In the digital age of healthcare, storage and management of electronic health records deserve equal attention both from a technical and bioethical perspective. The issue is pressing due to the exponential growth of healthcare data generated during diagnostics and treatment, including telemedical consultations and wearable technologies. Medical images, genomics and molecular research form the core of them. According to the World Health Organization, healthcare data will reach one-third of global medical data in zettabytes [1]. It increases the risk of leakage and unauthorized access. Thus, in developed countries, healthcare is considered a critical information infrastructure. In 2025, global economic losses from cyber incidents are estimated to reach 10 billion dollars [2, 3].

Patients value not only high-quality and complete healthcare information but also information security, ethical privacy standards, and control over their data. Traditional centralized data storage in medical information systems poses significant risks due to single points of failure.

Blockchain technologies that ensure decentralization, cryptographic protection and flexible safety partly controlled by an individual hold significant promise in line with AI, quantum computations and enhanced cryptography.

The aim of the publication is to introduce the distributed ledger technology used to store health records to the medical community while addressing the issues of enhancing information security and confidentiality through cryptographic algorithms.

MATERIALS AND METHODS

This article articulated an approach for searching in the leading Russian and foreign bibliographic resources such as eLibrary and PubMed, using specialized platforms to analyze scientific publications including Semantic Scholar, Consensus и Elicit, performing critical analysis, and selecting relevant sources. To be included, publications needed to match the topic of the study, be published between 2018 and 2025, and have both full-text Russian and English versions available. The relevance of sources was initially assessed through abstracts by checking if they focused on the topic of using blockchain technology in the healthcare sector.

A group of experts checked the final manuscript for accuracy. OpenAI ChatGPT-4.1 and Google Gemini 2.5 were used for summarization and grammar correction.

RESULTS AND DISCUSSION

Individuals may erroneously believe that blockchain is a synonym for cryptocurrency though it is just the underlying technology. The technology has made it possible for records to be unchangeable, controllable, accessible and protected no matter if it is used in economics, logistics, management or medicine.

Unlike the traditional centralized systems, which data are controlled by medical institutions, blockchain allows patients to manage their health records with greater autonomy [4].

Users hold a private cryptology key that helps them do the following:

• determine the conditions for data use through smart contracts;
• track all transactions due to blockchain immutability;
• withdraw approvals at any time.

The main property of the blockchain is immutability, as once data are recorded, they cannot be changed or deleted [4].

Blockchains used for storing health records are classified into public, private, and federated (consortium) blockchains based on DLT types. A public blockchain is a decentralized, open network that can be joined by any participant [5]. A private system managed by a single organization is well-suited for tasks that require centralized management and accelerated consensus. On the one part, it can speed up transactions, optimize clinical information flows, and implement policies of access, audit and compliance control at a greater rate. On the other part, private blockchains can suffer from disadvantages such as centralization risks, risks of failure and misuse, and challenges in scaling across institutions and regions [6].

Federated blockchains, also known as consortium or permissioned blockchains, are networks with restricted access, that can be controlled by a predetermined group of participants (medical organizations, laboratories and regulatory bodies), thus maintaining a balance between decentralization and access control. Federated blockchains enable integration of multiple medical institutions into a unified system and provide for the secure exchange of health records.

Also, federated blockchains help process transactions at a higher speed and ensure a greater flow capacity as validating nodes are limited in number and can be controlled. In public networks, the speed is lower as consensus of a greater number of unknown participants is required [5].

Electronic health records can be stored using technological platforms such as Hyperledger Fabric. They combine smart contracts, attribute-based access control (ABAC) and IPFS-based distributed data storage (file system) [7].

In Russia, Masterchain by FinTech Association, the first certified platform, which uses Russian means of cryptographic protection of information, is being actively implemented into the banking sphere. In 2021, Russia launched a blockchain operator for its distributed ledger system. Net processed information is legally significant here. It has been used by the Federal Tax Service of Russia to store computer-readable powers of attorney since 2023 [8].

Public blockchains such as Bitcoin, Ethereum, etc. cannot be directly implemented in healthcare. They are used to store hash functions and references to encrypted data partially solving the issue of confidentiality [7].

Transparency of public blockchains is a valuable advantage for financial and logistic applications. In medicine, however, it is rather a disadvantage. Placing encrypted data on an open network can be considered a form of data leakage because the data, when saved, can be decrypted in future using methods that are currently unavailable [7, 9]. For instance, widely applied ECDSA cryptographic methods based on elliptic curves, which are highly protected in traditional systems, can be broken with Shor’s algorithm capable to reclaim the private key using the public key on a quantum computer in polynomial time [10].

A large-scale quantum computer capable of running Shor’s algorithm with a sufficient number of qubits (around 2000) and low level of errors will compromise safety mechanisms. Healthcare systems require long-term digital safety. Active scientific and technological developments are transitioning to post-quantum cryptography, key distribution schemes and novel consensus protocols that do not depend on mathematical tasks vulnerable to Shor’s algorithms [10].

First and foremost, post-quantum algorithms are based on lattices (lattice-based cryptography), and their security is guaranteed by the difficulty of mathematical problems associated with these lattices (for example, the Shortest Vector Problem (SVP) and the Learning with Errors (LWE) problem), which allow only exponential attacks, even on a quantum computer. Typical algorithms can include as follows [11, 12]:

• NTRUEncrypt is one of the first and most famous systems;
• CRYSTALS-Dilithium is a modern lightweight digital signature scheme recommended by the National Institute of Standards and Technology of the USA (NIST) in 2024 and proposed to replace ECDSA as the main standard. It demonstrates an optimal balance between the speed of key generation, signing, verification, and keys and signatures of “moderate” size [12];
• Falcon is recommended by NIST as an additional signature scheme for special cases where maximum compactness of signatures and keys is desired, as well as for applications that prioritize high signature verification speed [11].

In addition to lattice cryptography, solutions based on isogeny-based cryptography and the morphism of a path between two different elliptic curves, are of particular interest. SIKE (Supersingular Isogeny Key Encapsulation) was a well-known post-quantum cryptography algorithm based on isogenies, which also participated in the post-quantum standardization competition announced by NIST. However, the algorithm was cracked in 2022. Currently, other algorithms (SQISign — Short Quaternion and Isogeny Signature, CSIDH — Commutative Supersingular Isogeny Diffie-Hellman, etc.) are at the level of academic research and cannot be widely applied in practice [13].

Kyber is an advanced post-quantum encryption algorithm selected by the US National Institute of Standards and Technology (NIST) as the main standard for key encapsulation (KEM) mechanisms in the era of quantum computing [12].

Unfortunately, domestic developments are still significantly behind world standards. National standard systems, including GOST 34.10-2012 and GOST 34.10-2018, are also based on elliptic curve operations and are vulnerable to quantum cryptanalysis. Academic research and development of domestic post-quantum algorithms are still underway [14–17]:

Hypericum is an algorithm of digital signature developed by QApp in line with Technical Committee 26 of Rosstandard. To implement SPHINCS+ postquantum digital signature scheme, the works on using the Russian standardized Streebog hash function are in progress [17].

Shipovnik is an algorithm developed by Kryptonite, which is based on the complex task of an accidental linear code decoding. At present, effective algorithms that allow standard or quantum computers to solve some types of problems are unknown. In theory, they cannot be created even using computers of tomorrow with millions operating qubits. However, a large signature size is impractical for blockchain use.

The Oblepikha algorithm presented during the RusCrypto’2025 conference is also of interest. It is based on the theory of grids (LIP task) and uses the decreasing signature size while preserving a high level of stability.

Hypericum and Shipovnik can be classified as future state cryptographic standards in Russia with open implementations in the C language, including many hosted on GitHub: https://github.com/QAPP-tech/shipovnik_tc26 and https://github.com/QAPP-tech/hypericum_tc26 (table).

Apart from encryption, permissioned systems used in healthcare enable flexible access control. Hybrid models that combine role-based and attributive-based access controls (RBAC and ABAC) and multitiered systems of access control are used in practice.

Role-based access control (RBAC) is used by patients to assign various roles (doctor, nurse, researcher) with respective access levels [18].

Attribute-based access control (ABAC) enables to create more flexible access policies based on numerous attributes such as time frames, geographic location, data types and purpose of use.

Technological solutions are based on multitiered architectures where a user interface intuitively integrates management of approvals and review of medical data. The level of smart contracts provides a seamless way to execute business logic including issue, change and withdrawal of consents, as well as monitoring of all operations.

Every transaction such as appointment entry, prescriptions, test results, medical reports and discharge summaries can be recorded within the chain of blocks creating an indisputable and chronologically adjusted audit trail. However, blockchains cannot store large files. Attempts to include diagnostic images (MRI scans, CT scans, etc.) or other large data in the blockchain will result in an exponential growth of registry size, decrease of network productivity and unreasonably high transaction expenses [19].

In a typical blockchain scenario, blockchain uses hashes and meta-data that make transactions immutable and transparent, whereas large medical files are placed in decentralized file systems (IPFS). It warrants that the data are highly accessible and integral. If a file in a blockchain-based repository is altered even by a single byte, its cryptographic hash will change, which will break the link to subsequent blocks in the chain, immediately revealing the tampering to anyone inspecting the ledger [5, 19].

The public key of a patient functions both as an address or network ID that can be freely shareable with others (medical institutions or insurance companies) to obtain access to the data. However, any transaction, including approval for review or change in health records, should be signed using a respective private key [18].

Despite the advantages, the system makes a patient liable. The loss of a  private key is critical. In totally decentralized (public) blockchain systems, such a loss means a complete and permanent loss of access to medical health records and their control. The protocols restoring personalities and keys can be implemented in the federative blockchain. A consortium can act as a  trusted arbiter. Thus, if patients lose the key, their personality can be verified and a new key can be provided to access the records. It is common to use multi-signature schemes when signatures of several parties are required to restore the access.

Digital literacy should be continuously improved, as many doctors and patients can’t manage keys effectively and are still unaware of how blockchain works. Low awareness leads to digital inequality and makes new solutions less available for individuals, countries and regions.

CONCLUSIONS

A distributed ledger technology, particularly federated blockchain (consortium), represents a perspective solution that can dramatically increase the level of data protection, ensure their integrity and allow patients to control their data. A balance between a complete decentralization of public networks and centralized control of public systems is required. Managing the consortium of authorized members (medical organizations, laboratories, insurance companies, state regulators) corresponds to the structure of healthcare system and enables high speed of transactions and flow capacity. Hybrid storage in decentralized file-based systems and use of blockchain to store hashes and metadata ensure integrity without overloading the network.

Russian developments such as the Masterchain platform have already displayed the technology potential, its legal significance in the banking sphere and perspectives of use in healthcare and adjacent fields.

The existing cryptographic standards including GOST are vulnerable to quantum cryptoanalysis. Thus, shifting to post-quantum cryptography is both a key perspective and a  challenge. To create truly protected medical systems of the future, quantum-resistant algorithms, such as globally used CRYSTALS-Dilithium and Falcon, and Russian-based Hypericum and Shipovnik, should be developed and standardized. A wide-ranging application requires improved legislation in the field of data protection, updated GOSTs, and certification of cryptographic data protection tools.

Successful implementation of the technologies depends on how technical, social and organizational tasks can be solved, primarily on improved digital literacy of physicians and patients. Blockchain advantages cannot be implemented completely and digital risks are impossible to avoid when the principles of blockchain operation and responsible management of cryptographic keys are failed to be understood.