Putting health data in a public cloud? Make sure you encrypt
Hospitals are increasingly turning to cloud-based services and that will only continue as they need more robust infrastructure for data intensive trends including advanced analytics, population health, precision medicine and value-based care.
But wIth HIPAA regulations on protected health information and personally identifiable information healthcare entities face unique challenges -- and risks -- when it comes to storing their data in the cloud. Among those is making sure that data is safe.
82 percent of databases in public cloud computing environments are not encrypted, according to the Cloud Infrastructure Security Trends Report from cybersecurity vendor RedLock.
[Also: CISOs just can't keep up with flood of data breaches]
What’s more, 31 percent of databases in public cloud environments are open to the internet, and 40 percent of organizations have cloud storage resources exposed to the public, RedLock found.
The analysis, conducted by the RedLock Cloud Security Intelligence team, which consists of security analysts, data scientists and engineers with experience at Microsoft, Credit Suisse and Honeywell, spanned cloud environments in multiple industry verticals and looked at more than one million resources processing 12 petabytes of network traffic and ultimately identified 4.8 million exposed records with sensitive data such as PHI and PII.
[Also: Hospital survival guide for a world overflowing with unsecured medical devices]
Researchers also found that cloud environments are incredibly dynamic and few customers are happy with cloud infrastructure security, which explains why nearly 80 percent of organizations are still only in the trial-and-planning stage of cloud computing.
Twitter: @SiwickiHealthIT
Email the writer: bill.siwicki@himssmedia.com