Posted 8.22.13
by wpadmin
Blog

Alleviating Healthcare Cloud Security Concerns

HIPAA Private CloudAn interesting infographic by WeLiveSecurity.com delivers the latest statistics about health IT security with data from HHS.gov. They found that:

  • Despite 91 percent of healthcare providers using cloud-based services, 47 percent are not confident in the ability to keep data secure in the cloud.
  • Another 74 percent are not encrypting data on mobile medical devices.
  • On average, 17k patient records are breached per day, based on data from September 2009 to present.
  • The adoption of electronic records have grown from 22 percent of healthcare organizations in 2006 to 77 percent in 2012.
  • Overall, a 200% increase of healthcare provider security incidents since 2010.
  • And, an estimated cost of $7 billion to the healthcare industry in security breaches.

So how do you maintain cloud security? Choose a HIPAA compliant cloud that encrypts data at rest and in transit at the drive level, and layer up on security with additional security tools that each have their own function:

Daily Log Review – Logging user activity on the systems network and servers, you can track failed login attempts and other indicators of possible intrusions to curtail a potential data breach. With daily log review, logs are analyzed each day, producing a report each month.

File Integrity Monitoring (FIM) – FIM sends logs from the server stack to a management server that records and scans important files for any modifications, and then notifies you of any anomalies. Typically you can customize the certain folders and files you want to monitor.

Web Application Firewall (WAF) – A WAF is a physical device that sits behind your virtual or dedicated firewall and scans incoming traffic to web servers for malicious attacks; it can detect and prevent SQL injections.

Two-Factor Authentication – Two-factor authentication requires a username/password as the primary authentication method, and another secondary authentication factor (user’s personal phone) allows an individual secure access to the VPN (Virtual Private Network).

Vulnerability Scanning – Vulnerability scanning is a web application that detects outdated versions of software, web apps that aren’t securely coded and misconfigured networks.

Patch Management – Patch management is important to update systems in order to protect against known security vulnerabilities. Updating systems regularly is key to counteracting new malware and viruses.

Antivirus – With antivirus software, you can detect and remove malware for optimal server protection. It can block new threats and unwanted applications.

SSL Certificate – An SSL certificate encrypts data sent from the web server to the browser in order to create a secure browsing session for a user on a website. When the encrypted session is started, a padlock will appear in a web browser address bar to verify the website is secured with a valid SSL certificate.

References:
Healthcare IT Security: Infographic Stats Point to Big Privacy Holes

About Otava

Otava provides the secure, compliant hybrid cloud solutions demanded by service providers, channel partners and enterprise clients in compliance-sensitive industries. By actively aggregating best-of-breed cloud companies and investing in people, tools, and processes, Otava’s global footprint continues to expand. The company provides its customers in highly regulated disciplines with a clear path to transformation through its effective solutions and broad portfolio of hybrid cloud, data protection, disaster recovery, security and colocation services, all championed by an exceptional support team. Learn more at www.otava.com.

Get started with Otava now!

  • This field is for validation purposes and should be left unchanged.