As more healthcare organizations implement mobile devices and increase their digital storage options, cloud is likely to become a core technology for the healthcare industry. Indeed, cloud options such as cloud-based electronic health record (EHR) can address the key needs of medical organizations: facilitating mobility and providing patients with faster and more efficient care. However, in the light of major healthcare breaches (such as those at Anthem Inc. and Premera Blue Cross), the discussion about security in the cloud and the potential impact of cloud on data privacy and protection becomes quite intense. Although cloud providers heavily invest in secure environments and customer data integrity, they often fail to inspire the confidence of potential cloud users – mainly because of risks associated with unauthorized access by employees and third parties, sophisticated cyber attacks, and lack of visibility into what’s going on across critical IT systems.
In 2016 Netwrix conducted its annual Cloud Security Report, which encouraged more than 600 IT professionals from multiple industries, including the healthcare sector, to share their biggest cloud concerns and their experiences with data security. Here are some insights shared by healthcare providers:
Сloud Adoption Rates Across Healthcare Organizations
According to the report, many healthcare organizations recognize the benefits of cloud technology, such as greater flexibility (80 percent), scalability (60 percent) and availability of systems and applications (60 percent). However, the absolute majority (100 percent) are not ready for a big cloud move. Despite cloud providers’ efforts to strengthen the security of cloud environments, not all healthcare organizations believe that these controls are adequate. In fact, 40 percent of the organizations noted that they will not move their entire IT infrastructures to the cloud due to security concerns. While 50 percent of healthcare organizations stated that the cloud has improved the security of systems and data, 20 percent claimed that their security posture got worse after their cloud migration.
Top Cloud Security Concerns
Healthcare providers express nearly the same thoughts about cloud technology issues as financial institutions. Their key areas of concern include security of data and systems (64 percent), loss of physical control over data (57 percent), and regulatory compliance (50 percent). The vast majority of respondents (61 percent) name insider misuse as one of the top security risks related to cloud technology and believe that malicious activities of their own employees pose more danger to sensitive data than anything else. The main reasons why many healthcare organizations are skeptical about cloud security are the risk of unauthorized access and account hijacking (64 percent) and the inability to enforce security policies at a provider’s site (57 percent).
Visibility As The Key Security Guarantee In The Cloud
The inability to monitor the company’s critical assets is another significant issue mentioned by 57 percent of healthcare organizations. This one deserves special attention, because failure to ensure control over business-critical data can make healthcare organizations extremely vulnerable to cyber threats and increase the risk of security incidents. It’s no wonder that 93 percent of respondents stated that the most critical part of strong security is visibility into what is going on across their IT environments.
Since healthcare providers collect and store large volumes of highly valuable personal health information (PHI) and other personally identifiable information (PII), data security will likely remain their top priority. However, the need to comply with a wide range of industry regulations, limited security budgets and a shortage of IT personnel can make data protection a challenging task for healthcare providers. To take advantage of the many benefits that cloud technology can offer, healthcare organizations need to first tackle the lack of control over critical changes and user activities in the cloud, so they can reduce the exposure of their sensitive data to advanced cyber threats. Solutions that deliver user behavior analytics can help healthcare organizations become more vigilant for signs of suspicious activity, promptly address security incidents and reap the benefits of cloud technology while ensuring security and compliance.
About The Author
Michael Fimin is CEO and co-founder of Netwrix, a provider of a visibility platform for data security and risk mitigation that enables healthcare organizations to gain control over what’s going on in the most critical areas of their IT infrastructures, ensure data integrity, and reduce time preparing for compliance audits.