From a risk perspective, the damages cannot be fully mitigated such as in financial services with credit card cancellation or closed bank accounts. Private patient data can be re-sold, recycled and reused in an endless cycle of fraud and abuse! Without improved and more effective interventions, the outcomes are very predictable. As more sensitive data moves to the cloud, and more cloud providers, the volume of targets will grow and the volume of data will grow exponentially. The Cloud Security Alliance is committed to its continuation of providing research on all aspects of cloud computing including best practices and guidelines for effective security and compliance.
The main objective of this working group is to provide direct influence on how health information service providers deliver secure cloud solutions (services, transport, applications and storage) to their clients.
Nov 10, 2021, 11:30AM PST
Join the Meeting
Working Group Leadership
After retiring from McKesson Corporation in 2016, Vince joined the Office of the President within the Cloud Security Alliance (CSA). Serving as an Enterprise Security Specialist, Vince supports the vast membership base of CSA in consuming and leveraging the numerous services, tools and expanding scope of research devoted to Cloud Computing. With his background in both the healthcare and financial service industries, Vince actively works wit...
Dr. Jim Angle
Jim has dedicated hundreds of hours to CSA and was instrumental in reviving CSA’s Health Information Management working group. In doing so, he drafted the group’s first charter and went on to become its co-chair. In this role, he authored three papers — Managing the Risk for Medical Devices Connected to the Cloud, Telehealth in the ...
Cloud Security Research for Healthcare
CSA Research crowd-sources the knowledge and expertise of security experts and helps address the challenges and needs they’ve experienced, or seen others experience, within the cybersecurity field. Each publication is vendor-neutral and follows the peer review process outlined in the CSA Research Lifecycle. We recommend getting started by reading the following documents.
Ransomware in the Healthcare Industry
Ransomware is the fastest-growing malware threat today. Over the last few years, it has risen to epidemic proportions, quickly becoming a significant revenue stream for criminal enterprises. Ransomware directly affects the ability of the Healthcare Delivery Organization (HDO) to access their data. Ransomware attacks, to complicate matters, cause more than a simple outage. They can attack the backup infrastructure. So, it’s not just about restoring from a backup; HDOs need to ensure that they recover from an uninfected backup. To add to the problem, healthcare data in cloud storage is not immune to ransomware. However, cloud storage can give you a significant advantage with data protection due to the number of flexible recovery options.
Telehealth Data in the Cloud
In the wake of COVID-19 Health Delivery Organizations (HDOs) are rapidly increasing their utilization of telehealth capabilities like Remote Patient Monitoring (RPM) and telemedicine so treat patients without leaving their home. This paper addresses the privacy and security concerns related to processing, storing, and transmitting patient data in the cloud for telehealth solutions.
Managing the Risk for Medical Devices Connected to the Cloud
This paper explains how to manage medical devices based on their proximity to the patient and introduce practices to secure the use of cloud computing for medical devices. The first section describes requirements for purchasing new devices to ensure the identification and mitigation of vulnerabilities prior to implementation. The second section describes how to manage the risk based on the proximity of the device to the patient.
Develop Custom Research with CSA
|Cybersecurity in Medical: Industry Growth Drivers||Medical Device Network||February 02, 2021|
|Cloud Security Alliance releases new security guidance for telehealth organizations||SC Magazine||June 11, 2021|
|Cloud Security Alliance releases new telehealth risk management guidance||Security Magazine||June 15, 2021|
|Cloud Security Alliance Releases Telehealth Risk Management Paper||HealthITSecurity.com||June 17, 2021|
|CSA Offers Guidance on Preventing Ransomware in the Healthcare Cloud||HealthITSecurity.com||September 23, 2021|