According to the Information Commissioner’s Office in the UK, healthcare data breaches accounted for 40% of late 2016 security incidents. This type of information is a special nightmare to deal with. On the one hand, the data is obviously highly sensitive, on the other hand, accessing up-to-date medical data without delay can be a matter of life and death for patients. Black hat hackers are very conscious of these facts; they know medical organizations are very likely to pay any ransom if their patients’ lives are at risk.
With medical processes generating a huge amount of paperwork, no wonder the healthcare sector is pushing towards digitization. Benefits are manifest: medical information can be transmitted easily from one organization to another, patients can have better access to their medical records. But it raises questions: where and how to store the information properly and securely? Each organization which needs access to the data has different governance, management and rules, and it is hard to implement consistent data security policies and training to educate staff on keeping data safe with all the different requirements. Cédric Cartau, Chief Information Security Officer at Nantes University Hospital notes:
In the next 5 to 10 years, we can expect far more security issues, which will require bigger budgets, more staff and teaching best practices.
And what do you do if you are confident in your security policy but you know that this or that hospital you have to share with is not as sophisticated with regards to digital hygiene? Consistent governance is hard: the mix of private and public organizations in most countries like the UK, France, Germany and the US makes unified protocols and policies difficult.
Today, the situation is chaotic at best with PBS asking if health care hacking has become an epidemic. Healthcare data can leak from everywhere: according to this report from the U.S. Department of Health and Human Services, the health care industry has averaged close to four data breaches per week in 2016. Patients also carry these vulnerabilities with them, in the form of minimally secured smartphone health apps. And this data is worth a lot of money!
Electronic health records are 100 times more valuable than stolen credit cards
said James Scott, co-founder and senior fellow at the Institute for Critical Infrastructure Technology (ICIT) in Washington D.C.
IT teams do not have a substantial budget dedicated to security concerns. And when you are attacked every seven seconds on average like the Beth Israel Deaconess Hospital you have a real problem. Some health care organizations made a surprising move: put their data into the Public Cloud. In terms of security, it is indeed a better alternative than building your own system on a shoestring budget. Microsoft, Google and Dropbox spend millions on security. Their teams patch security issues in no time and their core business is making data accessible whenever and wherever it’s needed.
But Public Clouds are not set up very well for handling healthcare data. First of all, using Public Clouds raises privacy concerns, which is particularly worrying when it comes to dealing with such sensitive data. Second, Public Clouds don’t really solve the security issues! Due to the typical consumer-focused nature of of Public Clouds, IT teams have to rely on third-party tools to ensure that only the right people have access to medical data and to enforce the secure use of those clouds. These tools for example provide Identity as a Service (IaaS) and help manage staff-owned devices and sharing. But this is only moving the problem. Using several tools layered on each other multiplies complexity and increases the opportunities for costly mistakes as well as the surface of attack. Now, a breach on several levels and in a variety of tools can leak data!
Delegating security policy also hampers your ability to adapt to changing situations and requirements:
Vendor lock-in and lack of control, the simple fact that your patients’ medical data is intermingled with the data from countless other users in an unknown location, the chance of being part of massive data leaks like this one from Dropbox last year – the risks of the Public Cloud are countless while promised cost benefits usually fail to materialize.
The most powerful and elegant solution to the security-vs-accessibility problem faced by the medical sector is implementing a Private Cloud solution. The existing data storage and access technologies, and more importantly, existing governance processes and tools, can be leveraged by software like Nextcloud, making the data caretakers need available easily and quickly while IT can stay in control. The flexible nature of Nextcloud enables deep integration in existing infrastructure.
Developed with verified, industry-leading security standards and offering unique tools to verify the security of Private Clouds, Nextcloud offers the most secure and cost-effective Private Cloud solution on the market.
“Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat […]
Read More
“When we have welcoming communities of contributors, open source software gets better and more useful to everyone.” Limor Fried, Electrical Engineer, Inventor and Founder of open-source hardware company Adafruit We believe in this ideal and love to work with our community. We are always looking to involve more people in Nextcloud, bringing in their ideas, […]
Read More
Do you want to learn more about the leading Content Collaboration Platform? Nextcloud is an on-premises, integrated collaboration platform that can work for your organization or business in all sectors from Government, education, healthcare, and many other. Meet Nextcloud at exciting upcoming trade shows from Zukunftskongress and DMEA in Berlin to EdTech Congress Barcelona in […]
Read More
Over the last years Nextcloud Talk has developed in a fantastic productivity tool, enabling teams across the globe to communicate and collaborate in chat rooms, video meetings and webinars.
Read More
Hot on the heels of Nextcloud Hub 4, our desktop client now enables users who are running the latest Nextcloud to take advantage of its improved End-to-end encryption features!
Read More
After a complaint filed by Nextcloud on behalf of a coalition of dozens of European cloud tech providers in November 2021, the German Bundeskartellamt (federal antitrust authorities) has now begun an official investigation into Microsoft to assess if the company has a dominant position in the market.
Read More
Nextcloud users know the importance of integrating different systems and tools to create a seamless workflow. Nextcloud Enterprise allows you to integrate with Microsoft environments for file storage, user directory, Outlook, Sharepoint, Windows Desktop, MS Office online server, and Teams. And now, we are excited to announce a new addition to our lineup: the Nextcloud […]
Read More“Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat […]
Read More
To aid government and business organizations migrating away from Microsoft 365, the Nextcloud Office team is looking for participants for UX studies. In particular, heavy users of Microsoft Office are encouraged to participate and provide their input so the team can identify and address the key blockers for migration. Aim of the study Nextcloud is […]
Read More
