Healthcare Is Intolerant to Disruption
Blockchain promises compelling benefits that could improve the quality and reduce the cost of patient care across a broad range of use cases. However, healthcare is intolerant to disruption. This is especially true of provider healthcare where disruptions of IT systems or access to patient data can degrade the quality and cost of care, and in a worst case can be a direct threat to patient safety. In this article, I analyze availability benefits and limitations of a healthcare blockchain, and practical strategies and best practices you can use to maximize your success in applying blockchain across health and life sciences. For more general guidance on healthcare blockchain use cases see Healthcare Use Cases for Blockchain - 5 Key Factors for Success.
Protecting the Availability of Healthcare Systems and Patient Data
Availability is timely and reliable access to systems and data. All security professionals are taught to protect availability, along with confidentiality, and integrity. However, prior to ransomware, there was not much concern or attention given to protecting availability. However, one key take away from the impact of ransomware on healthcare is that availability is incredibly important since, without it, access to patient data can be effectively denied by encrypting data and withholding the decryption key for a ransom.
Another type of attack on availability is DDoS (Distributed Denial of Service) which involves fire-hosing online services with bogus requests, saturating those systems or the networks that connect with them such that legitimate requests cannot get through. As healthcare moves more patient care services to the cloud and blockchain, driven by compelling benefits of improved accessibility, cost reduction, and other benefits, it is critical that the availability of such services be adequately protected. This requires effective mitigation of ransomware, DDoS, and other threats to availability. This article focuses on protecting the availability of blockchains. For more general discussions of securing healthcare blockchains see Healthcare Blockchain: Does Your Chain Have any Weak Links? , and Healthcare Blockchain: What Goes On Chain Stays on Chain.
Improved Availability of a Healthcare Blockchain Network Using Decentralized Ledgers
One of the advantages of blockchain is improved availability of the blockchain network through decentralized ledgers maintained by each node in the blockchain network, each with a full copy of the decentralized ledger. In the event that one or a few blockchain nodes are taken down, the healthcare blockchain network lives on, as long as a critical mass of blockchain nodes remain active. How many nodes constitute critical mass will depend on the particular blockchain platform but will be some integer number greater than or equal to 1.
How to Ensure Reliable Access to Your Blockchain Network
However, a blockchain node is the “on / off ramp” for a given organization to the blockchain network “super-highway,” and if that particular node goes down it will cut off the access of that organization to the blockchain network until the node is restored. For this reason, and especially as blockchains grow to support critical healthcare services, ensuring the availability of a given organizations access to the blockchain requires that the node(s) that organization uses to access the blockchain are also protected, including from an availability standpoint.
This can make use of standard availability protection safeguards such as backup and restore, redundant nodes with load balancing and failover, business continuity and disaster recovery, and other measures. To protect nodes from DDoS attacks, cloud mitigation providers and appliances can be used that ensure through high bandwidth network pipes, DDoS mitigation appliances, and other measures that illegitimate requests are filtered out and only legitimate requests are allowed through to the blockchain nodes.
How to Ensure Timely Access to Your Blockchain Network
Due to the inherent network nature of the blockchain and the consensus algorithm used to ensure validity and consistency of decentralized ledgers, blockchains have performance limitations. These may be from single-digit new blocks committed to the blockchain per second, as in the case of bitcoin, to thousands of blocks per second as promised by blockchain platforms such as Coco Framework.
A key factor in this throughput performance is the specifics of the consensus algorithm used by the particular blockchain network. In the case of a public and totally untrusted blockchain network such as bitcoin, the consensus algorithm must be very conservative and aggressive and this reduces performance and throughput.
On the other hand, in the case of a blockchain platform intended for enterprise B2B network use, where all organizations and nodes connecting to the network and known and trusted, the consensus algorithm can be streamlined for higher throughput performance. The lower the throughput performance of a given blockchain platform, the slower it is to commit new blocks to the blockchain. Depending on your definition of timely access to your blockchain network, i.e. how long you can wait for a new block to be committed, a given blockchain platform may or may not provide timely access.
This is why it is important to have an idea of your throughput performance requirements in mind when you select your blockchain platform. In any case, even within a given blockchain platform the time to commit a new block will not be a single predictable number, but rather will vary randomly within a range depending on blockchain platform specifics, the network, and other factors.
Could Blocks Bounce Off Your Blockchain?
New blocks requested to be added to the blockchain may not always successfully commit. This may occur for example where transaction(s) contained within a block are invalid. There can also be various complex situations where blocks may fail to commit to the blockchain due to other reasons, and these specific reasons will vary by the blockchain platform you are using. See the specific technical documentation of your blockchain platform for further details.
In the event that a block fails to commit to the blockchain, the submitter of the block will have to resubmit that block, possibly after amending the data and transaction(s) within the block in a case where the first attempt to commit the block failed because it was invalid. Such retry logic can further increase the time to commit a block to the blockchain.
Trading Off Blockchain Transaction Latency to Improve Throughput Performance
Whether your access to a blockchain is timely will depend on the transaction latency, i.e. the time it takes for a new transaction to be committed in a new block appended to the blockchain. There are several key blockchain design decisions you can make that will impact transaction latency. Transactions can be queued and batched into blocks. The higher the number of transactions per block, the higher the transaction throughput for a given block throughput performance.
However, the higher the number of transactions per block the longer the latency, or time between when a transaction arrives to when enough transactions have arrived to make a new complete batch for a new block that can then be submitted in a request to add it to the blockchain. Your transaction throughput requirements may also vary over time such that at peak load you may have a longer queue or buffer of transactions than your blockchain throughput performance can handle. At peak times this may further increase the transaction latency or time it takes for a new transaction at the back of the queue to make it to the front of the queue where it can then get batched into a new block for submission to the blockchain.
Data On vs Off the Blockchain and a Potential False Sense of Availability
It may be beneficial for performance, scalability, privacy, compliance, or other reasons to store bulky or sensitive data off the blockchain and include only metadata about that data on the blockchain. For further discussion of this see Healthcare Blockchain: What Goes On Chain Stays on Chain.
This metadata put on the blockchain includes high-level details about the actual data stored off chain in order to enable discovery of the data by the blockchain network, and then support a decision of whether to request the off chain data from the source of the data. This metadata stored on the blockchain can also include a pointer to the source of the data, the format of the data, and version information to support interoperability, as well as a hashcode of the data which can be used to protect and verify the integrity of the data stored off the blockchain.
However, storing information off the blockchain means that the availability of such data is not protected by the blockchain itself, but rather must be protected by ensuring the availability of the source of the data using conventional availability safeguards including backup and restore, redundancy with load balancing and failover, business continuity and disaster recovery, and other measures. Without such protections to the availability of off chain sources of data one may have a false sense of availability of the blockchain since, although the blockchain network itself may be available thanks to decentralized ledgers, the data that the blockchain contains will be useless if the pointers it contains that point to the off chain sources of data are rendered useless because such sources are unavailable and the actual data stored off chain cannot be requested or retrieved.
Are All Your Blockchain Node Eggs in One Basket?
As discussed previously, the availability of the blockchain network is improved by the decentralized ledgers and having no single point of failure. However, if all of the nodes of your blockchain network are running on a common platform, e.g. a single cloud provider, or in a single data center, and this common platform goes down, or is inaccessible e.g. due to a DDoS attack, then all nodes of the blockchain network will either be taken down or rendered inaccessible respectively, in turn rendering the entire blockchain network unavailable. For this reason, it is important to ensure that not all nodes of your blockchain network are vulnerable to a single point of failure at the level of the platform(s) used to run the blockchain nodes.
What other availability challenges, strategies, and best practices are you considering? Feel free to share below.
- Healthcare Blockchain: Does Your Chain Have any Weak Links?
- Healthcare Use Cases for Blockchain - 5 Key Factors for Success
- Healthcare Blockchain: What Goes On Chain Stays on Chain
Intel Health and Life Sciences is working with key partners and health and life sciences organizations worldwide across a range of use cases to apply healthcare blockchain to improve the quality and reduce the cost of patient care. If you are working on applying blockchain in health and life sciences and would like to connect to introduce, discuss, and explore potential synergies and opportunities for collaboration feel free to message me on LinkedIn.