Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Healthcare cyberattacks necessitate use of cloud security tools

Cloud-based security tools can offer healthcare organizations around-the-clock monitoring and protection at a fraction of the cost of traditional on-premises tools.

Increasing reports of new vulnerabilities in computers and mobile devices are sending chills through hospital IT...

departments as they face the reality of more threats for which they need to prepare. Things look even worse for healthcare, since it has been a favorite target of cybercriminals looking to hold valuable health data for ransom.

These newly discovered exploits in the wild are yet another reminder to hospital security teams of the importance of leveraging security platforms that can adapt to and protect against various threats. Cloud security tools have offered the best promise to deliver meaningful system protections.

In March 2017, WikiLeaks released confidential CIA documents that detailed the numerous vulnerabilities in devices, computers and the internet of things. The documents highlighted the increasing liabilities that hackers can exploit to cause serious data breaches.

The CIA is not the only organization aware of potential weaknesses and exploits that exist in the enterprise. In April 2017, a security research firm announced the existence of a Microsoft Word vulnerability that could allow an attacker to execute code without the need to enable macros.

These are concerning events for hospital IT executives, as they signal real threats surrounding them, and remind them that they are already vulnerable. Security specialists and hospital CISOs are increasingly looking beyond standard protection tools to keep their environments safe and resistant to attacks. With the notion that no one can completely prevent an attack, there have been four key rules that healthcare has been able to adopt when it comes to new security measures that help mitigate some of the risks and ensure patient health data is protected.

Cloud security tools offer around-the-clock protection

It is a common occurrence for hospitals to engage outside security firms to perform security scans and penetration testing in their environments to gauge their overall level of security readiness. These steps are not required under the HIPAA Security Rule, but they can help ensure that no hackers are active within the environment. It can also help identify any changes or gaps that might present a risk.

Unfortunately, the increasing volume of attacks from cybercriminals is forcing hospitals to ditch their on-premises solutions and the periodic security checks for something that offers around-the-clock monitoring. This shift has laid the foundation for cloud security tools that can connect to and monitor networks continuously, while providing teams of experts with access to alerts that they can address in real time. Delivering the tools through a hosted model also reduces the complexity associated with implementation and management.

Cloud security tools reduce upfront infrastructure costs

The digital threats facing hospitals come in different shapes and forms; some infiltrate through email, while others find their way into systems through browser vulnerabilities. No matter what method a cybercriminal uses to infect an organization, IT is constantly adjusting the tools in use and expanding their capabilities by adopting more products.

However, at the current rate of change in security tools, traditional on-premises security options will likely require additional infrastructure. These additions increase the overall costs required upfront, as well as the time for setup and configuration.

In considering cloud-based security tools, IT is finding it more cost-effective to subscribe to a service that can easily be expanded without having to install new servers. Cisco, IBM, Microsoft and McAfee are a few of the platforms available today in the cloud, and they offer different tiers of support with different features a la carte. In most cases, these products must deploy special agents in some of the nodes that need to be monitored. They can also integrate with email services and network appliances to offer full coverage on all potential entry points.

A holistic approach to security and infrastructure safeguards

For a security strategy to be effective, a CISO must implement protections at multiple levels. This includes the firewall, networking appliances, endpoints, mobile devices, encryption, email, content access and web traffic.

Even with the tools that are available today, several can let newly generated threats through if their signature has not been cataloged and pushed out to the local system. To remedy that issue, many of the new cloud service providers are moving to a model in which they leverage machine learning and data collected from their deployed agents to detect threats. This method of identifying an attack prior to developing a patch or update for it can be extremely valuable to a hospital, especially when many of the ransomware attacks tend to get around antivirus tools. Some cloud security tools analyze and detect threats ahead of time.

Security at the edge is becoming a reality

Today, a hospital looking to increase their cloud usage can rest assured that their cloud provider offers security add-ons to go along with their implemented hosted workloads. Whether the hospital is using Amazon or Azure, enabling security extensions on workloads is a matter of a few clicks. This applies to hosted emails and cloud storage, as well. This reality has encouraged IT to let the vendors hosting their workloads manage their own security, removing that responsibility from IT and allowing them to sleep a little better at night.

Adopting cloud-based solutions is a viable alternative to the on-premises implementation of security tools. The increasing threats that hospitals face require a new set of protection tools that can quickly adapt and deliver a much wider scope of protection.

As with any cloud-based service, concerns around possible connectivity outages and denial-of-service attacks can create a lapse in coverage and protections. As hospitals decide to make the shift toward using more cloud-based solutions, it is important to address these vulnerabilities.

Next Steps

Cloud is one option to protect hospitals from ransomware

Data security and HIPAA compliance pose challenges to cloud adoption

Cloud providers offer data backup services

This was last published in May 2017

Dig Deeper on Health care cloud applications and services

PRO+

Content

Find more PRO+ content and other member only offers, here.

Join the conversation

2 comments

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

What other features should hospitals look for in a cloud security tool?
Cancel
When assessing cloud options, healthcare organizations should be careful to ensure that the security and performance characteristics offered by the vendor meet the organization’s needs. For example, public cloud infrastructures offer inexpensive and quick access to compute resources, but the tradeoff is often less predictability and stability in the infrastructure than a virtual private cloud model. Generally, one-size-does-not-fit-all, so the right cloud model should be matched to the right workload. Outsourcing application management services can alleviate some of the burdens of complying with the FDA, HIPAA, ICD-10, Meaningful Use, SSAE 16 or other compliance regulations, as some vendor services offer features specifically designed to help customers comply with these requirements. This can include reduced consulting and training costs, lost efficiency during implementation, and pre-audit overtime paid to staff. Furthermore, there may be cost savings beyond implementation, such as those involved with keeping current on documentation, testing, and responding to auditor inquiries. 

Cancel

-ADS BY GOOGLE

SearchCompliance

SearchCIO

SearchCloudComputing

SearchMobileComputing

SearchSecurity

SearchStorage

Close