Technology is revolutionizing the healthcare industry, and the cloud is revolutionizing IT. This development was clear last month at the HIMSS 2019 conference in Orlando, Fla. Healthcare providers are finding innovative ways to use the cloud to improve everything from patient care to back-office billing. In fact, a 2018 report found that the healthcare industry is the furthest along among several industries in cloud adoption.
But with the growing use of cloud services, healthcare organizations face a new challenge. As data leaves their control in the cloud, they remain responsible for protecting it. Healthcare IT professionals are relying on a variety of solutions and strategies to defend their cloud data.
How the Cloud Affects Security Concerns
Cloud services significantly alter the security approach healthcare organizations must use to protect sensitive patient data.
Many healthcare providers are adopting cloud-based communication channels such as text, email and instant messaging. This improves communication with patients and boosts collaboration among healthcare professionals, but it also exposes the data used by these applications to security risks.
“As you start moving to the cloud, your whole security model must pivot and shift,” said Michael Reagin, a senior vice president and chief information and innovation officer with Sentara Healthcare, in an interview at the conference.
In addition to systems being hacked and patient data leaked, the threat of lost or stolen devices that connect to the cloud is a major concern. But perhaps an even bigger concern is the threat of insiders who compromise sensitive data. In its 2018 Data Breach Investigation Report, Verizon found that healthcare is the only industry in which insider threats outnumbered external threats. According to the report, 58 percent of healthcare breaches involved insiders in 2018, and nearly half of these were motivated by financial gain.
Defenses to Protect Patient Data
Healthcare organizations have a number of tools at their disposal to protect sensitive data in the cloud. “One of the best ways to secure devices that have patient information on them is to make sure that they’re encrypted,” said Anil Melwani, director of IT for Cypress Healthcare Partners, at the HIMSS conference.
IT teams can further protect healthcare data by deploying mobile device management solutions that give them greater control over devices. Mobile device management enables IT personnel to enforce security policies on devices, make sure they have received the latest security patches and updates, and lock or wipe devices that are lost or stolen.
Strong authentication practices also should be employed to protect sensitive data. Many healthcare organizations employ multifactor authentication systems that go beyond simple passwords to protect devices. Biometric authentication is another measure that can significantly improve security by requiring a personal characteristic, such as a fingerprint or facial scan, to gain access to healthcare data.
Strong authentication methods are also an essential component of building out a greater identity and access management program. This initiative is backed by a growing movement in the industry to support a zero-trust security approach. This strategy can help mitigate the risks associated with elevated privileges, password vaulting and lateral movement to help detect potential insider threat behavior.
The insider threat can be particularly difficult to address, but healthcare organizations must make this a priority. Data loss prevention solutions that enforce rules about how data is handled can help deter both malicious and unintended data leaks by healthcare professionals. Organizations with a robust security practice may even build out a security operations center to detect and analyze threats and respond quickly to any incidents.
Many healthcare organizations were slow to adopt cloud services due to security concerns, but as adoption grows, they must continue to make security a top priority.
This blog post is brought to you by: