business unit. Change Health is one of two data exchange services in the United States that connects pharmacies with insurers and charges pharmacies a small fee to determine how much of a patient’s medication is covered by insurance. When the breach was discovered, Change Health halted operations, leaving pharmacies unable to find out the insured rate for prescriptions. In the wake of this shutdown, millions of American patients were left stranded at the pharmacy counter paying out of pocket hundreds or thousands of dollars above their insurance-adjusted rates. Or going without lifesaving medication. 


This Russian ransomware attack underscores the urgent need for a rethinking of data frameworks. Data spaces are just such a reimagining: Data management in data spaces is designed around decentralizing and compartmentalizing sensitive information. Unlike traditional centralized systems, data spaces distribute data across multiple secure nodes, making it significantly harder for hackers to gain access to a comprehensive dataset. Data spaces, in other words, are constructed along an ultimate need to know. Only those little bits of information which need to be known to those particular stakeholders at that very moment in time will be available. Instead of a tight reed binding the frog and mouse, a thin and temporary bind appears only when needed and allows the mouse to scamper into a burrow and the frog to dive deep in the water whenever the shadow of a hawk crosses the landscape.


Data spaces also present a unique chance to outsmart malicious actors by constructing a labyrinth of misleading pathways and dead ends. Only the next intended recipient in the data chain can recognize and access the right pathway and decipher the relevant information. For instance, in healthcare, a patient's genuine data trail may be surrounded by numerous decoys, making it extremely difficult for nefarious individuals to find the correct information amidst the confusion. Like grabbing at cross-cut clippings of 1,000 cities’ phone books tossed like confetti in the wind, implementing data spaces could have fragmented Change Health’s data, rendering it useless to attackers even if they managed to breach one segment.


The advantages of data spaces extend far beyond thwarting ransomware attacks. Patients stand to benefit from enhanced data privacy and security. By dispersing their information across more and more nodes, data spaces mitigate the risk of large-scale data breaches, ensuring that personal health records remain confidential and protected from exploitation.


Insurers reap substantial rewards from adopting data spaces. Data spaces offer a proactive solution by minimizing the impact of potential breaches, thereby safeguarding insurers' reputation and minimizing financial losses associated with data breaches and regulatory fines, all while offering better quality customer care.


Pharmacies will find solace in the security offered by data spaces. As intermediaries between patients and healthcare providers, pharmacies handle a mountain of highly sensitive information, including prescription records and billing details. By leveraging data spaces, pharmacies can bolster their cybersecurity infrastructure, instilling trust among patients and stakeholders while ensuring compliance with stringent data protection regulations.


Moreover, data spaces facilitate seamless collaboration and interoperability within the healthcare ecosystem. By securely sharing select data subsets across authorized entities, healthcare providers can streamline processes such as patient referrals, medication reconciliation, and care coordination, ultimately enhancing the quality and efficiency of patient care. Implementing ai offers immense opportunities to proactively enhance patient care, particularly across specialties for improved diagnoses. The possible comorbidity between, say, an infected root canal and sudden chronic back pain might be revealed without risking unnecessary patient information disclosure.


While the recent ransomware attack on Change Health underscores the pressing need for stronger cybersecurity measures in healthcare, it also serves as a catalyst for innovation. By embracing emerging technologies like data spaces, healthcare organizations can proactively defend against cyber threats, safeguard patient information, and uphold the integrity of our healthcare infrastructure.


As we navigate the digital landscape, prioritizing data security through solutions like data spaces is imperative to ensure a safer and more resilient healthcare future. The adoption of data spaces presents a compelling solution to mitigate the risks posed by ransomware attacks. By decentralizing and compartmentalizing sensitive information, data spaces offer a robust defense mechanism against cyber threats while fostering collaboration and innovation within the healthcare ecosystem: The frog and the mouse can more effectively and fruitfully explore the shoreline.

43 views0 comments

Recent Posts

See All

コメント


bottom of page