Key Considerations for Securing Your Digital Healthcare Cloud

Saimon Michelson, Chief Architect, CTERA
JUNE 05, 2019
cloud computing,cloud security,cloud healthcare,cloud storage

Healthcare organizations are under financial strain as the costs of patient services rise. From an IT perspective, the exponential growth of patient data and the need to comply with privacy and data security requirements are driving fundamental changes in the way healthcare providers work. New IT technologies, such as digital health and cloud-based services, are helping organizations to do more with less.

Cloud business transformation enables healthcare organizations to achieve compelling cost savings, meeting their needs for greater business flexibility and a secure unified platform for managing patient data.

Recent market research suggests that the cloud model is an increasingly appealing IT strategy for healthcare decision-makers. According to MarketsandMarkets, the healthcare cloud will hit $9.48 billion by 2020, while Esticast projected that the healthcare cloud market would grow at a 23.4 percent CAGR, achieving $25.7 billion by 2024.

However, alongside these benefits, transitioning IT operations to the cloud also introduces several new storage, management and security challenges. This article examines a few key challenges and offers guidance for healthcare organizations migrating to the cloud.
 

Dissecting the Healthcare IT Challenge


Explosive Data Growth

Healthcare organizations face an ever-growing deluge of data that must be stored, managed and protected. Patient data, contained in tools such as EMRs (electronic medical records), EHRs (electronic health records) and PACS images, are increasingly scattered across distributed remote locations — both in file servers and on endpoint devices such as user laptops and smartphones.

The unprecedented growth in patient data, driven by the adoption of new digital technologies such as sensors and wearables, together with long data retention requirements (HIPAA stipulates six years), demands elastic file storage capacity. The cost of scaling and upgrading traditional network-attached storage (NAS) appliances to meet this massive data growth is no longer viable. To reduce their rising storage costs, healthcare organizations seek to migrate from local file storage to cost-effective and scalable cloud storage.

Ransomware and Other Security Threats

It’s no secret that healthcare has been a prime target of cyberattacks in recent years. Due to antiquated IT systems and a lack of advanced security tools, hospitals and other healthcare providers still find themselves vulnerable to hackers looking to steal private and sensitive information.

This vulnerability is reflected in the headline-generating ransomware attacks against hospitals in recent years. These attacks lock down a hospital’s IT systems and demand a ransom payment (typically in bitcoin) in return for a decryption key. In the meantime, hospitals lose access to email systems, EHRs and internal operating systems. In many cases, hospitals were forced temporarily to return to pen and paper for record-keeping. Remediating such an attack, including data restoration, can take days or weeks, and as a result, most hospitals simply prefer to pay.

In 2018, for example, Hancock Regional Hospital in Indiana paid around $55,000 in bitcoin to restore encrypted files. Before that, Hollywood Presbyterian (California) paid hackers around $17,000 in bitcoin after suffering a widespread attack.

On the other hand, hospitals with effective data backup and disaster recovery systems in place were able to weather these attacks without compromising data and without paying the ransom.

HIPAA Compliance and Handling PHI

HIPAA and similar legislation regarding the privacy of medical records require the placement of physical and electronic safeguards to ensure the secure passage, maintenance and reception of protected health information (PHI). HIPAA requires that sensitive information be governed with the strict data security and confidentiality, while obligating organizations to provide PHI to patients upon request.

To ensure HIPAA compliance, healthcare providers must securely store sensitive files in an on-premises data center, private cloud or virtual private cloud (e.g., AWS GovCloud). Public SaaS platforms, like Dropbox, do not meet HIPAA’s data privacy, security or sovereignty requirements.

However, with files residing on users’ workstations, laptops, mobile devices and departmental servers across the organization — complying with these regulations is extremely difficult. What’s needed is a more centralized approach to storing, managing and protecting files. This is one of the strengths of centrally managed cloud storage. Using such a platform, organizations can ensure that all files containing patient information are centrally stored and monitored, helping them to comply with HIPAA and other data privacy rules.

Edge-to-Cloud Computing for Digital Healthcare

While healthcare providers are migrating data storage to the cloud, most healthcare data are created at the edge by medical professionals and Internet of Things-enabled devices. By storing and processing this data where they are created, organizations can reduce the time and bandwidth overhead involved in retrieving this information from the cloud. Another advantage of edge storage is that it assures data availability during a network outage.

Until recently, the cost and scalability advantages of cloud-based file storage came at the expense of performance, latency and data availability. Edge-to-cloud file services bridge this gap, enabling healthcare providers to manage data securely and efficiently, while at the same time making that data instantly available to medical teams. In some cases, accessing the most up-to-date patient information (e.g., allergy history) can be a matter of life and death. In others, like viewing a PACS image, fast data access is essential for delivering the best treatment and care.

Real-World Edge-to-Cloud File Services Use Cases

Imagine a mobile app that enables field physicians to access files securely wherever they are. All information is securely stored in the organization’s data center, so if a user loses or damages their laptop, patient data remain within the organization. Physicians have anytime-anywhere access to the files they need, with the ability to upload images and sound recordings to the cloud. Rather than struggling to send large images as email attachments, users can upload files to the cloud and send a secure hyperlink to their recipients. This type of file sync & share functionality has already been implemented for healthcare providers around the world.

Another possible application of edge-to-cloud involves wearable sensors that track heart rate and blood pressure. These sensors are already popular among sports enthusiasts. These always-on devices generate a tremendous amount of data. Rather than sending all the data to the cloud, the app could process and filter the data in a highly secure manner at the edge and then send only the relevant data (e.g., EKG for the last hour) to the cloud.

Key Ingredients of a Secure Edge-to-Cloud Storage Solution

In terms of architecture, a secure multi-cloud data management solution typically comprises three key components: 1) cloud storage gateway appliances installed on premises at the healthcare provider’s distributed sites; 2) software agents and apps for endpoint backup and mobile collaboration; and 3) centralized, cloud-based management for managing services, users and connected devices. End-to-end data security and privacy protection must be implemented at all levels.

Edge Appliances/Cloud Storage Gateways

Cloud gateways deployed at the edge streamline cloud storage access for remote sites. Whether deployed as a physical or virtual appliance, the filers should perform file caching to optimize user experience and reduce latency. Smart caching solutions allow organizations to move cold data to cost-effective cloud object storage and locally cache frequently used files for fast access. Cloud gateways deliver unlimited file access and seamless collaboration to remote branch users, with visibility to all organizational files centralized in the cloud.

Endpoint Client

This component supports private in-firewall endpoint file services for remote laptops, servers and mobile devices. Typically, these services may include secure file access, collaboration, source-based global de-duplication, backup and sync functionality. This software agent allows users to access all cloud-based files from any device regardless of local storage constraints. Endpoint applications enable highly efficient and end-to-end secure transmission of data across the network.

Data Management

Centralized, cloud-based management of unstructured data — wherever it resides — allows healthcare users to gain complete visibility into patient health from a single authoritative source. Managing endpoint apps, cloud gateways and applications running in the cloud, this component provides comprehensive insight and control over organizational data. This unified approach eliminates data silos and islands created by traditional NAS and file servers. Data management and service orchestration tasks include data protection, file sync & share services, provisioning, monitoring and alerts. To ensure data sovereignty, this component should also support role-based access control and granular event logging.

Data Security

Secure storage and sharing of sensitive patient data is a fundamental requirement for healthcare providers. Data security must be FIPS 140-2 and HIPAA compliant with tools that provide administrators with complete control over information — where it resides, when and with whom it is shared. Security features should include 100% in-firewall deployment, AES-256 data encryption in transit and at rest, private key management, strong authentication and policy-based DLP controls for storage and collaboration.
 

Conclusion

As healthcare providers advance their digital transformation initiatives, secure edge-to-cloud file services offer concrete advantages over traditional file storage. This new approach modernizes branch office file storage, while maintaining the highest levels of data privacy and compliance. At the same time, it allows healthcare providers to dramatically reduce storage costs and total cost of ownership, streamline multi-cloud data management and improve productivity and user experience.
Saimon Michelson is Chief Architect of CTERA.

Get the best insights in digital health directly to your inbox.

More on the Cloud & Healthcare

9 Reasons Why the HIT Cloud Is Growing
Combating the Big Security Risks at Small Hospitals
How Edge Computing Can Advance Healthcare

SHARE THIS SHARE THIS
40
Become a contributor