Feature | Cybersecurity | March 28, 2016| Matt Peterson

Healthcare 2015 Data Breaches - Why the Cloud Is Not Responsible

Cybersecurity data breaches of healthcare cloud computing systems are on the rise.

A person’s healthcare records contain a wealth of sensitive information. This does not involve just their medical history, but it also contains a fairly comprehensive range of facts about them as an individual. Healthcare records will have information about a patient's address, information about their relatives, social security numbers and other identifiers, and they contain financial information.

With all of this information being in one record, it has turned digital health records into a commodity on the black market, and cybersecurity data thieves have started to target health records. In 2015, the healthcare industry saw one of its worst years for data breaches. These breaches have led many to feel concerned about matters relating to healthcare security.

 

2015 Security Breaches
When it comes to the number of people affected, 2015 was a terrible year for the security of healthcare data. More than 100 million people had their data compromised, and the year saw the industry’s biggest security failure with the data breach of Anthem Blue Cross Blue Shield.

The increased risk of data breaches in healthcare has much to do with the value of the material. Before, financial institutions were some of the most popular targets for data theft. However, the value of the pilfered data would have a short expiration date. Something like a credit card number is only going to have value as long as it takes the owner to realize that they have been compromised. The information in a healthcare record has better diversity when it comes to fraud and it has a much longer shelf life for criminal activity.

While these massive data breaches and the frequency with which they occur may be new, the loss or theft of healthcare records is not. The industry has always been at risk of data loss through the acts of insiders, or through people using deceptive practices to gain access to records.

 

Is the Cloud to Blame?
One thing that has coincided with this increase in healthcare data breaches is the use of cloud technology in the industry. This has created a perception among many that the two things are linked and that the migration to the cloud has resulted in compromised security.

With the cloud being new to the industry, it does come with some of its own security concerns. To some degree, the cloud requires an organization to cede some of their control over security to the service provide,r and they have to be able to trust that this service provider will employ adequate security for the system. For this reason, examining the service provider and their security is an important step for any business when they are looking to move to the cloud.

Along with the concerns of a data breach, you also have the issue of what happens in the event of a breach. An organization needs to know that they will receive timely notice when a breach occurs and that the service will be able to assist them with the response to a data breach. One of the biggest areas where consumers show a lack of confidence in cloud computing is in regard to the response to a breach.

 

Setting the Record Straight
As the healthcare industry moves to systems like document management software and other cloud-based services, these are legitimate concerns. However, the fact that the rise of cloud-based services and the increase of data breaches in the industry seem to coincide does not necessarily mean that they are connected. As a matter of fact, there is some data to suggest just the opposite.

In 2015, there were several data breaches within the industry that affected 1 million individuals or more. Of all of these major data breaches, only one of them was related to a cloud-based service. As a matter of fact, many healthcare breaches are related to things like portable media devices and physical records, so it could be argued that some of these attacks may have been averted if the information was secured on a cloud system.

This is not to say that the cloud does not have its security issues. The security of a cloud-based service is only as good as the company that is providing it. If you go with a company that has a poor security record or inadequate resources to provide the level of security that you need, then it could expose health records to the threat of a breach.

It does not really matter whether you are a large health insurance provider, a hospital or a small assisted living center, your records could possibly be targeted for a breach. That being said, it is wrong to believe that the use of cloud services can increase vulnerability. By effectively managing expectations between the organization and the service provider with regard to security, the cloud can actually be an environment of increased safety for consumer data.

 

Related Healthcare Cybersecurity Content:

Raising the Bar for Medical Device Cyber Security

Healthcare Industry Lacking in Basic Cybersecurity Awareness Among Staff

Market Report Calls Into Question St. Jude Medical EP Device Safety, Cybersecurity

FDA Harshly Criticizes Abbott, St. Jude For Failure to Address EP Device Safety

Healthcare 2015 Data Breaches - Why the Cloud Is Not Responsible

HIMSS: Two-Thirds of Healthcare Organizations Experienced a Recent, Significant Security Incident

How Can Doctors Practice Better Security?

U.S. Department of Health and Human Services, Office for Civil Rights, Breach Portal: Notice to the Secretary of HHS Breach of Unsecured Protected Health Information

 

Editor's note: Matt Peterson is the CEO of Lehi, Utah-based eFileCabinet Inc. Founded in 2001, eFileCabinet began as a tool to digitally store records in accounting firms. As it grew in popularity, it developed into a full-fledged electronic document management solution designed to help organizations capture, manage and protect their data. www.efilecabinet.com

Related Content

New Siemens Healthineers Dashboard Application Provides Insights into Cardiology Operations
Technology | Analytics Software| December 11, 2017
Siemens Healthineers has launched teamplay Cardio, a new cardiology dashboard application within the Siemens...
Fujifilm Introduces Artificial Intelligence Initiative for U.S. Market at RSNA 2017
News | Artificial Intelligence| December 04, 2017
Fujifilm Medical Systems U.S.A. Inc. announced the expansion of the company's artificial intelligence (AI) development...
Vital Unveils Newest Vitrea Advanced Visualization Release at RSNA 2017
Technology | Advanced Visualization| December 04, 2017
December 4, 2017 — Vital Images unveiled the newest version of Vitrea...
News | Cardiac PACS| November 22, 2017
Lumedx Corp. will present the latest in cardiovascular (CV) imaging, data management and next-generation analytics...
Siemens Healthineers Introduces Share360 Tailored Service Portfolio
News | Cardiac Imaging| November 10, 2017
To address the specific needs of medical imaging clinical engineering departments nationwide, Siemens Healthineers has...
TeraRecon Introduces 175-Plus New Features in iNtuition 4.4.13
Technology | Advanced Visualization| November 06, 2017
November 6, 2017 — TeraRecton announced the launch of version 4.4.13 of its iNtuition...
Philips IntelliSpace cardiovascular information system (CVIS)

The Philips IntelliSpace is an example of the newer generation of cardiovascular information systems (CVIS) that can consolidate all cardiology department data sources into one location.

Feature | Cardiac PACS| October 04, 2017 | Dave Fornell
Consolidation of data in one location to improve efficiency and enable data analytics, as well as smooth integration
Medical Metrics Taps Digisonics Cardiovascular Information Systems for Clinical Trials
News | Cardiac PACS| October 03, 2017
October 3, 2017 – Medical Metrics, an experienced core laboratory for multi-center clinical trials, has implemented t
ScImage and Invia Partnership Announced
News | Cardiac PACS| September 19, 2017
ScImage Inc. and Invia Imaging Solutions recently announced formation of a joint partnership at the American Society of...
Abbott. St. Jude Medical has updated its firmware to address cybersecurity issues with its Allure Quadra MP and other EP devices

Abbott. St. Jude Medical has updated its firmware to address cybersecurity issues with its Allure Quadra MP and other EP devices.

Feature | EP Lab| August 29, 2017 | Dave Fornell
August 29, 2017 — The U.S.
Overlay Init