Attacks on Your Data…and How the Cloud can get You out of the Rain

cloud rain.png

 It can be daunting without customer-oriented IT or security consultants to break down components and how they fit the new universe of data and storage. You’ve heard of the “cloud,” you likely have it for you phone and even your home computer, you know it’s the current go-to solution for businesses rather than hard storage and bulky servers in your office coat closet.

And yet you’ve also heard of data breaches, hacking etc.  and the liability they produce as between, for example, a little HVAC company, penetrated and thus causing a loss for it’s billion-dollar customer. Indeed the analogous situation is a medical practitioner or imaging center saying “I’m smallfry, I don’t really think about security” Your system, records and/or networked devices (anything from phones to insulin pumps) are breached and infects the major hospital system with which the practice etc. is affiliated. What then?

Enter the cloud, which serves the dual purpose of providing a layer of protection (literally, like a cloud in the sky is remote from your physical network and devices), as well as, outsourcing data and records concerns. The cloud allows you free up technical staff to do more work closer to their core competencies ( if you’re a bigger entity such as a hospital). Or, if a small business, you will not need to staff-up in the IT realm, thus keeping your professionals focused on serving your patients or customers.

Some tech and health experts have called the cloud a “business necessity.”

Indeed, no longer can medical and dental practices, imaging centers, labs…or any small business from the butcher to the baker say, “I don’t understand this. I can’t afford it…” Or this:

Why can’t I just store data from patient/client/customer records to my business spreadsheets, on my little desktop and review them on my phone or tablet at home?”  

Healthcare professionals had the additional excuse: “I can’t put sensitive data or records up in this cloud infrastructure.” This not only includes biometric data but patients’ credit card info, addresses, family backgrounds.

Today, the argument would be why NOT use the cloud.

  • Cloud services and cloud infrastructure have matured and hardened in the last five years, with more emphasis on security as well as amount of storage and accessibility for your business needs.

  • Cloud services are focused on security, while an in-house IT team—one your single IT specialist if you even have one—has many responsibilities.

  • Cloud services update with the latest patches and security measures; your on-site server etc. might not have the same level of attention.

  • Cloud services evolve faster: bringing in new encryption techniques into database management to secure customer/patient/client identifiable information. The new direction is artificial intelligence (AI) and data-driven security monitoring with behavioral analytics. An example is Microsoft’s integrated intelligent security graph that collects billions of data points on a daily basis and uses AI and machine learning to analyze and identify evolving cybersecurity attacks and other malicious cyber behaviors.

Nevertheless, the cloud isn’t the be-all and end-all solution. You must follow the train staff on more traditional attack modes like suspicious emails (“phishing” and “spearfishing”); likewise, you should get a comprehensive security audit (including physical security), vet your staff, provide a policy on the use of personal devices like phones and tablets and any devices you provide. Furthermore, the cloud services provider should be upfront that your data won’t be used for their marketing uses. Your vendor should provide various suites of data storage access and security if they cannot do a comprehensive customization. Indeed, the advantage of the cloud is that there so many levels of service available such that customization may not be an issue. 

Finally, as explained in a previous blogpost (Digital Upload “Cybersecurity Primer for Healthcare Practices”) you and your potential cloud vendor must have a firm grasp on compliance needs and protocols. On the one hand, a vendor who has no knowledge of the regulatory regime under which you work should never be hired, even if they provide the cheapest rates. On the other hand, a knowledgeable vendor will demonstrate compliance compatibility and show you how the cloud prevents server issues, data theft and human-error denials of records that have resulted in major HIPAA fines.

Should you have any questions or concerns, the professionals at Soteryx are eager to listen and provide advice on the cloud and how it can grow your practice, your business, your effectiveness. Contact us at www.soteryx.com. Please follow us on Twitter @SoteryxCorp, Facbook @SoteryxCorp and LinkedIn https://www.linkedin.com/company/soteryx.

Special thanks to Spencer Whittle, intern at Soteryx and a student at Elmira College, in researching and drafting this article.

Shaun Wiggins