Ken Adamson Proficio

The Cloudification of Healthcare: Benefits and Risks

Cloud Healthcare: Benefits and Risks

Many organizations are moving most of their business-critical applications and workloads to the cloud. The healthcare industry is no exception – hospitals, payers and other organizations also are making moves to the cloud.

While they’re working hard to improve their security measures and making great strides to better protect their data, security challenges continue to evolve.

Healthcare, everywhere

Healthtech

As the organizational structure of healthcare facilities continues to advance, cloud adoption brings numerous benefits for these institutions. Not long ago, patient files were all on paper – placed into a folder that never left the physician’s office. But with the consolidation and reorganization of many healthcare organizations, this approach has become outdated and replaced by electronic records.

The cloud helps address this structural shift by solving many problems, such as the ability to store information off-site and allowing patients to access their records from home. In addition, physicians, nurses and administrators, who may need to work remotely or at multiple locations within a healthcare group, now have the freedom to track their work in real time by accessing and uploading critical information. Cloud-based storage and applications can boost collaboration and information sharing, leading to better communication between departments and specialties.

With the proliferation of connected healthcare devices that collect and transmit patient data, the scalability and larger storage capacity of the cloud helps drive this change. Organizations can cut down on operating and physical storage costs, while also streamlining efficiencies.

Do no harm

While there are many benefits of moving to the cloud, there also are inherent risks. The HIPAA Omnibus Rule requires patient data to be properly protected, regardless of where it is stored – and this includes cloud applications. Even vendors or healthcare partners that are working as a third-party firm, and do not necessarily view the stored data on a regular basis, must adhere to the same HIPAA regulations.

With the digitalization of patient data, new threats are putting hospitals increasingly at risk of compliance violations related to patient privacy violations, among other things. Simply storing data in the cloud is not enough. Similar to cloud-based data centers in business, security systems and policies need to be put in place to protect patient data and critical applications.

Many healthcare organizations consider implementing in-house security solutions to protect their cloud-based data, but this means they need around-the-clock staff to properly manage and respond to alerts – and finding and building this team is no easy task. IT teams are often already overwhelmed due to the large volume of security alerts generated each day, many of which are false positives, which means many hospital IT teams simply don’t have enough hours in the day to investigate each threat thoroughly. This opens up the organization to tremendous risk.

Why outsource?

So, how can a healthcare organization maximize the rewards of cloud-based data and applications while minimizing the security risks associated with these systems? One solution is to consider outsourcing the security monitoring, response, and compliance reconciliation to a managed security service provider (MSSP).

MSSPs are growing in popularity in healthcare, along with many other highly regulated industries such as banking and utilities. Their unique skillset and convenient service model is appealing to organizations with limited resources trying to meet stringent requirements. Plus, the costs associated with an MSSP are significantly less than building your own Security Operations Center (SOC) and maintaining the same level of service in-house.

However, not all MSSPs are created equal. That’s why it’s important to thoroughly evaluate MSSP candidates and cross-reference their healthcare expertise to ensure a seamless transition to the cloud.

Six questions for your MSSP

Here are some key questions to ask any potential MSSP prospect:

  1. Do you offer service level agreements (SLA) that provide the proper level of security needed for regulatory compliance and system availability?
  2. Can you provide an Attestation of Compliance for HIPAA?
  3. Does your company have a dedicated SOC? If so, can we have a tour?
  4. Does your mix of security services include 24/7 monitoring, breach detection and incident response?
  5. Will you agree to comply with our organization’s internal information security policies, as well as any data backup requirements, retention requirements and vulnerability scans required by regulation(s)?
  6. Does your standard contract include a termination clause, a right to audit clause and a limitation of liability clause?

For healthcare organizations with limited budgets and small IT teams, the MSSP model backed by a qualified partner can serve as an extension of their team, help close the security gap and make the most of moving to the cloud.

###

By Ken Adamson

Ken is VP of Product Management at Proficio, a market leading managed security service provider (MSSP). He brings over 23 years of experience in IT management software, both as a customer and vendor, and was previously the Vice President, Product Management for the Infrastructure Management Business Unit at CA Technologies and a Data Center Director for Solectron and Amdahl.

CloudTweaks

Established in 2009, CloudTweaks is recognized as one of the leading authorities in cloud connected technology information and consultancy services.

Are you a cloud services expert in a world of digital transformation? If so, contact us for information on how to become part of our growing cloud consultancy ecosystem.

CONTRIBUTORS

10 Ways The Enterprise Can Prevent Data Leaks In The Cloud

10 Ways The Enterprise Can Prevent Data Leaks In The Cloud

Prevent Data Leaks In The Cloud More companies are turning to the cloud for storage. In fact, over 60 percent ...
Countdown to GDPR: Preparing for Global Data Privacy Reform

Countdown to GDPR: Preparing for Global Data Privacy Reform

Preparing for Global Data Privacy Reform Multinational businesses who aren’t up to speed on the regulatory requirements of the European ...
What’s Next In Cloud And Data Security For 2017?

What’s Next In Cloud And Data Security For 2017?

Cloud and Data Security It has been a tumultuous year in data privacy to say the least – we’ve had ...
Bryan Doerr

Cyber-Threats and the Need for Secure Industrial Control Systems

Secure Industrial Control Systems (ICS) Industrial Control Systems (ICS) tend to be “out of sight, out of mind.” These systems ...
Chris Gerva

Why Containers Can’t Solve All Your Problems In The Cloud

Containers and the cloud Docker and other container services are appealing for a good reason - they are lightweight and ...
Imminent IoT Eye-Tracking Technologies To Transform The Connected World

Imminent IoT Eye-Tracking Technologies To Transform The Connected World

IoT Eye Tracking Smelling may be the first of the perceptible senses, but the eye is the fastest moving organ ...
Financial Management Finds a Welcome Home in the Cloud

Financial Management Finds a Welcome Home in the Cloud

Cloud Based Financial Management The most cautious person in any organization is likely to be the CFO. After all, they’re ...
The Five Rules of Security and Compliance in the Public Cloud Era

The Five Rules of Security and Compliance in the Public Cloud Era

Security and Compliance  With technology at the heart of businesses today, IT systems and data are being targeted by criminals, ...
What the Dyn DDoS Attacks Taught Us About Cloud-Only EFSS

What the Dyn DDoS Attacks Taught Us About Cloud-Only EFSS

DDoS Attacks October 21st, 2016 went into the annals of Internet history for the large scale Distributed Denial of Service (DDoS) ...
Principles of an Effective Cybersecurity Strategy

Principles of an Effective Cybersecurity Strategy

Effective Cybersecurity Strategy A number of trends contribute to today’s reality in which businesses can no longer treat cybersecurity as ...

NEWS

email as a service

Google Data Analysis, Artificial Intelligence and Predicting Vaccine Scares

Social media trends can predict tipping points in vaccine scares Analyzing trends on Twitter and Google can help predict vaccine ...
Hackers shut down infrastructure safety system in attack: FireEye

Hackers shut down infrastructure safety system in attack: FireEye

Hackers shut down infrastructure safety system (Reuters) - Hackers likely working for a nation-state recently penetrated the safety system of ...
U.S. IT Sector Employment Expands by 8,100 Jobs in November, CompTIA Analysis Reveals

U.S. IT Sector Employment Expands by 8,100 Jobs in November, CompTIA Analysis Reveals

DOWNERS GROVE, Ill., Dec. 8, 2017 /PRNewswire-USNewswire/ -- New hiring in computer and electronics manufacturing and technology services and custom ...