Light Dark
July 29, 2015 By Nicole van Deursen 3 min read
Cloud Security
Healthcare

In the first half of 2015, the health care sector suffered from more data breaches than any other industry, according to data compiled by the Breach Level Index.

The leading cause of health care data breaches is people doing something that they shouldn’t. This may include employees losing or misplacing devices, sharing their password or access token with unauthorized parties or sending patient data to the wrong recipient. The number of leaks is only expected to rise in the near future since health data is estimated to be worth 10 times more than credit card data on the black market.

Cloud Services’ Treats for Health Care

Cloud solutions have the potential to reduce the negative effects of human error. By storing data in the cloud, there is no need to carry patient data on mobile devices or to send records by fax, post or email. Furthermore, advanced solutions for identity governance prevent unauthorized access to patient data.

Another advantage is that patient data is still accessible when devices are lost or stolen. With cloud solutions, the backup and recovery of data is easier, even if individuals have accidentally deleted emails or altered patient records.

No security technology is perfectly secure. The short life cycle of proposed encryption and authentication techniques, as well as the plethora of research frequently making headlines, could make it difficult to select a solution that is right for a specific health care service. Partnering with a security services vendor relieves health care managers of these highly specialized IT decisions.

Finally, cloud service providers are likely to maintain a state-of-the-art secure environment because that is what gives them a competitive advantage. Selling services with promises for flexibility and cost reductions is no longer a differentiator. Cloud service providers need to be able to take away at least some of the worries about patching, physical security and security certificates. As a result, they have specialized teams who are expertly trained and dedicated to managing all the operational security tasks related to the underlying security infrastructure, platforms and software.

However, these providers cannot take over all responsibility.

The Tricky Parts for Health Care Organizations

Health care organizations that outsource to cloud services still have to acknowledge the obligation they have to security and data governance. In spite of handing over operational tasks, enterprises continue to face difficult decisions about data ownership, data access, sharing of patient records and collaboration with other organizations. On top of that, they need to keep checking that the service provider meets all the requirements as stated in the contracts and data protection regulations. This is not an easy undertaking. It requires the support of additional experts to deal with particulars such as:

  • On-site audits;
  • Knowledge of privacy legislation in different states and countries;
  • Procedures for incident management;
  • Preparations for crisis communication in case of a breach.

We have learned from the financial and entertainment industry that the reputational and personal damage caused by a cloud data breach can be disastrous. This not only affects the patients and the health care organization that owns the data, but also the service provider.

The service provider might be held liable for data breaches, which could take them out of business. When health care organizations prepare their business continuity plan, it is wise to include an escape plan for when the provider does not survive or does not deliver according to expectations.

Turning the Tricks Into Treats

A prepared health care organization can turn the tricky bits of data protection into treats by following the best practices for cloud security and by demanding their service provider offer a complete cloud security portfolio — including managed access, data security, monitoring of security breaches and compliance violations and optimized security operations. Cloud services providers are fully equipped to deliver these secure solutions; all health care organizations have to do is find the right partner.

 |  |  | 
Nicole van Deursen
Information Security Researcher

More from Cloud Security
January 22, 2025

2024 Cloud Threat Landscape Report: How does cloud security fail?

4 min read - Organizations often set up security rules to help reduce cybersecurity vulnerabilities and risks. The 2024 Cost of a Data Breach Report discovered that 40% of all data breaches involved data distributed across multiple environments, meaning that these best-laid plans often fail in the cloud environment.Not surprisingly, many organizations find keeping a robust security posture in the cloud to be exceptionally challenging, especially with the need to enforce security policies consistently across dynamic and expansive cloud infrastructures. The recently released X-Force…

January 8, 2025

Cloud threat report: Why have SaaS platforms on dark web marketplaces decreased?

3 min read - IBM’s X-Force team recently released the latest edition of the Cloud Threat Landscape Report for 2024, providing a comprehensive outlook on the rise of cloud infrastructure adoption and its associated risks.One of the key takeaways of this year’s report was focused on the gradual decrease in Software-as-a-Service (SaaS) platforms being mentioned across dark web marketplaces. While this trend potentially points to more cloud platforms increasing their defensive posture and limiting the number of exploits or compromised credentials that are surfacing,…

December 18, 2024

Cloud Threat Landscape Report: AI-generated attacks low for the cloud

2 min read - For the last couple of years, a lot of attention has been placed on the evolutionary state of artificial intelligence (AI) technology and its impact on cybersecurity. In many industries, the risks associated with AI-generated attacks are still present and concerning, especially with the global average of data breach costs increasing by 10% from last year.However, according to the most recent Cloud Threat Landscape Report released by IBM’s X-Force team, the near-term threat of an AI-generated attack targeting cloud computing…

Topic updates

 Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today
© 2025 IBM Contact Privacy Terms of use Accessibility Cookie Preferences
Sponsored by si-icon-eightbarfeature