Healthcare Data Is Safer In The Cloud
Posted by Tim Monner on June 20, 2017 5:42 am
Data privacy and security are key concerns for healthcare providers investigating cloud data storage. HIPAA-compliant cloud hosting is the bare minimum for outsourced data storage or application hosting. HIPAA-compliant cloud hosting provides organizations that handle protected data a cost-effective and flexible solution compared to on-premises or colocated data hosting. But in addition to the benefits of a ready-made HIPAA-compliant infrastructure, there’s another security advantage to hosting healthcare data in the cloud that isn’t talked about as often.
Network and server breaches and ransomware attacks are an ever-present risk for healthcare organizations, but most healthcare data breaches don’t happen because of an attack by a criminal. They happen because of the mismanagement of locally stored data and the improper disposal of physical health records. They happen because lax physical security leads to the loss of drives or laptops containing healthcare data, or because physical records are stored or disposed of insecurely.
Last year, an Indiana-based healthcare organization exposed healthcare data related to 205,000 individuals. The data wasn’t exfiltrated in a clever network attack; it was lost when the laptop it was stored on was stolen from the company’s billing department. Around the same time, 52,000 healthcare records were lost when a Kansas healthcare organization employee had a laptop stolen from his car.
Also last year, in one of several examples of egregiously bad data security, the private healthcare data of 113,000 individuals was found in a dumpster after being disposed of improperly.
These serious data breaches — and many more like it — happened because the organizations in question had woefully inadequate control of their data, how it was handled, and even where it was stored.
Cloud storage provides a far more secure alternative to on-site data storage. If all data is centrally stored on a public or private cloud platform, properly encrypted, and with best practice access controls in place, a large class of privacy and security risks simply can’t happen. Our data centers provide state-of-the-art round-the-clock physical security. The only people who can access healthcare data stored on our servers are those who have been given access by the data’s owner, and, because the data is centrally located and managed, all access can be tracked and monitored.
In addition to the storage of medical records and other healthcare data, the applications that process healthcare data can be hosted on a secure cloud platform. If the only way to access cloud data is through secure web applications running on a cloud platform, there’s far less scope for employees and contractors to download and leak it. Organizations can control exactly how, when, and by whom their data is accessed.
To go a step further than cloud application hosting, many healthcare organizations choose to host secure virtual desktop environments in the cloud. Data users access secure and controlled desktop environments through vetted devices. Each desktop environment can be monitored, scanned for malware, and tightly limited so that employees can’t accidentally or deliberately install insecure software.
Secure HIPAA-compliant cloud platforms offer organizations that handle healthcare data an end-to-end secure infrastructure solution that ensures healthcare data is stored and managed according to their policies and security best practices.
See all Steadfast Blog Posts at https://www.steadfast.net/blog