Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Member Portal
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Member Portal
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Cloud 101CircleEventsBlog
Master CSA’s Security, Trust, Assurance, and Risk program—download the STAR Prep Kit for essential tools to enhance your assurance!

Research Topic

Health Information Management

Latest ResearchWorking Group
Ransomware in the Healthcare Cloud
Ransomware in the Healthcare Cloud

Download

Research Topics
About Topic
Working Group
Discussion Community
Publications
Home
Research
Health Information Management
The healthcare industry faces significant challenges, somewhat unique to other industries. It requires the collection of huge amounts of sensitive data, that pose significantly longer-term risks compared to other industries. Moreover, the data is inherently more attractive to hackers than other types of data that can be accessed and exploited. As a result, there are a cascade of negative impacts to those organizations successfully attacked: there can be significant fines/penalties or legal actions extracted by regulatory agencies such as HHS, FDA and GDPR. 

From a risk perspective, the damages cannot be fully mitigated such as in financial services with credit card cancellation or closed bank accounts. Private patient data can be re-sold, recycled and reused in an endless cycle of fraud and abuse! Without improved and more effective interventions, the outcomes are very predictable. As more sensitive data moves to the cloud, and more cloud providers, the volume of targets will grow and the volume of data will grow exponentially. The Cloud Security Alliance is committed to its continuation of providing research on all aspects of cloud computing including best practices and guidelines for effective security and compliance. 


Health Information Management

Discuss this topic in Circle

View discussion community

Participate

View the working group

Press MentionSourceDate
Alliance targets healthcare supply chain cybersecurity risk management in new guideSC MagazineMay 12, 2022
Balancing risk management with scalable costs is 'table stakes' for security strategyHealthcare IT NewsMay 17, 2022
Best practices for healthcare delivery organizations to manage supply chain cybersecurity risks Help Net SecurityMay 17, 2022
CSA Provides Best Practices For Healthcare Supply Chain Cybersecurity - Health IT SecurityHealth IT SecurityMay 16, 2022
How healthcare orgs can protect their supply chain from cyber risksHealthcare IT NewsMay 16, 2022
View all

Cloud Security Research for Healthcare

CSA Research crowd-sources the knowledge and expertise of security experts and helps address the challenges and needs they’ve experienced, or seen others experience, within the cybersecurity field. Each publication is vendor-neutral and follows the peer review process outlined in the CSA Research Lifecycle. We recommend getting started by reading the following documents.

Ransomware in the Healthcare Cloud

Ransomware in the Healthcare Cloud

Ransomware is the fastest-growing malware threat today. Over the last few years, it has risen to epidemic proportions, quickly becoming a significant revenue stream for criminal enterprises. Ransomware directly affects the ability of the Healthcare Delivery Organization (HDO) to access their data. Ransomware attacks, to complicate matters, cause more than a simple outage. They can attack the backup infrastructure. So, it’s not just about restoring from a backup; HDOs need to ensure that they recover from an uninfected backup. To add to the problem, healthcare data in cloud storage is not immune to ransomware. However, cloud storage can give you a significant advantage with data protection due to the number of flexible recovery options.

Access this document
Telehealth Data in the Cloud

Telehealth Data in the Cloud

In the wake of COVID-19 Health Delivery Organizations (HDOs) are rapidly increasing their utilization of telehealth capabilities like Remote Patient Monitoring (RPM) and telemedicine so treat patients without leaving their home. This paper addresses the privacy and security concerns related to processing, storing, and transmitting patient data in the cloud for telehealth solutions.

Access this report
Managing the Risk for Medical Devices Connected to the Cloud

Managing the Risk for Medical Devices Connected to the Cloud

This paper explains how to manage medical devices based on their proximity to the patient and introduces practices to secure the use of cloud computing for medical devices. The first section describes requirements for purchasing new devices to ensure the identification and mitigation of vulnerabilities prior to implementation. The second section describes how to manage the risk based on the proximity of the device to the patient. 

Access this report
View All Research

Webinars

Security-as-Code: What's Real and What's Possible with Self-Service and Developer Speed Governance
Security-as-Code: What's Real and What's Possible with Self...

October 26 | TBD

Learn more

View All Webinars

Blog Posts

Healthcare & Cybersecurity: Navigating a Vast Attack Surface
Read Now
Mitigating Risks During Mergers and Acquisitions in Healthcare with Security Testing
Read Now
The Future of Identity Security: Lessons from the Change Health Breach
Read Now
View All Blog Posts