Think about how many cloud services the average person uses daily on a personal and professional basis. That overlap makes it easy for users to accidentally spread information from their work life into their personal cloud services.
When this happens without the knowledge of IT staff, it can expose an organization to a variety of risks, including loss, theft or public disclosure of sensitive information. Here’s for ways healthcare organizations can better manage employee use of cloud services to minimize those risks.
1. Google Yourself to Check for Exposed Personal Health Information
Some of the most embarrassing and damaging exposures of sensitive information occur when employees accidentally publish data online. Administrators can set up a series of strategic Google Alerts to watch for the presence of sensitive information.
For example, a search for “+site: yourhospital.org +SSN” might provide an early warning of places where you’ve accidentally exposed Social Security numbers to search engines.
2. Audit Cloud Permissions for Healthcare Staff
When you allow employees to make use of approved cloud services, be sure to audit the permissions for those services to prevent the exposure of sensitive data. IT administrators should conduct regular audits of cloud service permissions, paying particular attention to publicly shared files and those shared with accounts outside of the organization.
3. Deploy a Cloud Access Security Broker
Managing cloud use and permissions is time-consuming and can quickly overburden an IT staff. Cloud access security brokers alleviate some of the difficulty of this work by providing a centralized approach to cloud service management.
These tools monitor cloud service use and watch for violations of the organization’s security policies, which can range from improper permissions to the use of nonapproved cloud services.
4. Implement Medical Data Loss Prevention Measures
One way to stop accidental loss of information in the cloud is to prevent it from reaching the cloud in the first place. Data loss prevention tools monitor user activity on endpoints and the network, watching for attempts to transfer sensitive data, including information about patients, to personal accounts. A DLP system can block such a transfer before the data leaves an organization’s network.