Medical Data Online: What Are the Risks?

Medical Data in the Cloud

Executive-level healthcare leaders must have a thorough understanding of cloud-based security risks. Patient data can vary from simple information such as height and weight to complex genetic markers that can predict the likelihood of developing conditions like cancer or Alzheimer’s Disease. While some information is more valuable to hackers than others, you need to understand and be prepared to deal with any security breaches that may arise in your facility.

There are myriad benefits and challenges that come with doctors and other healthcare professionals using electronic medical records. Protected health information is often stored in the data cloud and connects multiple organizations and providers to the patient when they need to make care decisions. Many experts believe that sending and storing medical data in the cloud improves the overall delivery system of the healthcare industry. However, it comes with some serious risks for the patient, providers, and even the healthcare facility as a whole.

Medical Data in the Cloud

Understanding the Issue

If you’re in charge of healthcare data or clinicians who create, document, and save this vital information, you need to understand the real value of a patient’s medical record. Hackers are everywhere and continually search for new ways to gain access to personal information. On the black market, a credit card number is sold for about 25 cents, and a single social security number is only worth about 10 cents. However, one entire medical record, which contains demographics, past addresses, employment information, and financial data is worth hundreds or even thousands of dollars to cyber-criminals.

Most facilities know how important it is to securely store physical medical documents and then shred them properly in compliance with HIPAA when the time comes. But because almost all protected healthcare information is electronic these days, clinicians and administrators must be extra prepared to implement processes, identify workarounds, and correct any risks for data breaches they identify. Some hospitals have created solutions such as charting patient details into an Excel spreadsheet at the point of care. This data will be transcribed into the electronic medical record later. This is just a short-term solution to a long-term problem, and it comes with its own set of security risks even when working on encrypted computers or tablets.

Healthcare professionals like doctors, nurse practitioners, and therapists must be aware of the risks and make smart decisions when it comes to patient data stored in the cloud. Organizations such as the American health Information Management Association (AHIMA) has called for standards for content and documentation, continuous quality improvement, and consumer education to bring more awareness to the inherent risks of cloud-based storage of healthcare information. All data is valuable to hackers, but some forms of data pose a greater threat to the lives of the patient if placed in the wrong hands.

Genomics Broadens the Issue

Studying genetic factors has only been around for about a half-century. In the 1990s, the National Institutes of Health and the Department of Energy partnered to sequence a complete set of DNA in the body, commonly known as the Human Genome Project. Today, this research has discovered more than 1,800 disease genes and over 2,000 genetic tests for human conditions. The advancements in human genetics are impressive. However, cloud storage is improving the sequencing of human DNA by providing access to large data sets, reducing the cost of predictive genomics, and increasing the quality of research.

The dangers of storing genetic data on the cloud are just as palpable as the advancements. DNA stored on the cloud is de-identified, but this may not be a fool-proof way to keep information secure. Large quantities of genetic information are uploaded daily, creating an increased risk of identity theft and even leaving some people vulnerable to discrimination by insurers and employers, if the wrong people obtained their genetic information. These risks have created a significant need for well-trained IT personnel with degrees in cybersecurity.

Looking for a Solution

As an executive-level administrator, you need to determine how you will respond when you’re facility or agency is hit with disastrous consequences of storing health-related data on the cloud. One way of planning for both human-made or natural disasters that could leave your data vulnerable is by developing a business disaster recovery plan that will protect your consumer’s information.

Developing a plan for health data must include details such as education for all staff members on phishing scams and other methods hackers use to access data. You may even want to consider using a traditional backup, such as a physical server onsite for data storage of critical information.

Along with your plan, make sure to research every vendor you use before you purchase any technology, hardware, or software. Ask the vendor about their encryption and be sure your browser and any apps you use are encrypted before uploading and downloading data. If your cloud-based storage is hacked, know your plan for addressing the breach. Include details such as notifying any Government or regulatory agencies, patients, and how to address public scrutiny. Being prepared for any data-breach is at least half the battle of helping your institution survive any legal and financial backlash that might happen.

Keeping Your Institution’s and Consumer’s Information Safe

Healthcare administrators must be more tech-savvy today than ever before. Whether your institution uses an electronic health record for patient documentation or you’re involved in research that utilizes big data to improve the care of patients, you must be in-the-know about your responsibilities and risks at all times. Use this information to create a plan to keep your facility’s data secure and out of the hands of hackers.

By Sam Bowman

Peter Tsai

Infrastructure-as-a-Service Security Responsibilities

Infrastructure-as-a-Service Updated: 11.19.2020 What is IaaS? Infrastructure as a Service (IaaS) allows you to rent computing resources from a third party that you then access through the web. You essentially outsource having to set up ...
Kevin Julian

Patients Increasingly are embracing technology, and so must the pharmaceutical industry

Patients Increasingly Embracing Technology COVID-19 has driven home the need to use digital solutions more broadly, which means C-Suites may be turning to their CTOs for advice As lockdown restrictions went into effect due to ...
Signal Messenger: How to Successfully Resist Wiretapping Attempts

Signal Messenger: How to Successfully Resist Wiretapping Attempts

Successfully Resist Wiretapping Attempts Against the backdrop of events in the US, the popularity of the Signal secure messenger has grown sharply - from 6,000 to 26,000 downloads per day. This software uses strong cryptography ...
Mike Johnson

Data Transmission Travel Plans – From The Ground Up

Don’t Forget Networking The term “cloud” was first used by the telecomm industry in early schematics of the Internet to identify the various, non-specific uses data was put to at the end of their cables ...
Ian Hayes

Pick The Right AWS Course And Ensure A Brighter Future Ahead

Picking The Right AWS Course As the leader of the pack, AWS (Amazon Web Services) is the fastest-growing public cloud service in the industry, and it's all set to extend its dominance with a 52% ...
Steve Prentice

The Human Element of Zero Trust

The Awareness of Malicious and Threat Actors Security specialists have long known that a single weak link in a chain is all that is needed to bring down a cyberdefense. Sometimes this comes down to ...