The healthcare industry is the second largest in the United States, but average spend on cybersecurity is just half as much as other industries, according to a recent TechCrunch report. This is surprising (and unfortunate), given how valuable patient records can be to cybercriminals. If a thief obtains medical records, he or she can do a host of things, including the following:
- Purchase medical equipment or drugs in the patient's name
- Submit false health insurance claims
- Tamper with a patient’s medical devices
- Use personal information on file (such as addresses or Social Security numbers) to access other sensitive data, like financial accounts.
Hospitals, private practices, and third parties that store and process patient data are ripe for hackers.
In 2017 there were more than twice the amount of attacks on healthcare organizations vs. other industries—and is just the start of what we've seen so far this year. According to a recent Protenus report, between April and June of 2018, more than 3 million patient records were exposed. Threats are multiplying, and healthcare cybersecurity across teams is not keeping pace.
Last year, we highlighted how many healthcare organizations were facing challenges in modernizing their legacy systems. Since then, the issue of security has become more acute in the industry. Below, we detail four key reasons why cloud solutions are critical for healthcare organizations, and we offer suggestions on how to make the transition.
1. The cloud helps keep sensitive data in one location.
When you move data to the cloud, it gives you the chance to aggregate disparate streams of information in a single place. Even if the majority of your patient data is protected, when you have information in many different sources, such as spreadsheets, hard drives, and even hard copies, it can be easy for something like a prescription or a note from an operation to get lost in the flood.
Moving data to the cloud opens new opportunities for data management and integration (DMI) practices. While DMI is a complex and evolving space, in a nutshell, it is a set of policies and procedures that an organization puts in motion to be sure the right people have timely access to accurate data.
For hospitals, it's essential that records are clean and up-to-date before an IT professional moves them or merges them with other information. If errors occur in patient names, medical histories, financial information, or prescription information, for example, it can end in a costly lawsuit and a stained reputation— not to mention physical harm if patients are not treated correctly.
2. A cloud solution helps avoid downtime.
For many organizations, downtime means lost business opportunities. Teams can't respond to customer requests, follow up on leads, and deliver products and services if computer systems are suspended.
(Some companies are so concerned about this, given the enormous uptick in data breaches in 2018, that they've begun to take out cybersecurity insurance policies that can help recoup losses.)
In healthcare, more than money is on the line. If systems are down, staff aren't able to book emergency appointments, and doctors and nurses aren't able to confirm medications or timing for procedures. Lives are at risk.
In 2018, at New York's Jones Memorial Hospital, computer systems were down for a week after a cyberattack. Jones Memorial is a small acute-care facility in a rural area. During the time it took to detect and clean up the issue, the hospital had to revert to manually entering patient data into medical charts and recreating prescription lists. Although the hospital had prepared for these downtime procedures, it still left more room for error and wasted time that staff could have spent delivering care.
Cloud vendors like Microsoft and IBM offer additional precautions, like up-to-date software, that can help mitigate the chances of a breach due to holes. They can also help solve common problems such as load balancing, which often leads to outages. If activity is too much for a single server to handle, these larger providers are able to spread demand over multiple servers, ensuring that you don't short-circuit in times of high activity.
3. A cloud solution affords better insight into user behavior.
Cloud computing is far more than a repository for your information. It opens up a world of new opportunities for IT admins, helping them better understand how employees and third parties use their systems — and who is accessing what digital files at any time.
When you're based in the cloud, you can begin to tack on additional features, such as Auth0's user-management software, which quickly pulls details on existing users at any time.
This level of visibility makes it easier for admins to monitor for unknown visitors or strange behaviors. If, for example, they see “John” trying to gain access to a database he isn't permitted to view, an IT executive can pull his profile, understand why he might be trying to get in, and either grant or block access. Admins even have the ability to log in as any user and attempt to troubleshoot from his or her vantage point.
Additional cloud solutions, such as identity management, can also help protect you from your own employees. Nearly one-third of the attacks on patient records in 2018 came from within the organizations themselves. You want to be sure you don't have medical data still floating in file cabinets or on unprotected servers.
4. The cloud gives you flexibility as you grow.
Providers like Amazon Web Services, Google Cloud, and Microsoft Azure come with on-demand teams and resources that can help customize cloud plans as organizations develop over time. Even if hospitals aren't necessarily in hypergrowth mode like many startups, they still have shifting needs. These could be for increased or reduced load capacity, depending on staffing and patient demand; more private cloud requirements, given a larger volume of high-touch data; or a desire to move more to the public cloud, due to cost restraints.
Many healthcare organizations opt for a combination of public and private cloud deployment. Both offer flexibility for expansion and require less maintenance than in-house storage. The public cloud is less expensive; however, teams often go for at least a portion of data storage in the private cloud, given the following:
- A higher level of customization (since you're not sharing resources with others)
- A more stringent selection of user permissions
- No need for backup hardware or software
Due to the confidential nature of their work, government agencies and financial institutions also often opt for private cloud use. This gives an even greater sense of its capacity.
Better healthcare cybersecurity starts with the cloud.
Security for healthcare teams is only getting more complicated. Medical devices, for example, are a growing concern. In a worst-case scenario, a cyberattack could tamper with pacemakers or other life-supporting devices. To this end, the U.S. Food and Drug Association recently released a new cybersecurity playbook, which, in part, sets new guidelines for creating medical devices with software that is adaptable to new threats.
The interconnected nature of delivering care reveals how an attack on one portion of the organization has the potential to affect all others. While cloud computing won't guarantee protection against cybercrime, it will keep a team's data organized and as secure as possible.
Finally, as healthcare teams work to comply with HIPAA, cloud computing helps providers and third parties stay prepared in the event of an audit with more visibility into day-to-day operations and tighter user permissions.
The Auth0 Identity Platform, a product unit within Okta, takes a modern approach to identity and enables organizations to provide secure access to any application, for any user. Auth0 is a highly customizable platform that is as simple as development teams want, and as flexible as they need. Safeguarding billions of login transactions each month, Auth0 delivers convenience, privacy, and security so customers can focus on innovation. For more information, visit https://auth0.com.