The Cloudification of Healthcare: Benefits and Risks

Advertise on CloudTweaks

Cloud Healthcare: Benefits and Risks

Many organizations are moving most of their business-critical applications and workloads to the cloud. The healthcare industry is no exception – hospitals, payers and other organizations also are making moves to the cloud.

While they’re working hard to improve their security measures and making great strides to better protect their data, security challenges continue to evolve.

Healthcare, everywhere

Healthtech

As the organizational structure of healthcare facilities continues to advance, cloud adoption brings numerous benefits for these institutions. Not long ago, patient files were all on paper – placed into a folder that never left the physician’s office. But with the consolidation and reorganization of many healthcare organizations, this approach has become outdated and replaced by electronic records.

The cloud helps address this structural shift by solving many problems, such as the ability to store information off-site and allowing patients to access their records from home. In addition, physicians, nurses and administrators, who may need to work remotely or at multiple locations within a healthcare group, now have the freedom to track their work in real time by accessing and uploading critical information. Cloud-based storage and applications can boost collaboration and information sharing, leading to better communication between departments and specialties.

With the proliferation of connected healthcare devices that collect and transmit patient data, the scalability and larger storage capacity of the cloud helps drive this change. Organizations can cut down on operating and physical storage costs, while also streamlining efficiencies.

Do no harm

While there are many benefits of moving to the cloud, there also are inherent risks. The HIPAA Omnibus Rule requires patient data to be properly protected, regardless of where it is stored – and this includes cloud applications. Even vendors or healthcare partners that are working as a third-party firm, and do not necessarily view the stored data on a regular basis, must adhere to the same HIPAA regulations.

With the digitalization of patient data, new threats are putting hospitals increasingly at risk of compliance violations related to patient privacy violations, among other things. Simply storing data in the cloud is not enough. Similar to cloud-based data centers in business, security systems and policies need to be put in place to protect patient data and critical applications.

Many healthcare organizations consider implementing in-house security solutions to protect their cloud-based data, but this means they need around-the-clock staff to properly manage and respond to alerts – and finding and building this team is no easy task. IT teams are often already overwhelmed due to the large volume of security alerts generated each day, many of which are false positives, which means many hospital IT teams simply don’t have enough hours in the day to investigate each threat thoroughly. This opens up the organization to tremendous risk.

Why outsource?

So, how can a healthcare organization maximize the rewards of cloud-based data and applications while minimizing the security risks associated with these systems? One solution is to consider outsourcing the security monitoring, response, and compliance reconciliation to a managed security service provider (MSSP).

MSSPs are growing in popularity in healthcare, along with many other highly regulated industries such as banking and utilities. Their unique skillset and convenient service model is appealing to organizations with limited resources trying to meet stringent requirements. Plus, the costs associated with an MSSP are significantly less than building your own Security Operations Center (SOC) and maintaining the same level of service in-house.

However, not all MSSPs are created equal. That’s why it’s important to thoroughly evaluate MSSP candidates and cross-reference their healthcare expertise to ensure a seamless transition to the cloud.

Six questions for your MSSP

Here are some key questions to ask any potential MSSP prospect:

  1. Do you offer service level agreements (SLA) that provide the proper level of security needed for regulatory compliance and system availability?
  2. Can you provide an Attestation of Compliance for HIPAA?
  3. Does your company have a dedicated SOC? If so, can we have a tour?
  4. Does your mix of security services include 24/7 monitoring, breach detection and incident response?
  5. Will you agree to comply with our organization’s internal information security policies, as well as any data backup requirements, retention requirements and vulnerability scans required by regulation(s)?
  6. Does your standard contract include a termination clause, a right to audit clause and a limitation of liability clause?

For healthcare organizations with limited budgets and small IT teams, the MSSP model backed by a qualified partner can serve as an extension of their team, help close the security gap and make the most of moving to the cloud.

###

By Ken Adamson

Ken is VP of Product Management at Proficio, a market leading managed security service provider (MSSP). He brings over 23 years of experience in IT management software, both as a customer and vendor, and was previously the Vice President, Product Management for the Infrastructure Management Business Unit at CA Technologies and a Data Center Director for Solectron and Amdahl.

CloudTweaks

Established in 2009, CloudTweaks is recognized as one of the leading authorities in cloud connected technology information and services.

We embrace and instill thought leadership insights, relevant and timely news related stories, unbiased benchmark reporting as well as technology related infographics and comics.

CONTRIBUTORS

State of the Cloud Report In 2017

State of the Cloud Report In 2017

Cloud Report 2017 As the definitive guide to the biggest trends in the cloud industry, this year’s “State of the ...
The Cloud Movement - The Good and the Bad

The Cloud Movement – The Good and the Bad

The Cloud Movement Like it or not, cloud computing permeates many aspects of our lives, and it’s going to be ...
IoT Security Intel

Cyber IoT Security: McAfee on Threats and Autonomous Cars

IoT Security Autonomous cars are just around the corner, there have been IoT security controversies surrounding their safety, and a ...
Data as a Service

Data as a Service: 5 Strategies to Transition How You Access Data

Data as a Service Information wants to be free — at least that’s the saying. And like any good saying, ...
What You Need to Know About GameStop's Data Breach

What You Need to Know About GameStop’s Data Breach

GameStop's Data Breach Just in case you missed it, GameStop quietly announced a major data breach of sensitive customer information ...
Selfie Drone Privacy Issues

Space Invaders – Is That A Selfie Drone I See Before Me?

Selfie Drone Privacy Issues The growing concept of privacy is one that I find very interesting and this is where ...
What Skills Do I Need to Become a Data Scientist?

What Skills Do I Need to Become a Data Scientist?

Becoming a Data Scientist Leveraging the use of big data, as an insight-generating engine, has driven the demand for data ...
Maintaining Network Performance And Security In Hybrid Cloud Environments

Maintaining Network Performance And Security In Hybrid Cloud Environments

Hybrid Cloud Environments After several years of steady cloud adoption in the enterprise, an interesting trend has emerged: More companies ...

NEWS

CIOs Cutting Through the Hype and Delivering Real Value from Machine Learning, Survey Shows 

CIOs Cutting Through the Hype and Delivering Real Value from Machine Learning, Survey Shows 

New survey reveals progressive CIOs tap machine learning to solve everyday work problems SANTA CLARA, Calif. – October 17, 2017– A ...
Cisco Unveils Industry's First Predictive Services Powered by AI

Cisco Unveils Industry’s First Predictive Services Powered by AI

New offerings designed to manage growing technical skills gap through unique expertise, intelligence and automation SAN JOSE, CA--(Marketwired - Oct ...
Toyota to test self-driving, talking cars by about 2020

Toyota to test self-driving, talking cars by about 2020

TOKYO (Reuters) - Toyota Motor Corp (7203.T) on Monday said it would begin testing self-driving electric cars around 2020, which ...

CloudTweaks CONTRIBUTOR PROGRAM

The CloudTweaks thought leadership profile building program is free to join but requires a commitment of atleast 3 articles over a 12-month period. Articles must be vendor-neutral in nature, related to connected cloud technologies and written by an executive level business representative to be considered.

You can also contact us to hear more about our on-demand content and lead generation programs for 2018