Change Healthcare unveils BYOK tool with data encryption that uses Microsoft Azure cloud services

Announced Tuesday at Microsoft Inspire, the ‘bring your own keys’ tool lets healthcare organizations create, update and revoke encryption keys on demand.
By Jessica Davis
03:56 PM
Share

Change Healthcare launched a new security tool for its cloud-based analytics suite at Microsoft Inspire on Tuesday.

Now part of the Change Healthcare Security Management suite, the ‘Bring Your Own Key’ service leverages Microsoft Azure to enable providers, payers and hospital organizations to create, update and revoke encryption keys on demand without involving the vendor. Officials said it gives the customer full control over their security needs, including auditing and monitoring.

Customers using BYOK can generate 2048-, 3072- or 4096-bit encrypted public and private key sets. Officials said the customer is given a master password that is unknown to anyone outside of their organization, and even that can be changed at any time by the customer.

[Also: Making the case for investing in identity and access management]

Change said that the keys and master password are encrypted, then divided into multiple parts before being transmitted to Change’s Healthcare Intelligence Healthcare Network for decrypting, reassembling and adding back to the customer’s vault.

“It is of paramount importance that sensitive data be protected by proper encryption that is fully controlled by the payer or provider, so they can mitigate both insider and external threats on their own terms,” Haddon Bennett, Change Healthcare CISO, said in a statement.

BYOK is not a new function. Google, Microsoft, Amazon and others have added this feature to its platforms over the last two years. Traditionally, encryption keys are controlled by the vendor and organizations will call the vendor for network disruptions or for routine key updates.

The tool can also help with identity management, especially with cloud services, and is crucial to controlling who has access to a network at any given time. It ensures former employees, past vendors and the like have their access revoked from the moment they no longer work with the organization.

Hackers can gain access onto a network through accounts that are no longer in use. BYOK or similar services give organizations control over this potentially major vulnerability.

The addition of BYOK for Change’s analytics platform will give customers rapid responses when a potential or active threat is detected through a virtual kill switch that immediately yanks access to protected data and service. Access can be re-enabled quickly with a new encryption key, which officials said will “effectively block active threats.”

Microsoft, for its part, also announced at Inspire new partnership with Walmart to develop cloud-based infrastructure and artificial intelligence in a deal to take on both companies rival Amazon.

Twitter: @JF_Davis_
Email the writer: jessica.davis@himssmedia.com