Ensuring patient data integrity using Blockchain - Class Project (Project.pdf)
For our tests, we use a local version of the Ethereum blockchain. This can be provided by Ganache. In our case, for purpose of visualization we installed the GUI version (instead of maybe having the CLI version). The following screenshot shows our contract creation transaction on the blockchain.
We developed an API, which will act as an application (basically without a frontend), through which physician for instance can modify or retrieve patients data. On the following screenshot we show a successful modification of the data of one patient
This is repercussed on the blockchain as a new transaction happened. In fact, when the patient data is modified, a hash version of this data is stored on the blockchain.
Now, let's imagine that an attacker gets a direct access to our database by an unknown means and decide to alter patient data (the following screenshot shows data tampering with Robot3T knowing that our data is stored in a MongoDB database). Let's say for instance the attacker wants to undermine a patient reputation. In order to do so, he decides to reflect in the DB that the given patient has AIDS. It goes as follow:
With our developed system, patient data integrity is ensured so that when a physician for instance wants to retrieve the data he/she will get an alert of data integrity issue. The admin of the system will receive an email as shown on the following screenshot. He will be alerted in the case that a patient data integrity has been compromised
It is a bit useless to have an alert without actually doing anything to have consistent data. So, we decide to revert the information back from a backup database. In real situation, the backup database should be on another server. When this process is done, the physician will receive the information as follow:
To be even more effective, a system of this kind should maybe include daily integrity check to limit the time an attacker could spend in a system without being caught