Healthcare Cloud Security: Key Concerns Addressed!
In our ever-evolving digital era, healthcare providers have long made the switch to digital records and implement EHR (or Electronic Health Record) capabilities. Thus, being able to store information offsite is becoming more and more important. The digital data also likely needs to remain accessible from multiple locations, which further underlines the need for strong healthcare data security measures.
Among those measures, cloud computing for healthcare is – rapidly and constantly – evolving into a key area for covered entities, as practitioner are seeking out the best option to keep ePHI (standing for “Electronic Protected Health Information”) secure without hindering daily operations.
To optimize its efficiency, healthcare providers not only have to understand the benefits cloud computing can bring but they should also be aware of all the potential security concerns this digital option may pose. By this way, finding a secure solution that does not disrupt physician or staff member workflow and is not an impossible feat for covered entities remains a key priority.
Healthcare Cloud Computing Market: Its Exponential Growth
Within the tech-driven healthcare landscape, digital health and cloud-based services stand out as super-powerful tools that empower healthcare organizations – not only to achieve compelling cost savings but also to meet their needs for greater business flexibility and a secure unified platform for managing patient data.
Recent market researches reveal that the cloud model is an increasingly appealing IT strategy for healthcare decision-makers. According to MarketsandMarkets, the healthcare cloud will hit staggeringly $9.48 billion by 2020, growing from $3.73 billion in 2015 at a compound annual growth rate (CAGR) of 20.5 percent.
Similarly, Esticast has projected that “Healthcare Cloud Computing Market is expected to reach $25.7 billion by 2024, having a CAGR of 23.4% during the forecast period of 2017 to 2024. The private cloud segment gained the highest revenue share in the global healthcare cloud computing market”. Finally, Mordor Intelligence also forecast that such an industry of healthcare cloud would expand by approximately 18 percent from 2018 to 2023.
Alongside these huge benefits and great potential growth, nevertheless, transitioning IT operations to the cloud does introduce several new storage, management and security challenges.
Thus, it’s more than vital to well address these major challenges as well as propose in-depth guidance for healthcare organizations migrating to the cloud.
Digital Healthcare Cloud Security: Key Challenges & Their Guidance
#1. Explosive Data Growth
These days, healthcare organizations, whether provider, payor, pharmaceuticals, or life sciences
worldwide, face an ever-growing
deluge of data that must be stored, managed and protected. Patient data, stored
in tools such as EMRs (Electronic Medical Records), EHRs (Electronic Health
Records) and PACS (Picture Archiving and Communication System), are
increasingly scattered across distributed remote locations — both in file
servers and on endpoint devices such as user laptops and smartphones.
The unprecedented growth in patient data, driven by the adoption of new digital technologies such as sensors and wearables, together with long data retention requirements (HIPAA stipulates six years), does present an urgent demand for elastic file storage capacity. The cost of scaling and upgrading traditional network-attached storage (NAS) appliances to meet this massive data growth is no longer viable.
To reduce such rising storage costs, it’s imperative that every single healthcare organization seek to migrate from local file storage to cost-effective yet scalable cloud storage.
#2. Ransomware and Other Security Threats
There is no denying that healthcare information system has been a prime target of cyberattacks in recent years. For instance, in April, 2018, the United Kingdom’s National Health Service (NHS) was brought briefly to its knees by an international cyberattack, WannaCry, which wasn’t the first time of such kind of attack. As many as 70,000 devices—laptops, desktops, mobile devices, and other machines—were infected with what appeared to be ransomware.
Due to antiquated IT systems and a lack of advanced security tools, there remain several hospitals and healthcare providers who find themselves potentially vulnerable to hackers looking to steal private and sensitive information. This vulnerability is reflected in the headline-generating ransomware attacks against hospitals in recent years. These attacks lock down a hospital’s IT systems and demand a ransom payment (typically in bitcoin) in return for a decryption key.
In the meantime, those attacked hospitals lose access to their email systems, EHRs as well as the internal operating systems. In many cases, hospitals were forced temporarily to return to pen and paper for record-keeping. Remediating such an attack, including data restoration, can take days or weeks, and as a result, most hospitals simply prefer to pay.
In 2018, for example, Hancock Regional Hospital in Indiana paid whoppingly around $55,000 in bitcoin to its restore encrypted files. Before that, Hollywood Presbyterian (California) also had to pay hackers around $17,000 in bitcoin after suffering a widespread attack.
On the other hand, hospitals with effective data backup and disaster recovery systems in place were able to weather these attacks without compromising data and without paying the ransom.
Therefore, setting up of a well-functioning patient data backup and recovery should never be an afterthought for healthcare organizations once they decide on building their Health IT Infrastructure.
#3. HIPAA Compliance and Handling PHI
Health Insurance Portability and Accountability Act (HIPAA) and similar legislation regarding the privacy of medical records require the placement of physical and electronic safeguards to ensure the secure passage, maintenance and reception of protected health information (PHI). Under such obligations, it’s required that sensitive information has to be governed with the strict data security and confidentiality, while obligating organizations to provide PHI to patients upon request.
To ensure HIPAA compliance, it’s a “must” that healthcare providers securely store all sensitive files in an on-premises data center, private cloud or virtual private cloud (i.e., AWS GovCloud). Public SaaS platforms, like Dropbox, are not highly recommended as they do not fully meet HIPAA’s data privacy, security or sovereignty requirements.
However, with files locating on users’ workstations, laptops, mobile devices and departmental servers across the organization, complying with these regulations is extremely challenging. Thus, what’s needed is a more centralized approach to storing, managing and protecting these files, which is one of the key strengths of centrally managed cloud storage.
Using such a platform, health organizations and systems can ensure that all files containing patient information are centrally stored and monitored, enabling them to strictly comply with all the HIPAA and other data privacy rules.
#4. Edge-to-Cloud Computing for Digital Healthcare
Whilst healthcare providers are migrating data storage to the digital cloud, the majority of healthcare data are created at the edge by medical professionals and Internet of Things-enabled devices. By storing and processing the data where they are created, healthcare institutions can reduce the time as well as bandwidth overhead involved in retrieving these pieces of information from the cloud. Another attractive advantage of edge storage is that it assures data availability during a network outage.
Until recently, the cost and scalability advantages of cloud-based file storage – usually – came at the expense of performance, latency, and data availability. Fortunately, edge-to-cloud file services emerge to bridge this gap, enabling health practitioners not only to manage data securely and efficiently but also make whichever necessary data instantly available to medical teams.
In practice, accessing the most up-to-date patient information (for instance, allergy history) can be – in many cases – a matter of life and death. In others, like viewing a PACS image, fast data access is vital for delivering the best treatment and care.
Cases of Real-World Edge-to-Cloud File Services Use
So, let’s imagine a mobile app that enables field physicians to access files securely wherever they are!
With such a wonderful technical breakthrough at your disposal, all information is firmly stored in the organization’s data center; thus, even if you lose or damage your laptop, patient data remain within the organization.
Plus, physicians have anytime-anywhere access to the files they need,
with the real-time ability to upload images and sound recordings to the cloud. Instead
of struggling to send large images as email attachments, all the users can
upload these files to the cloud and send a secure hyperlink to their recipients
at their ease. Such a type of file sync & share functionality has already
been implemented for healthcare providers around the world.
Another possible application of edge-to-cloud involves wearable sensors that track heart rate and blood pressure. Actually, these sensors are already popular among sports enthusiasts. In practice, these always-on devices will generate a tremendous amount of data. Thereby, rather than sending all the data to the cloud, the app could process and filter the data in a highly secure manner at the edge and then send only the relevant data (i.e., EKG for the last hour) to the cloud.
Key Ingredients of a Secure Edge-to-Cloud Storage Solution
As regards architecture, a secure multi-cloud data management solution typically comprises three key components:
- Cloud storage gateway appliances installed on premises at the healthcare provider’s distributed sites
- Software agents and apps for endpoint backup and mobile collaboration
- Centralized, cloud-based management for managing services, users and connected devices.
Besides, end-to-end data security and privacy protection must be implemented at all levels.
Cloud Storage Gateways/Edge Appliances
Cloud gateways deployed at the edge are going to streamline cloud storage access for remote sites. Whether deployed as a physical or virtual appliance, the filers should perform file caching to optimize user experience and reduce latency. Smart caching solutions allow organizations to move cold data to cost-effective cloud object storage, which also locally cache frequently used files for fast access.
Not only do cloud gateways deliver unlimited file access but they also foster seamless collaboration to remote branch users, with visibility to all organizational files centralized in the cloud.
This component supports private in-firewall endpoint file services for remote laptops, servers and mobile devices. Typically, these services may include secure file access, collaboration, source-based global de-duplication, backup and sync functionality.
With this software agent, all users will be granted the access to all cloud-based files from any device – regardless of local storage constraints. Plus, endpoint applications enable highly efficient and end-to-end secure transmission of data across the network.
Amazingly, centralized, cloud-based management of unstructured data — wherever it resides — will allow healthcare users to gain complete visibility into patient health from a single authoritative source.
By managing endpoint apps, cloud gateways and applications running in the cloud, such a component provides comprehensive insight and direct control over organizational data. This unified approach eliminates data silos and islands created by traditional Network-attached storage (NAS) and file servers.
In practice, data management and service orchestration tasks typically include data protection, file sync & share services, provisioning, monitoring and alerts. Additionally, to ensure data sovereignty, this component should support role-based access control and granular event logging.
End-To-End Data Security
It goes without saying that storage security and shareability of sensitive patient data are fundamental requirements for healthcare providers. Data security must be FIPS 140-2 (known as “The Federal Information Processing Standard Publication 140-2”) and HIPAA compliant with tools that provide administrators with complete control over information — where it’s located, when and with whom it is shared.
To ensure the maximum data safety, security features should include 100% in-firewall deployment, advanced encryption standard (such as AES-256) in transit and at rest, private key management, strong authentication and policy-based DLP (Data Loss Prevention Software) controls for storage and collaboration.
The Bottom Lines
With the dominance of IT over our space, the healthcare industry has been dramatically transformed with the rapid process of migration to the cloud, thereby freeing healthcare organizations of the burden of acquiring, maintaining, and securing IT servers and storage infrastructure on premises.
And, as healthcare providers have advanced their digital transformation initiatives, secure edge-to-cloud file services offer concrete advantages over traditional file storage. Not only does such a new approach maintain the highest levels of data privacy and compliance but it also modernizes branch office file storage.
At the same time, it opens golden chances for healthcare providers to dramatically reduce storage costs and total cost of ownership, streamlining multi-cloud data management as well as enhancing productivity and user experience.
This article is also credited to Saimon Michelson and David Houlding.
You May Also Like: Top 3 Health Tech Trends That Shape the Industry in 2019.