IT Insights

Findings and insights on digital technologies.

pbuining

Using a decentralized Ethereum blockchain database as a means for patients to regain the ownership of their medical data

Medical data breach

On August 11th 2025, a news item appeared in the Dutch media regarding a major data breach in the healthcare sector (Z-CERT). A clinical diagnostics instancy in the Netherlands had been hit by a ransomware attack, resulting in a leakage of the data of 485,000 participants in a cervical cancer screening program. To encourage paying the extortion, a small portion of this data was already available on the dark web. The data included patients’ names, home addresses, and dates of birth, along with their citizen service numbers, and the test results.

This kind of hacking nightmares should be a wake-up call to reconsider the security of the personal and medical data of the citizens of the Netherlands. When all data are stored in centralized relational databases, exporting all records is easy and the diagnostic measurements can directly be traced back to the patient’s personal data. You can set up database encryption, but this does not help when the intruder is allowed to run queries from within the company’s domain.

Blockchain’s potential

Apart from updating all security measures to the latest standards, one may also consider applying a decentralized blockchain database in healthcare data management. In this scenario, each patient owns its blockchain address that includes a link to his or her diagnostic data in some data store.

Each diagnostic test is sent as a zero-ether transaction to the Ethereum blockchain, from one account to another account or to its own account address. When healthcare data for a particular patient is created, a new block is instantiated and distributed to all nodes in the blockchain network for patient data. The input data of the transaction (mostly used for smart contracts) contains a reference to the off-chain location where the file with the diagnostic data is stored. The address of the transaction or token on the blockchain is owned by the patient who should always be asked to give permission first when anyone or any organisation wants to collect his or her medical data.

The clinical data file (for example a pdf report or an HL7 ASCII file) should preferably be encrypted and should not contain any direct reference to the patient. The healthcare token on the blockchain has in its metadata an immutable reference to this off-chain file. This reference URL contains the cryptographic hash of the file that can always be used to verify the file’s authenticity. One can choose the off-chain storage method for the file to be decentralized, using for example Filecoin, or centralized, like on a cloud service like AWS.

Decentralized or centralized file storage?

As a decentralized file-storage option, Filecoin nodes are based on IPFS protocol nodes, an open system to manage data without a central server that makes use of content addressing to provide data references without dependency on specific cloud providers. A client who knows the content address (CID) of their file can retrieve it from any IPFS node that currently has a copy. However, the storage providers serve out cryptographic proofs daily as evidence to the clients that the data is still at the data center. They lock a certain amount of Filecoin as ‘collateral’, and should they repeatedly fail to provide a proof, their collateral gets burned. So you have to be very attentive not to loose your data, because they are really gone when not on the blockchain anymore.

Considering the above-mentioned data-loss risks due to token burning on IPFS, a centralized file storage may be preferred. Then, it is essential to build in enough privacy and security, because the blockchain data are publicly accessible. In Amazon S3, for instance, one can make use of presigned URLs to upload and download sensitive files. A presigned URL remains only valid for some period of time, which can be specified when the URL is being generated. The flow chart below shows how this could be integrated with the blockchain.

Flowchart of the blockchain / AWS application.

Considerations

  • Gas costs are high on Ethereum. Alternatives would be Algorand or Solana, which have lower gas costs and a faster block mining. Apart from that, both offer SDKs in Python and TypeScript to program advanced decentralized applications.
  • The Ethereum testnet Sepolia allows you to test your Ethereum application with zero-value tokens before going live on mainnet. Of course, on Algorand and Solana you find these testnets too.
  • Apart from protection against hacker groups, a blockchain approach in medical data management will make falsification, fabrication or even removal of the measurements less easy to perform. As reasons for this misconduct, you might think of attempts to acquire scientific fundings or to pursue political objectives.

Reading list :

How Ethereum’s Blockchain Is Transforming Healthcare Data Security

Is Blockchain The Solution To Derisking Unreliable Clinical Trial Data?

Blockchain: Poised to Revolutionize Personal Health Management

Previous/Next

One response to “Using a decentralized Ethereum blockchain database as a means for patients to regain the ownership of their medical data”

  1. The benefits of using Hyperledger Fabric to decentralize our healthcare data – Findings and insights on digital technologies.

    […] a previous post I cited an example of the threats that the present digital technology can pose to our centralized […]

    Like

    Reply

Leave a comment