Sensitive, patient information is making a significant shift to the cloud in healthcare. Eighty percent of all healthcare organizations are using the cloud for data storage, yet in order for this to become an effective practice, extra security measures should be taken. Healthcare has the highest data-breach rate of any industry. According to the 2019 Thales Data Threat Report — Healthcare Edition, 70 percent of US healthcare organizations have experienced a data breach.
With this level of risk, it’s scary to think that about a quarter of the medical facilities engaged in digital data storage failed data security compliance audits in 2018. The increased growth of cloud environments in general makes it difficult to secure data. Rather than try to keep up, it seems medical professionals are decreasing their IT security spending, diminishing resources to implement new safeguards as the environment changes. Without the right attention, the ease of sharing medical information digitally will become a liability rather than a convenience.
Handling sensitive information digitally
The nature of medical data is unique to other forms of information going into the cloud, because the majority of it is personally identifiable data. Patient demographics, contact information, even Social Security numbers, if attached to insurance card data, can be up in the cloud, accessible to those who know how to hack into it. There’s also the highly personal medical information that gets stored in the cloud, attached to a patient identity. Often there are no ambiguous identifiers linking this very private data with an obvious person. This gives hackers access to a person’s most valuable information. Cybercriminals will hold this information for ransom, demanding the healthcare organization pay out to keep their patients’ data safe.
Calculating the severity of breached patient information
When credit card information is stolen through a data breach, the situation is severe, but it’s only temporary,. Once the credit card is cancelled, essentially the problem is solved and the information becomes useless. The same is not true when it comes to patient information. Long-term risks are much higher when this information is breached because there’s no way to stop the sharing of that information. It stays relevant and continues to circulate, providing opportunities for fraud to occur repeatedly from just a single breach. This makes healthcare data very attractive to hackers and why protecting it is so important.
Addressing the weakness of today’s practices
One of the key choices for healthcare providers as they shift to digital storage for data are multi-cloud environments. This means using some combination of applications which include:
• Software-as-a-Service (Saas)
• Infrastructure-as-a-Service (IaaS)
• Platform-as-a-Service (PaaS)
Spreading out data in a multi-cloud environment makes it difficult to protect data because the system is often too complex to safeguard. This creates a systemic weakness in the security of patient data.
Additionally, the relaxed approach to data security compliance is weakening the safety of personal information in the healthcare industry. Healthcare providers are having trouble meeting compliance mandates set through federal regulations due to a lack of flexibility built into existing technologies to handle new requirements as they happen. Even with penalties ranging from $100-$50,000 per record for a HIPPA violation looming over them, not enough healthcare organizations are taking steps fast enough to fully flush out their security measures for online data, putting it at risk.
Making data more secure
With 503 health data breaches reported in 2018, it’s imperative that better security measures are taken within healthcare organizations. Some options under consideration include:
• Establishing better encryption practices for optimal protection. Currently 38 percent or less of medical facilities are encrypting sensitive data, yet just about all are sharing, collecting and storing data within digital transformation technologies.
• Researching solutions that scale to modern architecture such as hybrid and multi-cloud-based data security applications.
• Pursuing a shared security model between healthcare organizations and cloud providers.
• Implementing an Identity and Access Management system to impose stronger authentication features for individuals to access patient information online.
Simply giving data security the proper amount of attention and working with qualified Healthcare Application Development experts to stay on top of technology changes can make a big difference in the safety of sensitive patient information. Without taking the risk of breach seriously, valuable, identifiable, patient information gets put in danger.
Sources:
https://www.prnewswire.com/news-releases/us-healthcare-organizations-face-new-and-unique-data-security-risks-with-digital-transformation-initiatives-300885985.html
https://www.computerworld.com/article/3090566/hackers-are-coming-for-your-healthcare-records-heres-why.html
