Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the wp-mail-logging domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /var/www/html/wp-includes/functions.php on line 6114
Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the health-check domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /var/www/html/wp-includes/functions.php on line 6114
Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the ninja-forms domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /var/www/html/wp-includes/functions.php on line 6114
Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the updraftplus domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /var/www/html/wp-includes/functions.php on line 6114
Notice: Function _load_textdomain_just_in_time was called incorrectly. Translation loading for the rocket domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /var/www/html/wp-includes/functions.php on line 6114 Where should healthcare data be stored? - NextcloudSkip to main content
According to the Information Commissioner’s Office in the UK, healthcare data breaches accounted for 40% of late 2016 security incidents. This type of information is a special nightmare to deal with. On the one hand, the data is obviously highly sensitive, on the other hand, accessing up-to-date medical data without delay can be a matter of life and death for patients. Black hat hackers are very conscious of these facts; they know medical organizations are very likely to pay any ransom if their patients’ lives are at risk.
Digitization raises security issues
With medical processes generating a huge amount of paperwork, no wonder the healthcare sector is pushing towards digitization. Benefits are manifest: medical information can be transmitted easily from one organization to another, patients can have better access to their medical records. But it raises questions: where and how to store the information properly and securely? Each organization which needs access to the data has different governance, management and rules, and it is hard to implement consistent data security policies and training to educate staff on keeping data safe with all the different requirements. Cédric Cartau, Chief Information Security Officer at Nantes University Hospital notes:
In the next 5 to 10 years, we can expect far more security issues, which will require bigger budgets, more staff and teaching best practices.
And what do you do if you are confident in your security policy but you know that this or that hospital you have to share with is not as sophisticated with regards to digital hygiene? Consistent governance is hard: the mix of private and public organizations in most countries like the UK, France, Germany and the US makes unified protocols and policies difficult.
Expensive chaos
Today, the situation is chaotic at best with PBS asking if health care hacking has become an epidemic. Healthcare data can leak from everywhere: according to this report from the U.S. Department of Health and Human Services, the health care industry has averaged close to four data breaches per week in 2016. Patients also carry these vulnerabilities with them, in the form of minimally secured smartphone health apps. And this data is worth a lot of money!
Electronic health records are 100 times more valuable than stolen credit cards
said James Scott, co-founder and senior fellow at the Institute for Critical Infrastructure Technology (ICIT) in Washington D.C.
Public clouds: no solution
IT teams do not have a substantial budget dedicated to security concerns. And when you are attacked every seven seconds on average like the Beth Israel Deaconess Hospital you have a real problem. Some health care organizations made a surprising move: put their data into the Public Cloud. In terms of security, it is indeed a better alternative than building your own system on a shoestring budget. Microsoft, Google and Dropbox spend millions on security. Their teams patch security issues in no time and their core business is making data accessible whenever and wherever it’s needed.
But Public Clouds are not set up very well for handling healthcare data. First of all, using Public Clouds raises privacy concerns, which is particularly worrying when it comes to dealing with such sensitive data. Second, Public Clouds don’t really solve the security issues! Due to the typical consumer-focused nature of of Public Clouds, IT teams have to rely on third-party tools to ensure that only the right people have access to medical data and to enforce the secure use of those clouds. These tools for example provide Identity as a Service (IaaS) and help manage staff-owned devices and sharing. But this is only moving the problem. Using several tools layered on each other multiplies complexity and increases the opportunities for costly mistakes as well as the surface of attack. Now, a breach on several levels and in a variety of tools can leak data!
Delegating security policy also hampers your ability to adapt to changing situations and requirements:
Can you track (or limit!) the sharing or downloading of specific files if you need to for compliance requirements?
Can you change or adapt the whole process if new laws come into force?
Can you at least migrate part of all of your data out of the Cloud to another place if you need to, or is it too costly?
Vendor lock-in and lack of control, the simple fact that your patients’ medical data is intermingled with the data from countless other users in an unknown location, the chance of being part of massive data leaks like this one from Dropbox last year – the risks of the Public Cloud are countless while promised cost benefits usually fail to materialize.
Private cloud: stay in control
The most powerful and elegant solution to the security-vs-accessibility problem faced by the medical sector is implementing a Private Cloud solution. The existing data storage and access technologies, and more importantly, existing governance processes and tools, can be leveraged by software like Nextcloud, making the data caretakers need available easily and quickly while IT can stay in control. The flexible nature of Nextcloud enables deep integration in existing infrastructure.
Ability to restrict and monitor access to data to a specific group of users and to set an expiration date when sharing files is a real need for medical organizations.
Encryption of data on storage allows medical organizations to optimize costs by taking advantage of Public Cloud storage while securing the data with encryption, keeping encryption keys on-premise.
“When we have welcoming communities of contributors, open source software gets better and more useful to everyone.” Limor Fried, Electrical Engineer, Inventor and Founder of open-source hardware company Adafruit We believe in this ideal and love to work with our community. We are always looking to involve more people in Nextcloud, bringing in their ideas, […]
When cables are cut, sanctions are put in place or privacy legislation prohibits the use of the service your entire organization depends on, what can you do? Amidst geo-political changes, organizations face dependencies on large, centralized communication platforms. A major example of this is the SaaS-only communication platform Microsoft Teams. It is the only solution […]
In Nextcloud Hub 8, we introduced interactive widgets, a completely new mechanic that lets you share, access and interact with items from various apps in a compact widget format throughout your platform.
We save some cookies to count visitors and make the site easier to use. This doesn't leave our server and isn't to track you personally!
See our Privacy Policy for more information. Customize
Statistics cookies collect information anonymously and help us understand how our visitors use our website. We use cloud-hosted Matomo
Matomo
_pk_ses*: Counts the first visit of the user
_pk_id*: Helps not to double count the visits.
mtm_cookie_consent: Remembers that consent for storing and using cookies was given by the user.
_pk_ses*: 30 minutes
_pk_id*: 28 days
mtm_cookie_consent: 30 days