07.11.2017 | Thomas Kessler
Information Security in Cloud Computing
Cloud computing in the (medical) practice
With cloud computing (or “computing in the cloud”), IT applications or data are no longer located locally with users, but centrally with a cloud service provider. This shift of IT to the cloud has also resulted in different use cases:
- The most widespread is data exchange via the cloud. Strictly speaking, an external email inbox (e.g. HIN Mail, bluewin or gmail) is already a cloud solution with more (or less) security. Unfortunately, cloud storage such as Dropbox or WeTransfer are also used to exchange large amounts of data, with the sender caching the data and sending the address for access (hyperlink) to the recipient.
- Data storage in the cloud for an indefinite period of time is now commonplace in consumer electronics, with the healthcare sector (e.g. fitness trackers) playing a pioneering role. Manufacturers of laboratory equipment and other medical devices (e.g. for radiology) have also picked up on this trend and are transferring recorded data to their own central storage facilities.
- Data processing in the cloud via so-called Software as a Service (SaaS) solutions is currently experiencing a rapid upswing in various industries, which has also reached medical practices. Most manufacturers now offer practice software as a service and are pushing cloud-based archiving systems. These solutions are likely to become widespread as soon as any remaining reservations regarding data security and network reliability have been dispelled.
- The cloud desktop, where the user’s end device only serves as a screen for the workstation operated by the cloud provider, would probably be the most consistent form of cloud computing. Whether and when this will also become practicable for a doctor’s practice is difficult to predict at present, however.
Security risks with cloud computing
There are basically three areas of risk:
- Security risks at the cloud service provider: In the vast majority of use cases, data is not encrypted before being transferred to the cloud. The confidentiality and integrity of the data must therefore be ensured by the cloud service provider on three levels: Firstly, the cloud service provider must ensure that its employees are only granted the access rights necessary for their activities (need-to-know or least-privilege principle). Secondly, it must isolate its customers’ applications and databases from one another in such a way that vulnerabilities or errors at one customer cannot affect other customers. And thirdly, they must ensure that their infrastructure is not corrupted by anonymous attackers from the Internet. In addition, there are certain risks in relation to the availability of data, for example in the event of a data center failure or bankruptcy of the cloud service provider.
- Security risks associated with the network connection: With cloud computing, the user communicates with the cloud service via a public network. If the communication endpoints do not authenticate each other reliably, a third party can gain access to the data and applications in the cloud. With an unencrypted communication connection, there is also the risk that the transferred data can be read unnoticed on an intermediate network node.
- Security risks for the user: Inadequately protected end devices or a lack of security awareness on the part of the user can also compromise the security of cloud computing: Malicious encryption software (ransomware) on the workstation encrypts the data even if it is stored on cloud storage. And the operators of cloud services are also largely powerless against a Trojan horse that reads passwords and stores them for later misuse.
Cloud computing is not inherently more or less secure than conventional, locally operated IT In principle, the operator of a cloud service is better placed to keep its central systems up to date and operate them to a high security standard. However, networking creates additional potential security vulnerabilities that need to be monitored.
The management of information security becomes more challenging in any case because several parties are involved and there are additional interfaces. This applies in particular to the risk of collateral damage if either the operator of the cloud service or a poorly isolated other customer falls victim to an attack.
Recommendations for action
Avoid the unconscious use of cloud services
When communicating with patients, hospitals or other service providers, clarify on which IT systems your data is temporarily stored and avoid public cloud storage such as Dropbox or WeTransfer for the exchange of patient data. Find out whether your practice software or laboratory devices copy data to cloud storage without being asked.
Make sure that the data remains in Switzerland**_
Swiss criminal law and in particular medical professional secrecy in accordance with Art. 321 StGB can only be enforced if the data and all persons accessing the data are located in Switzerland. This can hardly be guaranteed with foreign providers of cloud services.
Choose your cloud service provider carefully
As a user of a cloud service, you remain responsible for the security of your data, even if you have no direct influence on the security measures taken by the provider. This must be taken into account appropriately in the contract and requires a high level of trust. Ask each potential provider the 10 questions listed below before deciding on their offer.
Keep a copy of your data as a backup
If the cloud is only used for data exchange, you can fall back on the original in the event of an error. In all other use cases, an error at the cloud service provider can lead to your practice operations being permanently impaired. It is therefore essential that you keep a copy of your data locally or with a second cloud service that you can access if necessary.
Enable strong authentication when accessing cloud services
Passwords do not provide sufficient protection against attacks from the Internet when it comes to accessing patient data. Therefore, ask your cloud service provider to provide you with a secure and user-friendly 2-factor authentication solution.
Use only encrypted communication connections**_
Make sure that all communication connections between your end devices and the cloud service are encrypted. This also applies to machine-to-machine communication from laboratory devices and other medical facilities.
Secure your workstations
Even the most secure cloud solution can do little against malware installed on the user’s workstation. It is therefore important that you configure your local devices securely and always keep them up to date.
Ten questions to ask your potential cloud service provider
- will my data be stored and processed exclusively within Switzerland?
- does the contract design meet the legal requirements of medical confidentiality?
- how can I delete all of an individual patient’s data in accordance with the Data Protection Act?
- are all persons with access to my data subject to medical confidentiality?
- can I request a list of all persons who have access to my data at any time?
- how is data security checked and can I view the audit reports at any time?
- who is my contact person for security issues and how will I be informed about incidents?
- how is my data isolated from the data and applications of other customers?
- how do I get a daily backup of my data that I can also import elsewhere?
- are all connections encrypted and how do I activate 2-factor authentication?
Note: This article was published in the Schweizerische Ärztezeitung of 08.11.2017.