1300 764 482

How to Enhance Your Online Security When Storing Medical Records in the Cloud

SyberScribe AUTHOR: SyberScribe, July 1st, 2019

Cloud computing has not only made real-time collaboration for individuals and businesses an everyday reality, but it has also made it easier for healthcare providers to share information about patients.

We’ve talked before about the Importance of Online Security When Storing Medical Records On The Cloud, and have discussed how hackers are constantly finding ways to breach secure systems.

Healthcare organisations are an attractive target for cyber criminals due to the wealth of sensitive information they hold on file, and a recent ransomware attack on the records of a cardiology unit at a Melbourne hospital shows that such malicious activity is closer to home than we would like. Another notable attack on the industry was last year’s hacking of Singapore’s healthcare system and the theft of personal information of 1.5 million patients.

However, while having readily accessible medical information systems comes with risks, these risks can be significantly reduced if your business is proactive and informed. If you use a comprehensive data security management system and work with trusted Cloud providers, it’s possible to safeguard your patients’ information to the highest of standards, without compromising efficiency.

Today we will be briefly discussing the benefits and risks associated with storing files in the Cloud, and explore the different ways healthcare providers can protect their patients’ information.

Storing medical records in the Cloud: risks versus benefits

Benefits

Storing medical records in the Cloud allows medical professionals to track data over time, easily identify patients who are due for check ups, monitor patient’s test results and improve their overall quality of care. Cloud-based medical records also allow for multiple healthcare providers to share patient data easily and in real-time, allowing for streamlined operations and accessibility for all parties, including patients.

Research has shown that Cloud-based systems have led to improvements in technology capacity, financial metrics, time management, productivity, and even reduced security risks. Data loss was reported to be at just 5%, and only 2% of respondents said they had experienced data breaches.

Risks

The risks of storing medical records and other private information in the Cloud have been well documented. Medical information is protected by law as well as medical ethics guidelines. Technical errors, medical identity theft and other data exposure errors can place confidential patient information at risk. Even encrypted medical information systems have vulnerabilities and skilled hackers can still gain access to these infrastructures.

Because of this, there is growing concern about the government’s recent rollout of the My Health Record scheme. This involved placing the medical records of every Australian in an online database (unless they opted out by a certain date). In the wake of the Singaporean attack and amid criticisms of the platform’s security and privacy shortcomings, many people fear a similar attack on our own system in the not-too-distant future.

The importance of online security for Cloud-stored medical records

As has been noted, Cloud-based systems can offer more stringent security guarantees than self-hosted systems maintained by a healthcare provider, especially if the healthcare provider’s server lacks strict security processes and qualified maintenance staff. In addition, specialised Cloud providers are better able to focus their resources on data security in comparison to a healthcare provider, whose core business activity is servicing its patients.

There are a range of security measures that both healthcare providers and their Cloud-service partners can set up to secure patients’ confidential data, while still taking advantage of the incredible benefits of Cloud-based medical records. Patient data security is the responsibility of both the healthcare and the cloud-service provider.

Invest in training

Every healthcare clinic should invest in cyber defence and personal security training, as this ensures staff members are adequately trained in how to use technology effectively, along with other vital aspects of data security (such as physical security).

A lot of security and privacy breaches occur because employees are not trained to be on their guard against cyber criminals, with phishing (bogue emails) being a classic example.

Tools for protecting the local network

As patient data will pass from the local network to the Cloud, healthcare providers need to make sure their local network is as well-defended as possible. This includes using firewalls, security software and enforcing password-protected and privilege-based access to the network, so only authorised users can gain access.

To guard against unauthorised access due to password theft, many organisations are now also employing multi-factor authentication, where two or more pieces of evidence are required to gain access to a network.

Physical security

Healthcare providers need to make sure that any portable devices – including USB keys, notebook computers, and tablets – that are used to store patient and other health related information are encrypted. Access to these devices and their data should be monitored or restricted, as is appropriate. Healthcare providers should develop a clear mobile device policy to guide staff members and where appropriate, use mobile device management software to enforce the policy.

Additionally, many healthcare providers still use paper for some of their records; access to these physical files should be strictly controlled and records kept locked away when not being used. Any other physical endpoints where data access is possible should be locked down and accounted for.

Wireless networks

Wireless networks are a common security vulnerability, so make sure your software, hardware and other components are kept up-to-date and secured with passwords that are frequently updated. Connection to the network should be managed with a permission-based system and regular monitoring should be undertaken to ensure there are no unauthorised connections occurring.

You should also conduct regular checks for rogue Wi-Fi access points and ensure the boundaries of your wireless network do not extend beyond the boundaries of your physical premises.

Unused data

Legacy, unusable, and unnecessary patient information should be securely deleted. If your healthcare practice regularly deals with a significant amount of obsolete data, provide staff members with specific guidelines for disposing of that data. Seek advice from IT professionals or your in-house tech staff on how to delete this data securely so it cannot be recovered.

A shocking example of data disposed of insecurely was the case where dozens of sensitive patient medical records were found lying in a Melbourne street. There have also been a number of past instances in the US where medical records have been recovered from hospital dumpsters.

Medical devices

Ensure that electronic medical devices receive software patches as soon as they are available. Just as with computers and networks, out-of-date software can expose medical devices to vulnerabilities.

Even a humble fax machine can be a pathway into a network for a hacker, so as well as protecting your computers and routers, make sure any device that is connected to the Internet is also secure.

Data breach plan

It is always better to be prepared in case of a data breach, even if it never happens to your healthcare practice. If you have a data breach plan prepared, you can mobilise your team quickly and respond to any breaches readily, preventing further data loss.

You can also respond quickly to compliance requirements, which now require many hacked organisations (however some are excluded) to inform each individual affected by the breach and advise them of their options.

Review and vet Cloud-based services

Regardless of which Cloud-based service provider your practice works with, have a qualified third-party vet the security of these services, and continue to do so on a regular basis.

A good provider will guarantee uptime of close to 100% and will have the very best security and failsafe systems in place to deal with every possible contingency.

How does SyberScribe take care of your information?

At SyberScribe, we take the private information of a patient’s medical records very seriously. This is why we take smart preventative measures against hackers from stealing this valuable information, such as data encryption, passwords and confidentiality agreements. Contact us today to find out more about receiving safe, secure and high quality medical transcription.