How cloud
security best
practices keep
hospitals healthy

Author: Gary Hilson

The benefits of cloud computing in healthcare are hard to ignore. Cloud-based infrastructures can reduce capital expenditures and optimize operating costs by providing as-a-service options and enabling hospitals to scale computing, storage and other services as needed. Scalability and mobility are the big wins, but hospitals and other medical facilities must be able to ensure their systems are meeting security standards to get the most out of the cloud. Following cloud security best practices is critical, especially given the strict regulatory and compliance obligations in the healthcare sector.

Having the right mix of network security solutions will help healthcare organizations protect their data. To make the most of these solutions, IT decision makers and cyber security specialists must take a holistic view and ensure that best practices are followed.

Cloud computing in healthcare facilitates patient care everywhere

For many healthcare organizations, supporting on-premises computing, networking and storage is not a viable option. The return on investment, compared to the total cost of ownership, is not worth it. For hospitals, patient care is the priority; the regular overhead to keep in-house systems updated and secure is onerous. A cloud computing model can help a hospital reallocate its budget to where it is most needed. And care is no longer delivered solely in hospitals and doctor's offices; cloud computing is critical to enhancing and improving virtual care and telehealth. Edge computing also facilitates near real-time artificial intelligence that can support clinical diagnostics and mid-procedure insights. A streamlined cloud computing infrastructure requires fewer in-house IT staff, and that means more operating capital to spend on innovating on the hospital floor and optimizing the use of cloud-enabled applications and services.

Patient records are a huge data pool that's only getting bigger; cloud computing helps hospitals scale as records accumulate. Hospitals must also connect with other facilities and share data to maintain continuity of care as patients are discharged to their homes or to other facilities. Cloud computing makes these connections easier and simplifies medical record-sharing. When a patient arrives at a hospital, doctors can have the patient's complete medical history available to guide diagnosis and care.

Cloud security best practices are the cure for what ails healthcare organizations

Cloud computing is, in theory, more secure than on-premises storage. Because data is not stored on-site, it is less susceptible to damage or loss from disasters such as fire and flood. Hardware failures are mitigated by networked data backups. Encrypted servers add an extra layer of data protection. However, the cloud is not immune to cyber attacks.

While cloud computing can enhance and simplify security, there are still cloud security best practices to be followed and roles for hospital IT and cyber security specialists to play. Even before the healthcare sector started adopting cloud computing, hospital security was already evolving. As healthcare organizations deployed wireless networking and mobile computing, potential pathways into the network grew. The hospital was still a castle, but its moat was shrinking.

Cloud computing shrinks that moat even further. Its myriad access points enable communication, collaboration and mobility—but they also create new vectors for threat actors to exploit. Employing cloud security best practices will help hospitals monitor, remediate and secure their infrastructures against numerous vulnerabilities, including:

  • Data breaches and data loss
  • Hacking of user accounts
  • Compromised security by the accidental or malicious actions of an employee
  • Malware and ransomware
  • DDoS attacks

Hospitals and healthcare organizations must deal with regulatory and compliance obligations—they must adhere to Health Insurance Portability and Accountability Act (HIPAA) guidelines and safeguard patients' personally identifiable information, for example. Strict adherence to cloud security best practices will make compliance easier.

Cloud computing lets organizations offload some of the security burden to the various computing, storage and networking providers they contract, and many of those providers are now baking end-to-end security into their services. However, healthcare organizations still bear some responsibility for safeguarding systems and information.

A healthy security regimen is the best medicine

Cloud computing providers are always looking to increase their security, but healthcare organizations must understand the measures that have been put in place, that they are appropriate for sensitive workloads and that they are in line with compliance obligations.

Because there are so many access points and users, hospitals need a solution to manage identities and access. This solution should be enforceable across every IT environment and should include role-based permission capabilities and multi-factor authentication to prevent unauthorized users from accessing sensitive information. The policies governing it should outline what data can be stored in the cloud and who can use cloud services and how.

Everyone plays a role in maintaining security, even when applications and data are moved to the cloud. The staff must be trained to recognize increasingly sophisticated phishing attacks and should be trained in creating strong, secure personal passwords. Educating the security staff is an investment, but it is essential, as the threats attached to cloud computing are evolving as rapidly as its benefits.

Cloud computing does not negate the need for endpoint security. Keeping track of and applying security protocols to every device is an ongoing process; regular checkups, in the form of audits and penetration testing, can keep your cloud security strong.

Most importantly, IT and cybersecurity specialists must be clear on who is responsible for securing what in a cloud computing environment. A cornerstone of cloud security is a shared responsibility model between the healthcare organization and the provider. However, each provider configures security differently, even if the application or service is the same.

This shared security responsibility demands that healthcare organizations follow a strong regimen of security best practices if they are to fully and safely realize the benefits of cloud computing.

Discover how Verizon's healthcare security solutions can help you mitigate the risk of cyber threats, maintain continuity and deliver on the promise of digital health.

The author of this content is a paid contributor for Verizon.