The healthcare cloud has been growing incredibly, becoming an ever-more-important element of health information technology, or HIT. There are many reasons why the HIT cloud has been becoming more prominent, such as research and development and collaboration.
Since the cloud has been expanding so rapidly, this may be a good time to reconsider security -- and that means understanding the threat, reviewing best practices, and heightening awareness of emergent approaches.
1. Understand the cloud is only getting bigger.
The healthcare cloud market will increase at a compound annual growth rate (CAGR) of 18 percent from 2018 to 2023, Orbis Research recently predicted.
The market will experience growth at an 18 percent CAGR from 2018 to 2023, according to Mordor Intelligence.
There are many reasons the cloud has been becoming a more common IT strategy in the healthcare sector, among them the following:
For all the above reasons, healthcare providers, plans, and other firms within the industry want to take full advantage of the cloud.
While these strengths of the cloud certainly are compelling to organizations, security also must be a key concern. Especially since issues of compliance and liability surround this critical data, organizations within the industry should be concerned to see how common breaches are becoming: 5.6 million patients were impacted by 477 healthcare breaches in 2017, according to the end-of-year breach report from Protenus.
Also illustrating how common health sector breaches have become and how much they cost is last year's NetDiligence Cyber Claims Study.
First, healthcare sustained 28 percent of the total cost of breaches, even though it represented only 18 percent of cyber insurance claims. The averagehealthcare breach cost was US$717,000, compared to the overall average of $394,000.
Given the incredible numbers, there is a pressing need to prevent breaches. To secure your healthcare cloud (much of this applies to the security of electronic protected health information, or ePHI, in any setting), you will need to take technical steps such as encrypting data in transit and at rest; monitoring and logging all access and use; implementing controls on data use; limiting data and application access; securing mobile devices; and backing up to an offsite location. Also do the following:
Giving substantial security training to your personnel at first may seem to be an unnecessary hassle. However, this process "equips healthcare employees with the requisite knowledge necessary for making smart decisions and using appropriate caution when handling patient data," noted Digital Guardian's Nate Lord.
Beyond meeting traditional parameters for data protection, how can you improve your security moving forward, given an increasingly challenging threat landscape? Here are several ways to approach security that many healthcare organizations either have been considering or already have implemented:
These technologies can be used within threat intelligence tools to leverage evidence-based knowledge for insight into how threats are evolving. Through these systems, you can figure out how best to set up defenses that can keep your network safe today and as time passes.
While most companies apparently believe that threat intelligence is an important part of security, they have been unable to make the best use of it because they are not able to properly manage the amount of data that is generated and assimilated by these systems.
Thus, the breadth of threat data is itself a threat to organizations. While using threat intelligence platforms is difficult and complex, they are very important to protect a healthcare organization. One aspect of threat intelligence that is interesting is that it relies on information sharing and community support,noted Elizabeth O'Dowd in HIT Infrastructure.
Examples range from security cameras to blood pressure monitors. The Federal Bureau of Investigation (FBI) actually just released a report ondefending IoT systems. For connected device security, here are the bureau's recommendations:
Change is not easy; however, it is a necessary component of a strong defense. By making sure that you are following current security best practices and are aware of new trends in the security landscape, you can be better prepared as threats continue to evolve.
Above all, continue to inform yourself and your staff for stronger protection.Nelson Mandela once said, "Education is the most powerful weapon which you can use to change the world."
Perhaps, by the same token, it is the most powerful weapon you can use to improve your healthcare security.
Required fields are marked *
Get all latest content delivered to your email free.