How Do Healthcare Organizations Mitigate Security Risks As They Move More To The Cloud?
By Rich Campagna, SVP Product, Bitglass
Given the high value of healthcare data — Social Security numbers, treatment records, credit information, and more sensitive personal information — the cost of a breach to a hospital or health system can be devastating. The cost per leaked record for healthcare firms topped $402 in 2016, according to Ponemon: is a massive cost given the number of records lost as a result of each hacking-related breach.
According to a Bitglass automated analysis of 100,000 companies’ cloud apps, the cloud adoption rate in healthcare in 2016 was under 49 percent — the second lowest of any industry. Because healthcare institutions handle a large amount of personally identifiable information (PII) and protected health information (PHI), compliance with regulations like HIPAA are of critical importance. Beyond this, high-profile events like the Anthem breach in 2015 (in which the data of tens of millions of patients was hacked), can scare healthcare firms from migrating to the cloud. However, there are tools that can protect PII and PHI, ensure regulatory compliance, and offer end-to-end security.
There are significant cloud benefits for healthcare organizations. The cloud allows IT to save money on data storage and increases storage capabilities. There is less cost associated with cloud maintenance than with current and legacy IT maintenance — the cloud is scalable and elastic with your data load. It also allows for easier collaboration and data analytics within healthcare teams, across devices. Most importantly from a security standpoint, there are third-party vendors to bolster public or private cloud native tools.
How To Address Cloud Security In Healthcare With Data-Centric Technology
While the threat of data leakage will always exist, healthcare IT departments can stay a step ahead with respect to data-centric security. Many have already seen great success when migrating to cloud and deploying cloud access security solutions to protect data as it moves beyond the network perimeter.
Data-centric security is ideal to secure healthcare data in the cloud because it enables data security on any device, without agents. It protects data end-to-end, from any cloud app to any device. It can also enforce access controls, limit sharing, protect against malware, and avoid data leakage across multiple cloud apps. In the healthcare sector, a number of security precautions should be taken both to protect data on mobile devices and in the cloud, and to achieve compliance under HIPAA.
In order to be HIPAA compliant in the cloud, security must:
- protect data in transit with end-to-end encryption between any employee's device and the cloud
- securely authenticate users with single sign-on and automatically step up to multifactor authentication for risky logins
- track downloads, sharing permissions, usage, and more with detailed audit logs
What’s Next For Healthcare And The Cloud?
Healthcare cloud apps lack critical controls for data security that could significantly reduce the risk of a breach. While some organizations can identify potential leaks after the fact, few organizations can remediate threats in real-time. These security threats need to be mitigated if healthcare is looking to move more data to the cloud to speed up productivity and lower IT costs.
Breaches and information leaks are unavoidable in every industry, but healthcare remains one of the biggest targets. While threats to sensitive healthcare data will persist, increased investments in data-centric security and stronger compliance and disclosure mandates are driving down the impact of each breach events.
About The Author
Rich Campagna drives product management and marketing at Bitglass. Prior to becoming an integral team member at Bitglass in April 2013, he was senior director of product management at F5 Networks, responsible for access security. Rich gained valuable experience in product management and sales engineering at Juniper Networks and at Sprint before working at F5.