Analyzing the Dangers and Risk Associated with Cloud Computing in the Health Care Industry
Alfonso I. Evans
As technology continues to advance, so do the ever present threats to steal important information. Businesses all around the world are trying to cut cost to increase profits and sometimes it comes at the expense of information technology. One technological advance I will be analyzing is cloud computing and if it is a viable solution. The healthcare industry has begun putting patient information on networks that can be accessed by a number of physicians to maintain a complete record of health history. The problem with this system is that a single ...view middle of the document...
It is important to recognize that as a customer to the company providing the cloud storage management, the management team should understand all the policies and procedures in place as it pertains to their information. It is also important for healthcare providers to guarantee and preserve the privacy of patient records in accordance with HIPAA Privacy Rule.
Patient Information in the Cloud
Data on the cloud is almost always encrypted; this is to ensure the security of the data (Prahash, 2011, p. 40). Any health care installation should make sure that only authorized individuals can access patient information. The IT department is responsible for ensuring that they add data encryption, digital signatures, and monitor the system for log-ins of all people. All sensitive patient information must be stored securely in a private medical record so that information can be shared by different doctors or medical personnel. The digital signature is a useful tool that provides authenticity, integrity and nonrepudiation (Rodrigues, De la Torre, Fernandez, & Lopez-Coronado, 2013). Encrypting the data makes it unreadable be someone that is unauthorized. Unfortunately, HHS.gov states that in regards to HIPAA rules, it is not mandatory to use encryption for data but highly recommended. There is no standard to which encryption method is used universally to protect patient records. Some cloud providers are using encryption methods like SHA-2 and AES-256 but I would go with using attribute based encryption because attribute based encryption generally involves encrypting the attributes neither encrypting the whole data. Encryption in ABE is easy and secure and inexpensive compared to other encryption discussed. The ABE is secure because the encrypted data contains the attributes rather than the data. In case of any malicious attacks the data never is leaked (Kumar, Lakshmi & Balamurugan, 2015). Because the data is being transmitted over cyber space it is also important that health care cloud service providers use some types of data in transit encryption such as SSL/TLS and IPsec.
The danger to patient records is high because of the information contained in them. There are vulnerabilities that can go unchecked if the cloud service provider’s IT department is not maintaining vigilance. These vulnerabilities include SQL injections, unchecked user input resulting in buffer overflow, etc. However, because of the additional complexity created by the cloud environment, more avenues of attack are possible (Wooldridge, Yagudin, Cheng, & Lin, 2011).
With these main concerns we will take a look at our qualitative risk assessment first using a basic chart to show our threat levels:
We will look at our vulnerabilities and assess the appropriate risk levels:
Name | Risk
Description | Threat
Source | Existing
Controls | Probability | Impact | Risk
Level | Recommendation for the best new safeguards. |