A Prescription for a Secure and Healthy Cloud



Cloud healthcare

The healthcare industry has its sights set on the cloud to help uplevel the efficiency and quality of care and to deliver the modern digital experiences that patients and providers have come to expect. However, healthcare faces steep challenges related to security and data privacy regulations, requiring an overhaul of existing practices and a partnership that can help drive resilience and trust.

Companies in the healthcare space are subject to stringent compliance and privacy regulations, including the Health Insurance Portability and Accountability Act (HIPAA), which mandates specific protections for personally identifiable information (PII) and protected health information (PHI).

These regulations have an outsized impact on healthcare organizations’ plans for cloud migration and modernization. In fact, over 28% of healthcare respondents named security and compliance as their No. 1 decision criterion in choosing where to run workloads, according to Nutanix’s “Enterprise Cloud Index Report.”

The rise of ransomware attacks and potential data theft has put many hospitals and healthcare entities in the crosshairs of hackers. Fortified Health Security’s midyear report found that the healthcare sector had experienced 337 breaches in the first half of 2022, with more than 19 million records impacted in the first six months of the year.

And there’s a significant price associated with the uptick in attacks: IBM Security’s annual “Cost of a Data Breach” report found that a healthcare data breach costs, on average, about $10.1 million, up 9.4% over last year.

“The biggest security challenge for healthcare organizations is the fact that patient data and privacy [are] a lot more important because of [their] sensitivity and personal nature compared to most other industries,” says Shailabh Nagar, offering integration and industry solutions leader and distinguished engineer at Kyndryl. “The regulatory landscape is quite strict, and that can lead to all sorts of issues.”

A roadmap for cloud security success

Organizations in the healthcare sector should start by analyzing the business impact and assessing the maturity of cyberresilience to deliver an actionable road map to address security gaps and risks. It’s critical to address security requirements early in the design and planning stages, not after the fact, when a system has already been implemented. In addition, security strategies should be end-to-end to address potential gaps, not capabilities piecemealed together for protection, Nagar says.

Automation capabilities, coupled with air gap architectures, can help strengthen data security against ransomware attempts and enable regulatory compliance. In addition, cloud-based data integration services such as Cloud API service for FHIR will ensure rapid exchange of data through Fast Healthcare Interoperability Resources (FHIR) standards with an eye to the appropriate security measures.

Kyndryl’s Security and Resiliency Services can help healthcare companies identify risks and vulnerabilities, protect critical applications and data, detect data corruption and configuration anomalies, respond to changes in configuration and data, and recover access to critical applications and data. Kyndryl also provides access to advanced cybersecurity technologies and expertise to help organizations stay abreast of threats, protect confidential patient data, ensure regulatory compliance, and minimize service disruptions.

Kyndryl’s orchestrated approach to cyberresilience is particularly relevant for healthcare organizations, which need to recover quickly to ensure continuity of experience and patient care. “You’re going to get hit at some point,” Nagar says. “If you’re not focusing enough on recovery and putting all [your] energy into prevention, that can be a derailing factor.”

For more on how Kyndryl can improve healthcare through the cloud, click here.