Is Cloud Safe for Healthcare Information?

Within the last two years, breaches of healthcare information have made major headlines. In early 2015, the second largest health insurance provider in the USA (Anthem) suffered from a major breach which resulted in the exposure of more than 80 million records.

Why are cyber attackers interested in healthcare information?

The FBI released a warning: a stolen EMR (electronic medical record) can be sold for up to $50 on the black market. With money like this at stake, it’s no wonder that more than 91% of healthcare organizations suffered from a data breach in the last two years. In fact, criminal attacks are the leading cause of healthcare information data breaches, representing about 45% of breach activity.

Attackers can gain access into a healthcare provider’s infrastructure in a number of ways, including via malware, brute force attacking, or social engineering to get login credentials. With all the tools cyber criminals can leverage to get into a healthcare organization’s systems, many providers are wondering, Is it safer to store patient EHR’s in the cloud?

Healthcare Information and the Cloud

An article in Security 100 Summits explains it like this: “A highly secure cloud-based data storage translates to a safer environment, an organized and efficient safety and security operations infrastructure, improved communication among team members, the ability to efficiently meet compliance regulations, and a direct, immediate connection with first responders in the event of an emergency.”

Cloud-based technology suffered major PR issues in the past two years, but as a model for enterprise IT, it provides a flexible and secure solution that addresses the weaknesses of a traditional infrastructure. An encrypted cloud maintained by an experienced cloud provider can give healthcare providers the protection they need.

How Does the Cloud Protect Healthcare Data?

• Cloud providers must meet their contractual SLA’s.
  An enterprise IT solutions provider offers each client a contract that spells out a service level agreement, or SLA. SLA’s are a provider’s contractual promise to the client to ensure the protection, uptime, and availability of their data. Within the realm of healthcare, this means that the responsibility of guarding your patient’s data is being delegated to an experienced, 24/7 team of IT professionals, devoted exclusively to the task of maintaining the cloud.
• Cloud encryption is hard, almost impossible, for hackers to crack.
  Most data breaches occur when a cybercriminal successfully breaks into on-premise infrastructure. The target is usually the organization’s on-premise storage. Moving and storing critical EHR data to the cloud is ideal because of the cloud’s heavy encryption protocols.
• Cloud environments are highly available, even during a disaster.
  If a blackout or natural disaster hits a medical establishment, healthcare providers wonder, “What happened to the data? How do we chart? How do we check patients in?” Thankfully, increasing workplace mobility in healthcare means that nurses and physicians may not be chained to desktops. Even during a disaster or blackout, a healthcare professional can still access the patient’s data from the cloud through another secure device. The IT department should have protocols and portals in place to let the organization leverage this tool.
• Cloud backup data is also secured.
  Having a backup solution is technically “disaster recovery 101.” However, healthcare providers are under additional scrutiny to ensure that their cloud backup provider meets HIPAA compliance. Solutions like cloud backup with C-BaaS provides military-grade encryption for EHRs and other protected documents for data both in-flight and at-rest.

The Future of Cloud and Healthcare

The forecast for healthcare information and the cloud is bright, and research firm MarketsandMarkets predicts that healthcare organizations will spend $5.4 billion dollars in cloud technologies by 2017.

In the end, a healthcare organization’s success with the cloud is the IT solutions provider they chose to partner with. Make the right choice the first time: contact Centre Technologies to learn more about our HIPAA compliant hosted services and cloud backup solutions.