Managed Care Should Implement Cloud-Based Cybersecurity

September 4, 2020

At the heart of a defensive strategy against ransomware and other cybersecurity risks is a cloud-based approach to protecting data.

While businesses are adjusting to the day-to-day challenges of coronavirus disease 2019 (COVID-19), cybersecurity continues to be an ever-present threat. Risks in health care and managed care settings are especially profound—according to a recent report from IBM Security, healthcare companies incurred the highest average breach costs of all industries at $7.13 million—a more than 10% increase compared to the 2019 study and nearly twice the average industry cost.

This is not just a theoretical risk. Just last month, hackers attacked and encrypted data needed by the University of California San Francisco (UCSF) School of Medicine with malware, refusing to allow researchers access until a $1.14 million ransom was received. Facing no other choice, the university paid up. UCSF is now doubling down on efforts to protect its data bases from future attacks.

In addition to ransomware attacks, cybersecurity risks can come in many forms and cripple businesses, including managed care providers. Computer viruses can spread malware from one computer to another, often without the user being aware. Rogue requests convince users that they need to update their information, when really, it’s a malicious attempt to steal personal or company data. Denial of service (DoS) attacks make it impossible for users to access information from websites. Perpetrators often carry out multiple attacks at one time, attempting to access systems through multiple weak spots.

At the heart of a defensive strategy against ransomware and other cybersecurity risks is a cloud-based approach to protecting data.

Cloud-base systems offer the benefit of a network of servers that can store and effectively secure massive amounts of data. Cloud-based systems also offer flexibility by adding new options such as applications that use machine learning to detect suspicious patterns, multiple authentication points, verification options, and end point monitoring. However, most health care executives are only interested in the top-line benefits. With that in mind, here are 4 easy-to-understand benefits:

First, centralized security. In the event of a threat, cloud security policies are immediately updated, applied, and distributed automatically to curb or eliminate the threat. Cloud-based security can also manage threats without the limitations of physical resources, such as storage space or memory.

Second, greater support scalability. When a security alert is triggered, a cloud-based cybersecurity advisor can bring technical expertise and additional support staff to address the issue remotely, without the need to be physically on location at the site of the server. This allows a faster turnaround time to address the issue, and a 24/7 response team that can begin work immediately when a threat is identified.

Third, greater reliability. Cloud-based security protocols are transparent and continually tested. Health care organizations and other businesses should expect their service providers and an independent third-party to audit cloud security on a regular basis to ensure the infrastructure cannot be corrupted or manipulated. Companies should also see evidence of ongoing backups and patches throughout a contract with a cloud-based vendor.

Fourth, routine back up. The best online cloud-based back up services copy entire datasets to multiple, offsite servers, and because of the infrastructure used to do this, costs remain manageable. Vendors that specialize in set up, capacity, encryption, deleted file retention, and other cloud-backup services usually are a safer bet than setting up cloud-based security through an in-house team, as they are trained to identify the latest threats and can offer additional guidance for protecting and securing your data.

A final caution about Local Access Networks (LANs). Even though LANs are used in many smaller computer networks for a singular facility, they are still at a high risk of attack. Wireless devices in particular can infiltrate LANs and cause irreparable damage before a response is even triggered. In a cloud-based setting, security actions and mitigation measures are faster at isolating an attack to a local area and protecting other endpoints that may be prone to a cybersecurity threat.

In any cybersecurity approach, human error continues to pose a major risk. Unfortunately, it only takes a single person to expose a data center. Human error is an ongoing risk. However, a well-run data center with cloud-based protection is much more resistant to human error, which can be as simple as forgetting to log out of a network, leaving a USB on a desk top, or accidentally providing information to a fake email.

Managed care organizations are enduring stress on a daily basis. Cybersecurity is one risk organizations can influence. Moving security to a cloud-based system massively increases the ability to protect and defend an organization. In doing so, managed care organizations also achieve better care at a lower cost. Especially for managed care providers seeking to improve operations, executives, clinicians, and patients breathe a little easier when data is protected.

Author Information

Jiunn Lim is the chief technology officer at HST Pathways, the leader in cloud-based solutions for the health care industry.