In the first half of 2015, the health care sector suffered from more data breaches than any other industry, according to data compiled by the Breach Level Index.

The leading cause of health care data breaches is people doing something that they shouldn’t. This may include employees losing or misplacing devices, sharing their password or access token with unauthorized parties or sending patient data to the wrong recipient. The number of leaks is only expected to rise in the near future since health data is estimated to be worth 10 times more than credit card data on the black market.

Cloud Services’ Treats for Health Care

Cloud solutions have the potential to reduce the negative effects of human error. By storing data in the cloud, there is no need to carry patient data on mobile devices or to send records by fax, post or email. Furthermore, advanced solutions for identity governance prevent unauthorized access to patient data.

Another advantage is that patient data is still accessible when devices are lost or stolen. With cloud solutions, the backup and recovery of data is easier, even if individuals have accidentally deleted emails or altered patient records.

No security technology is perfectly secure. The short life cycle of proposed encryption and authentication techniques, as well as the plethora of research frequently making headlines, could make it difficult to select a solution that is right for a specific health care service. Partnering with a security services vendor relieves health care managers of these highly specialized IT decisions.

Finally, cloud service providers are likely to maintain a state-of-the-art secure environment because that is what gives them a competitive advantage. Selling services with promises for flexibility and cost reductions is no longer a differentiator. Cloud service providers need to be able to take away at least some of the worries about patching, physical security and security certificates. As a result, they have specialized teams who are expertly trained and dedicated to managing all the operational security tasks related to the underlying security infrastructure, platforms and software.

However, these providers cannot take over all responsibility.

The Tricky Parts for Health Care Organizations

Health care organizations that outsource to cloud services still have to acknowledge the obligation they have to security and data governance. In spite of handing over operational tasks, enterprises continue to face difficult decisions about data ownership, data access, sharing of patient records and collaboration with other organizations. On top of that, they need to keep checking that the service provider meets all the requirements as stated in the contracts and data protection regulations. This is not an easy undertaking. It requires the support of additional experts to deal with particulars such as:

  • On-site audits;
  • Knowledge of privacy legislation in different states and countries;
  • Procedures for incident management;
  • Preparations for crisis communication in case of a breach.

We have learned from the financial and entertainment industry that the reputational and personal damage caused by a cloud data breach can be disastrous. This not only affects the patients and the health care organization that owns the data, but also the service provider.

The service provider might be held liable for data breaches, which could take them out of business. When health care organizations prepare their business continuity plan, it is wise to include an escape plan for when the provider does not survive or does not deliver according to expectations.

Turning the Tricks Into Treats

A prepared health care organization can turn the tricky bits of data protection into treats by following the best practices for cloud security and by demanding their service provider offer a complete cloud security portfolio — including managed access, data security, monitoring of security breaches and compliance violations and optimized security operations. Cloud services providers are fully equipped to deliver these secure solutions; all health care organizations have to do is find the right partner.

More from Cloud Security

The Importance of Modern-Day Data Security Platforms

Data is the backbone of businesses and companies everywhere. Data can range from intellectual property to critical business plans to personal health information or even money itself. At the end of the day, businesses are looking to grow revenue, innovate, and operationalize but to do that, they must ensure that they leverage their data first because of how important and valuable it is to their organization. No matter the industry, the need to protect sensitive and personal data should be…

Cybersecurity in the Next-Generation Space Age, Pt. 4: New Space Future Development and Challenges

View Part 1, Introduction to New Space, Part 2, Cybersecurity Threats in New Space, and Part 3, Securing the New Space, in this series. After the previous three parts of this series, we ascertain that the technological evolution of New Space ventures expanded the threats that targeted the space system components. These threats could be countered by various cybersecurity measures. However, the New Space has brought about a significant shift in the industry. This wave of innovation is reshaping the future…

Backdoor Deployment and Ransomware: Top Threats Identified in X-Force Threat Intelligence Index 2023

Deployment of backdoors was the number one action on objective taken by threat actors last year, according to the 2023 IBM Security X-Force Threat Intelligence Index — a comprehensive analysis of our research data collected throughout the year. Backdoor access is now among the hottest commodities on the dark web and can sell for thousands of dollars, compared to credit card data — which can go for as low as $10. On the dark web — a veritable eBay for…

How Posture Management Prevents Catastrophic Cloud Breaches

We've all heard about catastrophic cloud breaches. But for every cyberattack reported in the news, many more may never reach the public eye. Perhaps worst of all, a large number of the offending vulnerabilities might have been avoided entirely through proper cloud configuration. Many big cloud security catastrophes often result from what appear to be tiny lapses. For example, the famous 2019 Capital One breach was traced to a misconfigured application firewall. Could a proper configuration have prevented that breach?…