Light Dark
July 29, 2015 By Nicole van Deursen 3 min read
Cloud Security
Healthcare

In the first half of 2015, the health care sector suffered from more data breaches than any other industry, according to data compiled by the Breach Level Index.

The leading cause of health care data breaches is people doing something that they shouldn’t. This may include employees losing or misplacing devices, sharing their password or access token with unauthorized parties or sending patient data to the wrong recipient. The number of leaks is only expected to rise in the near future since health data is estimated to be worth 10 times more than credit card data on the black market.

Cloud Services’ Treats for Health Care

Cloud solutions have the potential to reduce the negative effects of human error. By storing data in the cloud, there is no need to carry patient data on mobile devices or to send records by fax, post or email. Furthermore, advanced solutions for identity governance prevent unauthorized access to patient data.

Another advantage is that patient data is still accessible when devices are lost or stolen. With cloud solutions, the backup and recovery of data is easier, even if individuals have accidentally deleted emails or altered patient records.

No security technology is perfectly secure. The short life cycle of proposed encryption and authentication techniques, as well as the plethora of research frequently making headlines, could make it difficult to select a solution that is right for a specific health care service. Partnering with a security services vendor relieves health care managers of these highly specialized IT decisions.

Finally, cloud service providers are likely to maintain a state-of-the-art secure environment because that is what gives them a competitive advantage. Selling services with promises for flexibility and cost reductions is no longer a differentiator. Cloud service providers need to be able to take away at least some of the worries about patching, physical security and security certificates. As a result, they have specialized teams who are expertly trained and dedicated to managing all the operational security tasks related to the underlying security infrastructure, platforms and software.

However, these providers cannot take over all responsibility.

The Tricky Parts for Health Care Organizations

Health care organizations that outsource to cloud services still have to acknowledge the obligation they have to security and data governance. In spite of handing over operational tasks, enterprises continue to face difficult decisions about data ownership, data access, sharing of patient records and collaboration with other organizations. On top of that, they need to keep checking that the service provider meets all the requirements as stated in the contracts and data protection regulations. This is not an easy undertaking. It requires the support of additional experts to deal with particulars such as:

  • On-site audits;
  • Knowledge of privacy legislation in different states and countries;
  • Procedures for incident management;
  • Preparations for crisis communication in case of a breach.

We have learned from the financial and entertainment industry that the reputational and personal damage caused by a cloud data breach can be disastrous. This not only affects the patients and the health care organization that owns the data, but also the service provider.

The service provider might be held liable for data breaches, which could take them out of business. When health care organizations prepare their business continuity plan, it is wise to include an escape plan for when the provider does not survive or does not deliver according to expectations.

Turning the Tricks Into Treats

A prepared health care organization can turn the tricky bits of data protection into treats by following the best practices for cloud security and by demanding their service provider offer a complete cloud security portfolio — including managed access, data security, monitoring of security breaches and compliance violations and optimized security operations. Cloud services providers are fully equipped to deliver these secure solutions; all health care organizations have to do is find the right partner.

 |  |  | 
Nicole van Deursen
Information Security Researcher

More from Cloud Security
November 14, 2024

Autonomous security for cloud in AWS: Harnessing the power of AI for a secure future

3 min read - As the digital world evolves, businesses increasingly rely on cloud solutions to store data, run operations and manage applications. However, with this growth comes the challenge of ensuring that cloud environments remain secure and compliant with ever-changing regulations. This is where the idea of autonomous security for cloud (ASC) comes into play.Security and compliance aren't just technical buzzwords; they are crucial for businesses of all sizes. With data breaches and cyber threats on the rise, having systems that ensure your…

October 10, 2024

Risk, reward and reality: Has enterprise perception of the public cloud changed?

4 min read - Public clouds now form the bulk of enterprise IT environments. According to 2024 Statista data, 73% of enterprises use a hybrid cloud model, 14% use multiple public clouds and 10% use a single public cloud solution. Multiple and single private clouds make up the remaining 3%.With enterprises historically reticent to adopt public clouds, adoption data seems to indicate a shift in perception. Perhaps enterprise efforts have finally moved away from reducing risk to prioritizing the potential rewards of public cloud…

June 6, 2024

AI-driven compliance: The key to cloud security

3 min read - The growth of cloud computing continues unabated, but it has also created security challenges. The acceleration of cloud adoption has created greater complexity, with limited cloud technical expertise available in the market, an explosion in connected and Internet of Things (IoT) devices and a growing need for multi-cloud environments. When organizations migrate to the cloud, there is a likelihood of data security problems given that many applications are not secure by design. When these applications migrate to cloud-native systems, mistakes in configuration…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2024 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature