Say outage to a retail company’s IT department and they’ll probably talk about lost revenue, salvaging a brand’s reputation and restoring consumer trust. Say breach to an e-Commerce IT department and you might hear talk about avoiding a PCI fine. But if you discuss either of those terms with healthcare IT staff, you’ll probably hear about a very different concern – saving lives.
Obviously disasters, outages and breaches are damaging for every organization. But healthcare cloud security goes beyond protecting sensitive personal information to ensuring the availability of critical medical data that can be the difference between life or death. Think of a consultant who suffers an accident or heart attack while traveling and becomes unresponsive. The accessibility of his medical history could help hospital staff save his life. While that may seem like an extreme example, an outage can have disastrous effects on all patient care. A lack of test results or allergy information, patient identity mix-ups or conflicting medications, can all have deadly consequences.
This means that while high performance is mandatory for all healthcare clouds, disaster preparedness is even more crucial. Meeting HIPAA compliance standards and FDA regulations are only one aspect of cloud security for healthcare providers. Critical systems must be kept running and available even in the event of a large-scale failure. And given that major brands like Amazon, Microsoft and Google have experienced outages this year, it’s obvious that every organization can benefit from making sure their business continuity and disaster recovery (BCDR) plans are up to snuff.
The good news: the cloud’s virtualized infrastructure can actually assist you in maintaining uptime and reliability. It’s just a matter of following three steps.
Assess Your Risk
Risk assessments are a mandatory part of protecting electronic health information, yet a 2012 Office of Civil Rights audit found many healthcare organizations and their vendors fail to perform them. If you’re not regularly conducting these evaluations, start by considering possible threats to your information systems. Don’t stop with intentionally malicious human attacks; also include natural disasters like floods or earthquakes or power outages.
After assessing the likelihood of an actual threat occurrence and the plausible impact it would have on your cloud environment, take any corrective actions necessary. Be thorough in your assessment, and analyze all security policies and architectural vulnerabilities relating to storage and backup, encryption use and data authentication and transmission. All of this can go a long way toward preventing a disruption in services.