SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
Does your healthcare organisation need a security health check?
Thu, 1st Jun 2017
FYI, this story is more than a year old

Healthcare providers store some of the most critical data in the world, making them attractive targets for cyber criminals - especially when cloud computing is starting to transform the sector. Cloud security strategies have never been more important to prevent damaging and embarrassing data loss, according to Palo Alto Networks.

“Healthcare providers want to focus on treating patients. A cloud computing approach means they don't have to worry about data center which is much more cost effective. But as cloud computing takes off in healthcare, a carefully-architected data security strategy is imperative to ensure data stays safe," comments Ian Raper, Palo Alto Networks' regional ANZ VP.

The company says there are three reasons why healthcare providers need to prioritise cloud security:

1. Cyber adversaries are still after healthcare data

Profit-motivated cyber adversaries target healthcare data by using malware to steal data and then sell it to someone who will use it to commit identity theft and insurance fraud; or by using ransomware to encrypt healthcare data and unlock it only after a ransom is paid.

Cyber adversaries are well aware that healthcare data is moving to the cloud, and will continue to target that data in a cloud environment. 2. Security is better in the cloud if providers take the time to plan it out In the rush to move healthcare records to the cloud, there's often an assumption that security comes automatically. Security can be more straightforward to implement in the cloud but it is still only as good as you make it.

“Cloud hosting providers make it easier to manage virtual servers and network infrastructure at the platform level, but healthcare providers shouldn't make the mistake of developing a false sense of cloud security. They still need to deploy and manage advanced anti-malware to their endpoints," Raper comments. 3. A unique opportunity to remedy lingering security issues

Healthcare providers often use legacy applications, which can create significant vulnerabilities. Cloud hosting providers offer capabilities that can make it easier to manage the security of the underlying data within high-risk applications.

“As healthcare providers migrate their applications to the cloud, they can, at a moment's notice, spin up the required virtual servers, and be protected behind a new instantiation of a virtual next-generation firewall," Raper adds.

Migrating applications to the cloud can often present a unique opportunity to evaluate and improve each application's overall security. For example, healthcare providers could:

  • upgrade the application to the latest release
  • deploy the application in a tightly-controlled virtual network segment
  • introduce network-level threat prevention
  • enforce stronger controls on underlying databases
  • eliminate all existing server-level vulnerabilities prior to cutover

One of the most powerful features of the cloud is that it makes bleeding-edge security infrastructure available to healthcare organisations of all sizes.

“Even smaller clinical networks can stand up and deploy enterprise-class, application environments with a small IT team. However, they mustn't fall into the trap of thinking that all they need to do is move an application to the cloud and security will come automatically. With careful planning, they can take advantage of the cost-savings and extensibility that the cloud offers, but they also need to ensure that the right security architecture is in place to keep their patient data safe," Raper concludes.