The Health Information Cybersecurity Coordination Center issued a warning Aug. 9 about the security risks associated with cloud services and providers.
Seven things to know:
- The warning cited internal threats such as human error, external threats from malicious actors and the infrastructure itself as the biggest concerns with cloud security.
- The warning emphasizes that since the cloud exists off-site the conventional methods of protection aren't always effective.
- When protecting the cloud, healthcare organizations must work to secure the network, recover data, minimize human error and reduce the overall impact of a compromise, according to the warning.
- Improper cloud security measures can lead to data breaches, ransomware and phishing attacks.
- Threat actors use cloud applications in phishing attacks since users are now accustomed to cloud-based email services sending them links to confirm their identity.
- Shadow IT, the use of information technology services, software or devices that aren't approved by an IT department for use, also poses a significant risk to cloud security, according to the warning.
- The Health Information Cybersecurity Coordination Center said despite the concerns, cloud technology has great benefits to healthcare organizations and that the key is to balance these benefits with carefully considered security measures to mitigate risk.