In the first half of 2015, the health care sector suffered from more data breaches than any other industry, according to data compiled by the Breach Level Index.

The leading cause of health care data breaches is people doing something that they shouldn’t. This may include employees losing or misplacing devices, sharing their password or access token with unauthorized parties or sending patient data to the wrong recipient. The number of leaks is only expected to rise in the near future since health data is estimated to be worth 10 times more than credit card data on the black market.

Cloud Services’ Treats for Health Care

Cloud solutions have the potential to reduce the negative effects of human error. By storing data in the cloud, there is no need to carry patient data on mobile devices or to send records by fax, post or email. Furthermore, advanced solutions for identity governance prevent unauthorized access to patient data.

Another advantage is that patient data is still accessible when devices are lost or stolen. With cloud solutions, the backup and recovery of data is easier, even if individuals have accidentally deleted emails or altered patient records.

No security technology is perfectly secure. The short life cycle of proposed encryption and authentication techniques, as well as the plethora of research frequently making headlines, could make it difficult to select a solution that is right for a specific health care service. Partnering with a security services vendor relieves health care managers of these highly specialized IT decisions.

Finally, cloud service providers are likely to maintain a state-of-the-art secure environment because that is what gives them a competitive advantage. Selling services with promises for flexibility and cost reductions is no longer a differentiator. Cloud service providers need to be able to take away at least some of the worries about patching, physical security and security certificates. As a result, they have specialized teams who are expertly trained and dedicated to managing all the operational security tasks related to the underlying security infrastructure, platforms and software.

However, these providers cannot take over all responsibility.

The Tricky Parts for Health Care Organizations

Health care organizations that outsource to cloud services still have to acknowledge the obligation they have to security and data governance. In spite of handing over operational tasks, enterprises continue to face difficult decisions about data ownership, data access, sharing of patient records and collaboration with other organizations. On top of that, they need to keep checking that the service provider meets all the requirements as stated in the contracts and data protection regulations. This is not an easy undertaking. It requires the support of additional experts to deal with particulars such as:

  • On-site audits;
  • Knowledge of privacy legislation in different states and countries;
  • Procedures for incident management;
  • Preparations for crisis communication in case of a breach.

We have learned from the financial and entertainment industry that the reputational and personal damage caused by a cloud data breach can be disastrous. This not only affects the patients and the health care organization that owns the data, but also the service provider.

The service provider might be held liable for data breaches, which could take them out of business. When health care organizations prepare their business continuity plan, it is wise to include an escape plan for when the provider does not survive or does not deliver according to expectations.

Turning the Tricks Into Treats

A prepared health care organization can turn the tricky bits of data protection into treats by following the best practices for cloud security and by demanding their service provider offer a complete cloud security portfolio — including managed access, data security, monitoring of security breaches and compliance violations and optimized security operations. Cloud services providers are fully equipped to deliver these secure solutions; all health care organizations have to do is find the right partner.

More from Cloud Security

Cloud security evolution: Years of progress and challenges

7 min read - Over a decade since its advent, cloud computing continues to enable organizational agility through scalability, efficiency and resilience. As clients shift from early experiments to strategic workloads, persistent security gaps demand urgent attention even as providers expand infrastructure safeguards.The prevalence of cloud-native services has grown exponentially over the past decade, with cloud providers consistently introducing a multitude of new services at an impressive pace. Now, the contemporary cloud environment is not only larger but also more diverse. Unfortunately, that size…

The compelling need for cloud-native data protection

4 min read - Cloud environments were frequent targets for cyber attackers in 2023. Eighty-two percent of breaches that involved data stored in the cloud were in public, private or multi-cloud environments. Attackers gained the most access to multi-cloud environments, with 39% of breaches spanning multi-cloud environments because of the more complicated security issues. The cost of these cloud breaches totaled $4.75 million, higher than the average cost of $4.45 million for all data breaches.The reason for this high cost is not only the…

Accelerating security outcomes with a cloud-native SIEM

5 min read - As organizations modernize their IT infrastructure and increase adoption of cloud services, security teams face new challenges in terms of staffing, budgets and technologies. To keep pace, security programs must evolve to secure modern IT environments against fast-evolving threats with constrained resources. This will require rethinking traditional security strategies and focusing investments on capabilities like cloud security, AI-powered defense and skills development. The path forward calls on security teams to be agile, innovative and strategic amidst the changes in technology…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today