Why Healthcare Is Warming Up to Cloud-Based Security Solutions

According to a recent survey by Reaction Data, more than 70 percent of responding healthcare executives say the IT industry is headed for the cloud, with a majority (29 percent) citing security as the top consideration in moving.

Along those lines, a growing number of healthcare providers say they have no qualms about implementing cloud-based security solutions because of the maturity of Software as a Service tools.

Ram Ramadoss, vice president for privacy, information security and EHR compliance at CommonSpirit Health (formerly Catholic Health Initiatives) in Englewood, Colo., notes that cloud security vendors have a robust infrastructure and make sure their environment is solid and hardened.

“From an availability perspective, these tools are operating at a high maturity level,” he says. “They have robust controls, so it definitely makes it much easier to achieve compliance with major regulations like PCI and HIPAA from day one.”

Michael Gaskin, CIO for Madera County, Calif.-based Camarena Health, agrees. When Proofpoint released its Data Discover data loss prevention software in the cloud, he didn’t hesitate because the Proofpoint email security software he deployed in house was solid.

“We rely on cloud tools to ensure that our email is protected, data loss is at a minimum and protected health information is secured by our organizational policies,” he says. “Given their history, I had zero hesitation on moving some of their services to the cloud.”

MORE FROM HEALTHTECH: Here’s our checklist for staying HIPAA-compliant in the cloud.

Email Security Issues Loom Large for Providers

Email protection, of course, is an essential element to any organization’s cloud security strategy. But in Q4 2018, healthcare providers faced 96 email fraud attacks on average, a 473 percent increase from Q1 2017, according to Proofpoint’s 2019 “Email Fraud in Healthcare” report. Additional daunting figures from the report include:

• 95 percent of healthcare providers say they were targeted by an attack using their own trusted domain.
• Nearly half (49 percent) of healthcare organizations were targeted in email fraud attacks using at least five spoofed identities.
• 77 percent of healthcare organizations say they had more than five employees targeted by email fraud.

To that end, cloud-based security is a more enticing option for some providers, Frank Dickson, research vice president of IDC’s security products research practice, tells HealthTech.

“Now, almost anything you can do on-premises, you can do in the cloud,” he says. “You may not have a fully baked IT staff in every location, so the cloud enables simplification and the ability to cover a greater number of facilities. It’s less for you to manage and provides for greater efficiency and effectiveness.”

One company taking advantage of the shift in mindset is Imprivata, which in late April announced that it is creating an identity and access management cloud platform specifically for healthcare in a collaboration with Microsoft. For the first part of the collaboration, Imprivata launched Healthcare Seamless SSO, which allows individuals to use badges to tap into Office 365, as well as applications connected to the Microsoft Azure Active Directory.

“Users can access all the applications they need to do their job, whether on-premises or in the cloud, using the existing badge tap workflows,” Imprivata CTO Wes Wright says in an interview posted to company’s website. “Even if they’re on a shared clinical workstation, they now have their applications. When they click on Outlook or Teams, it’s their Outlook or Teams.”