On S3, each cloud-based storage unit — called a “bucket” — is protected by an access control list, which enables the user to choose one of three options: keep data private, share it for reading or share it for editing. With “permission checks,” one of the new security features on S3, AWS will now display a prominent flag or banner on each S3 bucket that is unprotected and accessible to the public.
In recent months, security experts have discovered a few high-profile data breaches resulting from companies failing to establish permission settings on buckets of personally identifiable information.
In June, a cyber-risk analyst at UpGuard found roughly 14 million Verizon customers’ records on an unprotected S3 server. Within the healthcare sector, a team of researchers at Kromtech Security Center discovered the protected health information of an estimated 150,000 Americans using services from Patient Home Monitoring, a HIPAA-covered entity, on a publicly-accessible S3 bucket Sept. 29.
To access the blog post, click here.
More articles on cybersecurity:
Vanderbilt researchers question results of recent study on hospital data breaches
OCR: 12 tips to secure PHI in mobile devices
Survey: 5 ways businesses secure corporate data on personal devices
At the Becker's 11th Annual IT + Revenue Cycle Conference: The Future of AI & Digital Health, taking place September 14–17 in Chicago, healthcare executives and digital leaders from across the country will come together to explore how AI, interoperability, cybersecurity, and revenue cycle innovation are transforming care delivery, strengthening financial performance, and driving the next era of digital health. Apply for complimentary registration now.
