The following is a guest article by TJ Houske, Senior Vice President of Technology, Operations, and Engineering at OTAVA
Ransomware attacks against healthcare organizations doubled in the last five years, according to a new study by JAMA Health Forum. The most common victims have been health clinics. This year’s Ponemon report also reinforces the fact that ransomware continues to impact patient safety. Its survey of hospital IT and security leaders found that significantly more respondents said that ransomware attacks increased complications from medical procedures. While these issues are clearly serious, healthcare organizations continue to move their data to the cloud to take advantage of benefits such as collaboration and faster development and testing of new digital applications.
Advantages of Cloud Infrastructure Solutions
The benefits of cloud are undisputed for organizations across all industries. For healthcare, the following factors are particularly compelling.
Lower Costs
On site data storage requires significant up front capital expenditure to purchase hardware, whereas cloud-based solutions do not. Cloud solutions are typically billed based on usage, predictably, over time in a way that is aligned with an organization’s needs. With healthcare IT budgets tight, the cloud financial model means organizations have more resources to focus on other priorities.
Greater Accessibility and Insights
Cloud-based solutions allow healthcare providers to collect and store patient data in one centralized location that is easy to access and analyze. This provides an overall broader view of patient data and makes it possible to gain insights on trends that can be used to improve service and care. Additionally, analytics capabilities in the cloud can give organizations actionable intelligence that will improve efficiency and operations.
Scalability
One of the great advantages of cloud infrastructure is its ability to immediately grow (and contract) as needed. With subscription-based payments, healthcare organizations can easily add more data storage as patient data increases. Not only does this help healthcare providers maintain consistency in their operations, it allows them to be more flexible while avoiding the cost of expensive hardware.
Greater Data Security (with the Right Cloud Infrastructure and Services)
With ransomware escalating, it’s more critical than ever to keep patient data safe. Most cloud services come with some security options built in which can help to secure important data. However, not all cloud security is equal and it is important to understand the control boundaries of any and all providers as additional protection may be needed.
Understanding the Challenges and Risks
Even with the undeniable case for cloud, there is no escaping the fact that there will be challenges and risks along the way. Among the top concerns when moving to and operating in a hybrid or multi-cloud environment are issues with technical debt, alert fatigue, security and regulatory compliance.
In order to migrate to the cloud, organizations must optimize for the new environment. Unfortunately, because many migration initiatives are costly and missteps are common, technical debt and alert fatigue are often challenges that impede the optimization process, leaving organizations exposed. Additionally, non-compliance with industry regulations that are designed to protect confidential patient data can lead to significant fines. It can be challenging, but healthcare organizations need to go the extra mile to make sure that they have every control in place to protect their data during migration to the cloud and beyond.
Finally, as mentioned, one of the challenges of moving to the cloud is understanding the scope of responsibilities when it comes to cybersecurity. It can be hard to figure out if a service provider is responsible for certain areas and items, or if it is up to the healthcare organization. The uncertainty can inadvertently leave healthcare organizations at risk. According to a new report, as patient data becomes more digital, providers are finding it difficult to manage security and compliance solutions on their own. In fact, thirty-three percent said they fully outsource management of compliance and security measures in the cloud, with larger/more advanced providers more likely to outsource.
5 Ways to Mitigate Attacks
Creating a migration and management plan that addresses the cybersecurity challenges and risks, will put healthcare organizations in a good position to protect critical data and reap the benefits of cloud infrastructure. At the outset, review and take action in the following five areas to ensure protection and mitigate future attacks.
- Audits: Take the time to evaluate your complete environment and identify any gaps or exposure areas. Review, inventory, and rank your data sources by criticality to properly identify what and how they should be protected.
- Compliance: Managing compliance is paramount. Work with cloud infrastructure providers to confirm responsibility and accountability for compliance with all necessary regulatory requirements. There may be some areas that are fully covered by cloud providers and others that need to be addressed. Assign a compliance officer to directly oversee this effort on an ongoing basis.
- Technical and Physical Security: Shore up administrative, technical, and physical security elements. Review, inventory, and periodically test technical and physical security safeguards beyond the traditional compliance audit cycles.
- Disaster Recovery and Backup: Today’s advanced DR and backup solutions are invaluable for healthcare organizations. Those that proactively modernize their systems are in a better position to defend themselves against the current climate of relentless cyberattacks.
- Managed Services: Consider adding managed services so that rather than spending time on the complexity of maintaining and optimizing the cloud environment, your organization can focus on patient care. Look for partners that are reliable, responsible and transparent cloud experts that are with you every step of the way, from migration through day-to-day operations.
As healthcare organizations continue to modernize their infrastructure and move to the cloud, it is important to remember that security needs to be prioritized. While cloud solutions can inherently add some security to your environment, they can also introduce new areas of exposure. Understanding the implications and taking steps to ensure protection will create a strong environment that delivers innovation for the healthcare organization and benefits for its patients.
About TJ Houske
TJ Houske is OTAVA’s Senior Vice President of Technology, Operations, and Engineering, and leads the development of OTAVA’s hybrid and multi-cloud solutions. For nearly 30 years he has held senior and executive leadership roles in engineering, architecture, and strategic business development. He’s been an IT director, consultant, entrepreneur, and the head of one of the industry’s most dedicated technical support teams. TJ is a John C. Maxwell certified educator dedicated to helping others achieve their goals through coaching, mentoring, and speaking engagements.
