Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cloud Security

Healthcare Industry: Trending Toward Better Care Through Cloud Security

The biggest trend in the healthcare industry in recent years has been the epic government-mandated move to electronic medical records (EMRs). This effort promises to bring long-term cost savings, improved efficiencies and productivity, and, ultimately, enhanced patient care. It’s truly a life-saving endeavor.

The biggest trend in the healthcare industry in recent years has been the epic government-mandated move to electronic medical records (EMRs). This effort promises to bring long-term cost savings, improved efficiencies and productivity, and, ultimately, enhanced patient care. It’s truly a life-saving endeavor.

Virtualization Security for HealthcareUnfortunately, the road to those benefits is long—and fraught with obstacles along the way. To start, the upfront cost to convert to EMRs is high. Analysts estimate transitioning costs at $20 million for an average hospital, and $10 million for small hospitals. Further, due to inadequate security measures, the industry as a whole is spending some $6 billion a year on digital data breaches, according to the Ponemon Institute’s, “U.S. Cost of a Data Breach” Study in 2010. Ouch.

What’s more, each time a breach affects more than 500 individuals, the afflicted institution must alert prominent media. So not only do these organizations risk losing money, but also patient trust; while patients end up paying the price in higher insurance premiums and potential medical identity and financial theft. Ouch again.

Making Security a Top Priority

So yes, we can say that there are motivators in place to protect patient data. We’ve got the HITECH Act, which financially rewards or punishes according to how well patient privacy is protected. And of course there’s the HIPAA security rule. It states that organizations must guard electronic patient protected health information (EPHI) from accidental, unauthorized, or intentional theft, loss, or destruction by sources or individuals either inside or outside the organization. Non-compliance can and should lead to severe consequences, including loss of certifications to operate should an institution fail a security audit.

So why have so many healthcare organizations neglected to make data security a top priority? For many, funding is a big issue. Unfortunately, the incentive dollars from the HITECH Act didn’t necessarily translate into an increase in healthcare IT security budgets. The time is ripe to find alternative solutions.

The good news is a trend in the healthcare industry toward adopting virtualization both within the premised data center as well as with cloud services that offer resource hosting. This shift offers the obvious benefits of cost savings through consolidation, enhanced performance, and increased system availability. But there’s more. Digitizing all these records—charts, graphs, scans, tests, you name it—is one thing. Determining where they reside and how to secure them is another. And a virtual environment may be just the right place to keep this medical data safe and in compliance with HIPAA regulations.

Today’s market offers virtualization security solutions that have been purpose-built for the virtualized realm and can actually offer very high levels of automated compliance monitoring and enforcement for resources containing patient data. This is done through intelligent and highly dynamic security that keeps vigil of virtual machines with HIPAA regulated content ensuring that both access to and security configuration of those VMs stays compliant. Think of it as enforcement of a “gold” image for virtual machines containing patient data. For healthcare organizations, this means complete visibility to how healthcare information in the cloud (private or public) is being accessed and protected.

Saving More in the Cloud

Advertisement. Scroll to continue reading.

As healthcare organizations increasingly adopt virtualization, they will also be weighing options for deploying it on premises (a private cloud) or going with a hosted service (public cloud) or even a mix of both (hybrid cloud). Public cloud services for instance can enable institutions to keep identifiable health information and critical applications on well-protected and backed-up servers at a fraction of the cost of doing this in house (the cost is spread out in monthly and annual contracts). And IaaS solutions assure that applications have the resources they need when they need them with on-demand compute.

The beauty of the cloud is that organizations don’t need to move their entire IT infrastructures, but can select which parts to outsource (a hybrid model). In all cases however, healthcare firms need to vet their virtualization security providers well so that protections to patient data are continuous and compliance to regulatory standards is assured and documented.

As always, the key to security success is remaining proactive and maintaining an above-average IT security posture. Even with limited funding, there are ways to invest in protection and detection. Healthcare institutions can stay on the safe side by selecting a cloud infrastructure that is inclusive of dynamic, virtualization aware security.

Read More in SecurityWeek’s Cloud and Virtualization Security Section

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...

CISO Conversations

SecurityWeek talks to Billy Spears, CISO at Teradata (a multi-cloud analytics provider), and Lea Kissner, CISO at cloud security firm Lacework.

Cloud Security

Cloud security researcher warns that stolen Microsoft signing key was more powerful and not limited to Outlook.com and Exchange Online.

CISO Strategy

Okta is blaming the recent hack of its support system on an employee who logged into a personal Google account on a company-managed laptop.

Cybersecurity Funding

2022 Cybersecurity Year in Review: Top news headlines and trends that impacted the security ecosystem

Endpoint Security

Today, on January 10, 2023, Windows 7 Extended Security Updates (ESU) and Windows 8.1 have reached their end of support dates.

Email Security

Many Fortune 500, FTSE 100 and ASX 100 companies have failed to properly implement the DMARC standard, exposing their customers and partners to phishing...