Ready or not, the cloud is revolutionizing healthcare. Healthcare employees bring hundreds of cloud applications into the workplace, often without IT’s knowledge. As Forbes’ Dan Munro recently reported, the average healthcare organization employs 928 cloud services, but only 7% meet enterprise security requirements.
This adoption, however, is not led by rogue employees. Conversely, healthcare employees typically bring cloud services into the workplace in order to work more efficiently. Cloud computing offers huge benefits for healthcare organizations. An article shared by American Cancer Society CIO Jay Ferro declared the cloud “platform revolution” the number one health trend shaking up the medical industry. Medical professionals want to access data from multiple devices and locations, a feat easily accomplished through cloud services. This is the reason healthcare employees on average upload 6.8 TB to the cloud each month and use 188 different collaboration services.
— Jay Ferro (@jayferro) June 24, 2015
Regulatory and organizational security requirements can cause IT to take a locked down approach to information security, potentially leading to a tense, antagonistic relationship between IT and healthcare practitioners. However, data is often uploaded to the cloud without IT’s knowledge and despite their efforts to block cloud applications. Shadow IT is one of the challenges that compose the threat landscape for healthcare today. Richard Corbridge of the Health Service Ireland shared a quote about the imminent threat to health data and the consequence of reputational damage for breached organizations. The fallout from a data breach is not only limited to reputation, or even to that organization. In the aftermath of a healthcare data breach at a provider like Anthem, stolen healthcare records pose additional ongoing risks for other enterprises, since their employees are more likely to fall victim to social engineering schemes and comprised credentials.
— Richard Corbridge (@R1chardatron) June 30, 2015
This concerning trend has not gone unnoticed by IT professionals. Findings shared by Symantec Health IT Officer David Finn state 90% of healthcare IT professionals believe information security has become a higher business priority over the past year. Insider threat is a top priority; 64% of respondents reported an insider as the source of a significant security incident. More than 80% of respondents said security-related technologies must evolve, pointing to the need to update antiquated security models that fail to address the emerging threats posed by widespread cloud adoption. The onus to improve security also falls on cloud providers. Just 15.4% of cloud services support multi-factor authentication, a key step for securing access to sensitive data.
Survey: IT Professionals Cite Importance of Cybersecurity – iHealthBeat http://t.co/Vm7EzOPL9d
— David Finn (@DavidSFinn) July 1, 2015
Healthcare IT professionals don’t have it easy. The healthcare industry poses unique information security challenges, argues an article shared by University of Mississippi Medical Center CIO David Chou. A large number of employees need to access patient records, and many are contract workers who change organizations frequently. Employees rely on a variety of devices to get their work done, so IT must account for laptops, mobile devices, and specialized medical devices in addition to the standard desktops and servers.
Storing data in the cloud offers a potential solution for some security challenges. Lost devices are a huge concern for healthcare companies. One anecdote from the article describes a physician who took his laptop home, where it was stolen. “He had a lot of patient information on his laptop, and had that laptop encrypted, as he should have. But he put a sticky with the password on the laptop.” Cloud services enable a data security strategy, versus the old model of securing individual devices and the network perimeter.
Healthcare organizations face unique security challenges http://t.co/ju1FNByeY4
— David Chou (@dchou1107) June 14, 2015
The nature of medical data also makes healthcare companies prime targets for complex attacks, like the malware described in an article shared by Bob Carver of Verizon. Medical records are worth 10-20 times the amount of a credit card number for hackers because they cannot be altered and can be used to open multiple fraudulent accounts. Attackers in this instance predominantly targeted the healthcare industry with the Stegoloader Trojan; these organizations made up 43% of all targets, with financial institutions a far second at 13%. While healthcare IT certainly has their work cut out for them, emerging technologies and a hands-on approach offer the promise of a hugely positive impact on the industry.
— Bob Carver (@cybersecboardrm) June 29, 2015