08-22-13 | Blog Post

Alleviating Healthcare Cloud Security Concerns

Blog Posts

HIPAA Private CloudAn interesting infographic by WeLiveSecurity.com delivers the latest statistics about health IT security with data from HHS.gov. They found that:

  • Despite 91 percent of healthcare providers using cloud-based services, 47 percent are not confident in the ability to keep data secure in the cloud.
  • Another 74 percent are not encrypting data on mobile medical devices.
  • On average, 17k patient records are breached per day, based on data from September 2009 to present.
  • The adoption of electronic records have grown from 22 percent of healthcare organizations in 2006 to 77 percent in 2012.
  • Overall, a 200% increase of healthcare provider security incidents since 2010.
  • And, an estimated cost of $7 billion to the healthcare industry in security breaches.

So how do you maintain cloud security? Choose a HIPAA compliant cloud that encrypts data at rest and in transit at the drive level, and layer up on security with additional security tools that each have their own function:

Daily Log Review – Logging user activity on the systems network and servers, you can track failed login attempts and other indicators of possible intrusions to curtail a potential data breach. With daily log review, logs are analyzed each day, producing a report each month.

File Integrity Monitoring (FIM) – FIM sends logs from the server stack to a management server that records and scans important files for any modifications, and then notifies you of any anomalies. Typically you can customize the certain folders and files you want to monitor.

Web Application Firewall (WAF) – A WAF is a physical device that sits behind your virtual or dedicated firewall and scans incoming traffic to web servers for malicious attacks; it can detect and prevent SQL injections.

Two-Factor Authentication – Two-factor authentication requires a username/password as the primary authentication method, and another secondary authentication factor (user’s personal phone) allows an individual secure access to the VPN (Virtual Private Network).

Vulnerability Scanning – Vulnerability scanning is a web application that detects outdated versions of software, web apps that aren’t securely coded and misconfigured networks.

Patch Management – Patch management is important to update systems in order to protect against known security vulnerabilities. Updating systems regularly is key to counteracting new malware and viruses.

Antivirus – With antivirus software, you can detect and remove malware for optimal server protection. It can block new threats and unwanted applications.

SSL Certificate – An SSL certificate encrypts data sent from the web server to the browser in order to create a secure browsing session for a user on a website. When the encrypted session is started, a padlock will appear in a web browser address bar to verify the website is secured with a valid SSL certificate.

Healthcare IT Security: Infographic Stats Point to Big Privacy Holes

Overwhelmed by cloud chaos?
We’re cloud experts, so you don’t have to be.

© 2024 OTAVA® All Rights Reserved