Healthcare clouds are high-value targets for cybercriminals looking to steal and sell personal information of patients on the dark web. In addition to targeting Protected Healthcare Information (PHI), cybercriminals may also target research to steal intellectual property, writes Rajesh Maurya, Regional Vice President, India and SAARC, Fortinet.
The digital transformation of healthcare has had far-reaching effects on patient care. Telehealth and connected devices have changed the way patients and physicians interact and create treatment plans, while workflow management solutions have made care providers more organised and efficient. As technology continues to improve day-to-day interactions and the overall patient experience, behind the scenes it is also transforming how medical research is conducted, providing capabilities that were previously impossible for research teams. This is in large part thanks to the capabilities of the cloud.
Cloud Use in Medical Research
Medical research and pharmaceutical facilities are adopting Infrastructure as a service (IaaS), Platform as a Service (PaaS), and Software as a service (SaaS) cloud environments for multiple reasons. Instances of cloud computing in research environments are likely to grow based on these five key benefits:
The cloud has given medical research facilities the ability to correlate massive amounts of data at an unprecedented rate, providing actionable information without the need for additional specialised equipment or staff. These computing capabilities allow researchers to analyse structured and unstructured data collected across various devices, enabling them to make informed decisions about treatments plans faster and more accurately. As a result, 59 per cent of health IT leaders intend to adopt cloud solutions to support big data analytics.
The proliferation of connected medical devices has yielded massive amount of data that must be stored and accessed for research purposes. The scalability of the cloud enables researchers to continue to collect and store this data in a cost-effective way, without a negative impact on performance.
Cloud use, especially in instances of IaaS, drastically reduces the upfront costs of research that would otherwise require building comprehensive data centers and storage capabilities. Rather than having to build out this infrastructure themselves, research facilities can delegate it to third-party cloud providers, thereby reducing the cost of entry and making research more accessible.
Clinical research often requires input and participation across different research teams and experts distributed across a variety of locations. The cloud facilitates collaboration between geographically dispersed teams through simplified data sharing, while allowing members of these different research teams to instantly access critical information from any device.
Cloud computing allows data to be available in real-time with minimal downtime, giving research teams the ability to process results and make fast decisions as new information comes to light.
While the cloud offers huge benefits in this area, research facilities that wish to take advantage of cloud offerings also have to ensure that data stored in cloud environments remains secure and is compliant with all applicable regulatory standards.
Securing Medical Research in the Cloud
Using the cloud to support medical research means storing the PHI of patients in a third-party database. This makes healthcare clouds highvalue targets for cybercriminals looking to steal and sell the personal information of patients on the dark web. In addition to targeting PHI, cybercriminals may also target research in order to steal intellectual property.
To fully leverage the power of the cloud for research – without compromising patient privacy or original findings – medical research facilities need to deploy dynamic cloud security controls designed to adapt and scale as cloud usage expands. These controls should also incorporate application and distributed denial-of-service (DDoS) security to ensure cloud-based apps cannot be exploited for network entry, or to knock organizations offline. To provide this level of security, healthcare organisations need to employ internal segmentation to enhance data visibility in the cloud and isolate threats while maintaining consistent controls between onpremise, remote device, and cloudbased security solutions.
Healthcare Compliance in the Cloud
In addition to securing intellectual property and PHI, integrated cloud security controls allow healthcare organisations to ensure they maintain compliance with critical industry regulations such as Health Insurance Portability and Accountability Act (HIPAA). While cloud service providers may include a basic set of built-in security features, medical organizations are ultimately responsible for ensuring compliance and maintaining the consistent protection of data and PHI.
This means that medical researchers storing PHI in the cloud need additional controls that provide deep visibility into data movement and accessibility and granular, integrated controls to ensure security and compliance as data moves between cloud environments, local networks, and remote devices, rather than risk fines for noncompliance.
Furthermore, research facilities also have to ensure that their cloud provider is capable of maintaining compliance with regulations across geographies. For example, if regulations prohibit data collected on citizens from leaving the country of origin, researchers will have to come to a cloud service agreement with their providers to ensure they do not store this data overseas. The current trend towards multi-cloud environments complicates security issues even further, as research teams and facilities will need to ensure consistent security posture and policy enforcement across different cloud ecosystems.
It is critical, therefore, that organisation look to adopt security solutions designed to work seamlessly across an increasingly distributed and complex ecosystem of networked environments. Cloud Security Systems need to provide consistent protection and controls across devices and networks, combined with centralised management and orchestration, so organisations can easily and securely scale their networks and services.
The cloud is enabling medical research in many ways. However, storing valuable data in the cloud makes it a target for cybercriminals, and healthcare organisations are ultimately responsible for its security. In order to take advantage of the benefits the cloud has to offer simultaneously while maintaining privacy and compliance, additional security controls must be implemented across cloud environments.