Membership
Join as a Business
Cloud Customers
Cloud Solution Providers
SaaS Solution Providers
Current Business Members
CxO Initiative
Contact Us
Join as an Individual
Regional Chapters
Circle Community Forum
Research Working Groups
STAR Program
STAR Registry
STAR Home
Submit to Registry
Provide Feedback
What is the STAR Registry?
Learn how to stay compliant in the cloud.
CCAK Training
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
GDPR Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
CSA Approved STAR Assessment Firms
Certificates & Training
Events
Learn and network while you earn CPE credits.
Events
Virtual Events & Webinars
Certificates & Training
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Train my entire team
Training Instructors
Become an Instructor
Training Partners
Become a Training Partner
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
CxO Initiative
CloudBytes Webinars
Awards & Recognition
Ron Knode Awards
Research Fellows
Industry Specific Research
Financial Services
Healthcare
Getting Started with CSA Research
Best practices for cloud security
Assess your compliance to cloud standards
Security questionnaire for vendors
The top threats to cloud computing
View more
Architectures and Components
Enterprise Architecture
Hybrid Cloud Security
Emerging Technologies
Blockchain/Distributed Ledger
Internet of Things (IoT)
Quantum-safe Security
Securing DevOps
Application Containers and Microservices
DevSecOps
Serverless
Security Services
Enterprise Resource Planning
Cloud Key Management
Security as a Service
Zero Trust
Threat Intelligence
Incident Response
Top Threats
View all working groups

Health Information Management

Latest ResearchJoin Group
Ransomware in the Healthcare Cloud
Ransomware in the Healthcare Cloud

Download

Research Home
View Working Groups
Contribute
Download Publications
Ransomware in the Healthcare Cloud
Home
Research
Working Groups
Health Information Management
The healthcare industry faces significant challenges, somewhat unique to other industries. It requires the collection of huge amounts of sensitive data, that pose significantly longer-term risks compared to other industries. Moreover, the data is inherently more attractive to hackers than other types of data that can be accessed and exploited. As a result, there are a cascade of negative impacts to those organizations successfully attacked: there can be significant fines/penalties or legal actions extracted by regulatory agencies such as HHS, FDA and GDPR. 
From a risk perspective, the damages cannot be fully mitigated such as in financial services with credit card cancellation or closed bank accounts. Private patient data can be re-sold, recycled and reused in an endless cycle of fraud and abuse! Without improved and more effective interventions, the outcomes are very predictable. As more sensitive data moves to the cloud, and more cloud providers, the volume of targets will grow and the volume of data will grow exponentially. The Cloud Security Alliance is committed to its continuation of providing research on all aspects of cloud computing including best practices and guidelines for effective security and compliance. 

Health Information Management

The main objective of this working group is to provide direct influence on how health information service providers deliver secure cloud solutions (services, transport, applications and storage) to their clients.

Join Group

Next Meeting

Nov 10, 2021, 11:30AM PST
Join the Meeting


Working Group Leadership

Vincent Campitelli Headshot
Vincent Campitelli
Vincent Campitelli

After retiring from McKesson Corporation in 2016, Vince joined the Office of the President within the Cloud Security Alliance (CSA). Serving as an Enterprise Security Specialist, Vince supports the vast membership base of CSA in consuming and leveraging the numerous services, tools and expanding scope of research devoted to Cloud Computing. With his background in both the healthcare and financial service industries, Vince actively works wit...

Read more

Dr. Jim Angle Headshot
Dr. Jim Angle
Dr. Jim Angle

Jim has dedicated hundreds of hours to CSA and was instrumental in reviving CSA’s Health Information Management working group. In doing so, he drafted the group’s first charter and went on to become its co-chair. In this role, he authored three papers — Managing the Risk for Medical Devices Connected to the Cloud, Telehealth in the ...

Read more

Join the Circle Group

Cloud Security Research for Healthcare

CSA Research crowd-sources the knowledge and expertise of security experts and helps address the challenges and needs they’ve experienced, or seen others experience, within the cybersecurity field. Each publication is vendor-neutral and follows the peer review process outlined in the CSA Research Lifecycle. We recommend getting started by reading the following documents.

Ransomware in the Healthcare Industry

Ransomware in the Healthcare Industry

Ransomware is the fastest-growing malware threat today. Over the last few years, it has risen to epidemic proportions, quickly becoming a significant revenue stream for criminal enterprises. Ransomware directly affects the ability of the Healthcare Delivery Organization (HDO) to access their data. Ransomware attacks, to complicate matters, cause more than a simple outage. They can attack the backup infrastructure. So, it’s not just about restoring from a backup; HDOs need to ensure that they recover from an uninfected backup. To add to the problem, healthcare data in cloud storage is not immune to ransomware. However, cloud storage can give you a significant advantage with data protection due to the number of flexible recovery options. 

Access this report
Telehealth Data in the Cloud

Telehealth Data in the Cloud

 In the wake of COVID-19 Health Delivery Organizations (HDOs) are rapidly increasing their utilization of telehealth capabilities like Remote Patient Monitoring (RPM) and telemedicine so treat patients without leaving their home. This paper addresses the privacy and security concerns related to processing, storing, and transmitting patient data in the cloud for telehealth solutions. 

Access this report
Managing the Risk for Medical Devices Connected to the Cloud

Managing the Risk for Medical Devices Connected to the Cloud

 This paper explains how to manage medical devices based on their proximity to the patient and introduce practices to secure the use of cloud computing for medical devices. The first section describes requirements for purchasing new devices to ensure the identification and mitigation of vulnerabilities prior to implementation. The second section describes how to manage the risk based on the proximity of the device to the patient.  

Access this report
View All Research

Develop Custom Research with CSA

Work with CSA to develop custom research that aligns with your organizations internal initiatives. Oftentimes there are topics or domains of security that are lacking current best practices or guidance. Ensure your internal initiatives align with the latest developments within the cloud security community by collaborating with CSA. This benefit along with others, are open to CSA Enterprise Members. 



Learn more

Blog Posts

Detecting When Ransomware Moves Into Your Cloud
Read Now
The Use of Blockchain in Healthcare: A Collaboration Between Two CSA Working Groups
Read Now
An Evolving Healthcare Cybersecurity Landscape
Read Now

Press Coverage

Article TitleSourceDate
Cybersecurity in Medical: Industry Growth DriversMedical Device NetworkFebruary 02, 2021
Cloud Security Alliance releases new security guidance for telehealth organizationsSC MagazineJune 11, 2021
Cloud Security Alliance releases new telehealth risk management guidanceSecurity MagazineJune 15, 2021
Cloud Security Alliance Releases Telehealth Risk Management PaperHealthITSecurity.comJune 17, 2021
CSA Offers Guidance on Preventing Ransomware in the Healthcare Cloud HealthITSecurity.comSeptember 23, 2021