Securing Healthcare Data in the Cloud

It used to be that on a visit to the doctor, a patient’s medical history was scribbled on a sheet of paper and decanted into a fat cardboard file folder. In it lived everything to know about that patient’s health—immunizations, illnesses, treatments, medications, and more. Today, however, those records are frequently held in a computer at the doctor’s office, or stored with a cloud service. Electronic records make it much easier to manage the volume of data a medical practice has to handle, and expedite transferring that data to other practitioners if necessary.

Wearables Do More Than Inspire Exercise

Other, less obvious, personal health records live in the cloud as well. Today, thousands of people have wearable devices on their wrists or bodies, monitoring everything from step count to sleep patterns and syncing that data to the cloud, where they can look at and compare their stats—or even send them to their doctors. Recording and tracking this data is fun, and sometimes useful. But to patients and physicians, that same cloud-based monitoring can make the difference between a well-managed condition and a constant struggle to adjust treatment by trial and error, thanks to medical wearables such as smart garments that log vital signs, and connected blood sugar monitors.

(Read more about how digital technology is changing the relationship between patient and doctor in The Economist Intelligence Unit’s “The Role of Cloud Computing in the New Doctor-Patient Relationship.”)

However, with these benefits come risks, specifically in the security and privacy realms. Sadly, the medical world, especially that of devices, has lagged in its implementation of security, and that puts patients at risk in several ways.

With Advances Come Risks

First, there’s the risk to privacy. That computer the doctor uses could be lost or stolen, and if the data on it isn’t encrypted, patients’ most intimate details can be revealed. Worse yet, if the data hasn’t been backed up, all of that medical history could be lost. And if the medical systems are connected to the Internet, and those connections are not secured, they could be hacked and could leak data that can be misused.

Patients’ personal data could be used to scam them, for example (who wouldn’t want a cure for a chronic disease?), or even as blackmail fodder if they have a medical condition they’d rather not be made public.

Unlikely? Hardly. In the first three months of 2015 alone, almost 100 million patient records were compromised in only the top six attacks. Healthcare data has become more valuable to hackers than credit card numbers, so hackers are aggressively seeking it. Small medical offices in particular have little defense.

Working Toward Secure and Accessible Data in the Cloud

Fortunately, cloud providers serving medical offices have stepped up to the plate, offering secure online data storage that meets regulatory standards and leaves no vestige of personal information on the physician’s device. Adoption is growing rapidly; researchers at MarketsandMarkets predict that by 2017 healthcare organizations will spend $5.4 billion on cloud services annually.

But anything connected to the Internet is vulnerable to data breaches. Even medical devices themselves are hackable. Insulin pumps and other drug infusion pumps, if compromised, could be used to dispense lethal doses of medication; pacemakers could be reprogrammed with deadly consequences. Alarmist? Not when the FDA is also warning about the risk. Equipment manufacturers have a lot of work to do.

On the whole, however, cloud providers—with their expertise and rich resources—have a much better chance of protecting critical medical data than a doctor who plays part-time system admin. So getting those records out of the file folders, off physicians’ computers and into the cloud is a good way to protect them from loss while maintaining accessibility—the best of both worlds.

Stay tuned for the second article in this two-part series on cloud and healthcare—a look at the role the cloud plays in preventive healthcare.