Multi-Cloud Security Solutions in Healthcare

Cloud services are increasingly being used by healthcare organisations, enabling telehealth, Internet of Medical Things (IoMT) and Electronic Health Record (EHR) solutions to have greater availability and be more scalable. However, these solutions are often contained across multiple cloud services, meaning that healthcare data has to be transferred between them.

This data, including patient records, clinical data and personal information, is highly targetable by attackers and require security to be put in place, not only for protecting the individual(s) affected but also to comply with industry regulations.

In this article, we discuss the unique aspects of multi-cloud security for the healthcare industry and the best practice that network administrators should take to protect healthcare data.

The Role of Multi-Cloud in Healthcare

Given the range of different services used by the healthcare industry, many different cloud platforms are typically leveraged in order to provide them. We’ve detailed just some of the cloud applications that the healthcare uses:

To provide greater availability, these applications utilise cloud services from providers like Amazon Web Service (AWS), Google Cloud Platform, and Microsoft Azure. From storing to processing and managing patient data, by alleviating healthcare providers of the need to house dedicated systems, cloud platforms allow for resources to be scaled as and when there is demand for each service.

A cloud-based approach offers healthcare providers with the selection of the best services from each provider based on their specific needs. For example, one provider may offer better data analytics tools, while another is an ideal solution for its secure storage capabilities (which is essential for services such as Electronic Health Records).

Leveraging cloud services has been essential for newer technologies in healthcare, allowing for consistent availability to applications, whilst also being able to manage the variation of patients requiring specific care services.

With a range of cloud services, healthcare providers can support interoperability between different systems, reducing the need for proprietary systems all on a single network. By utilising multiple cloud providers, healthcare organisations can ensure the uptime for services such as telemedicine, clinical data sharing, and remote patient monitoring.

Security Challenges in Multi-Cloud Healthcare Environments

IT decision makers within the healthcare industry should be aware that, although necessary to provide such a wide range of care solutions, utilising multiple cloud services introduces many security concerns. By introducing potentially new attack planes, healthcare providers are increasing the risk to patient data protection and maintaining regulatory compliance.

Compliance with Healthcare Regulations

One of the challenges faced by network administrators is the need to navigate regulatory compliance on a regional basis. The matrix below highlights some of the legislative differences when comparing the UK with North America. The UK guidelines are led by GDPR and NHS Digital, while North American healthcare is guided by HIPAA and PIPEDA.

Managing compliance with these regulations, whilst spread across multiple cloud environments can be challenging. These challenges are due to varying security protocols between providers and even though healthcare data can be stored in a single cloud service may meet compliance requirements, when this data is shared across multiple clouds, it may lose its compliance.

For example, a healthcare network using different clouds for clinical applications and patient portals must ensure that data encryption and access controls meet regulatory standards across all platforms. Failure to do so can result in legal penalties and loss of patient trust.

Increased Risk of Data Breaches

The above example emphasises the increased risk of data breaches that introducing multiple cloud services can create for the healthcare industry. Reconnaissance conducted by an attacker can identify these security shortcomings – enabling attackers to exploit vulnerabilities and deploy threats such as an Advanced Persistent Threat (APT) - as described in our Healthcare Network Security with SASE, SSE, and AI article.

Protecting against threats is essential for the healthcare industry, due to the fact that healthcare data is typically of significant value. A prime target for attacks, Health data is highly sensitive and personal, enabling criminal activities such as fraud and blackmail for any attacker that gets their hands on it.

Complexity of Security Management

When utilising multiple cloud services, it can often be difficult to impose the same policies across all fronts. The below example shows how using multiple cloud services can make a hospital network more complicated:

• AWS: used for storing medical imaging data
• Azure: used for hosting the hospital EHR system
• Google Cloud Platform: for hosting network analytics and processing.

Whilst each may implement their own security measures, vulnerabilities can be found in the differences between how each of these platforms manage these security measures.  For example, differences in access control, data encryption or logging can lead to gaps due to interoperability issues, resulting in weakened security across these cloud services.

This means that network administrators within the healthcare industry should look to gain expertise in all cloud services, rather than becoming a specialist in just one of them. Failure to do so can lead to misconceptions when configuring each of the cloud services – leaving one or more exposed to threats. By becoming an expert in the full range of used cloud services, network administrators can mitigate the complexities of implementing centralised security management that remains consistent regardless of the service’s security features.

Essential Components of Multi-Cloud Security for Healthcare

Identity and Access Management (IAM)

When implementing multiple cloud services for healthcare, arguably the most important security feature that network administrators should configure is an Identity and Access Management (IAM) system. IAM solutions are used to restrict access to network resources, ensuring that only authorised healthcare users can access sensitive patient data.

To supplement IAM, healthcare providers should use multi-factor authentication (MFA) methods and least privilege access principles to ensure that the user trying to access resources is who they say they are and that they can only access the minimal amount of the network required in order to carry out their assigned role. This configuration prevents the network from allowing attackers to pretend they are a healthcare professional (through a compromised account) or attempt to gain information that their specialist profession should not access to.

Data Encryption

Encryption is an essential security measure that converts readable data (plain text) into cipher text, typically utilising a key or hashing algorithm, so that data can be stored/transmitted in a secure format only accessible by authorised users or systems.

Encryption is therefore an essential capabilities for healthcare networks, obscuring patient data so that the data cannot be read by unauthorised accessors, even in the event of a breach.

Artificial Intelligence is increasingly being used to improve encryption protocols by adapting them in real-time to ongoing threats, which introduces dynamic data protection in comparison to traditional encryption methods.

Essential to complying with regulatory requirements, encryption should be at the forefront of healthcare network design. Healthcare providers should adopt cloud-agnostic encryption tools and centralised key management solutions to maintain data security, as this can assist with issues where there are differences in encryption implementations between cloud providers. Automated encryption processes are particularly useful for ensuring that all patient records are protected, even when transferred between facilities or shared during telehealth sessions, as this helps to secure the data even if it is intercepted by an attacker.

Security Information and Event Management (SIEM)

A Security Information and Event Management (SIEM) solution is used to collect and analyse data security in order to monitor and respond to potential threats. More recent iterations of SIEM solutions have introduced Artificial Intelligence, which can more dynamically assess for potential threats, including zero-day threats, due to the ability to comprehend their actions and the threats they pose even if the exact threat-skillset hasn’t yet been seen before.

This is important for the healthcare industry as AI-powered SIEM protection can manage and analyse logs from connected medical devices/systems, allowing for identification of suspicious patterns before they get the chance to escalate.

By implementing SIEM solutions within a multi-cloud environment, network administrators provided themselves with a first-line of defence in the event of a breach. Regardless of where a vulnerability has been exploited or which cloud service it came from, the aim of the SIEM solution is to quickly pick up on the issue, allowing for a timely response.

Compliance Management Tools

Given the strict regulations that healthcare providers have to adhere to, it’s also advisable that IT decision makers within the healthcare sector consider implementing compliance management tools. These tools monitor internal network and cloud environments to ensure that legal standards like HIPAA, PIPEDA and GDPR (dependent on your region) are being adhered to. These tools can automate compliance checks, vastly reducing the workload for network administrators, as well as generating reports which can be especially useful in the event of an audit.

When put into practice, a compliance management tool may flag instances of unencrypted patient data that is being transmitted between cloud services, allowing for immediate remediation and healthcare providers to comply with regulations.

Best Practices for Healthcare Multi-Cloud Security

Implementing multi-cloud security in healthcare requires providers to consider potential weaknesses, vulnerabilities and attack points in the network. Whilst it is not only important to ensure each cloud service is well-protected, protecting against attacks that attempt to intercept traffic in-between cloud services can be just as vital to ensure patient data is not exfiltrated or system availability affected.

This can be achieved through healthcare providers:

• Adopting a Zero Trust Security Model: Zero Trust is an identity-centric security strategy designed to provide no trust-based access to systems and therefore moves the boundary to be from the system to the connecting device. By applying a Zero Trust architecture within the healthcare industry, providers can ensure that patient data is protected across all access points, with verification preventing inherent trust to critical medical systems.
• Conduct Regular Security Assessments: Healthcare providers should perform regular audits of their security measures, conducted both internally and externally. These assist providers with identifying potential vulnerabilities in their multi-cloud setup before a breach can occur. These assessments should include penetration testing (often abbreviated to pen-testing) and overall configuration reviews.
• Invest in Employee Training: Training healthcare staff on best practices is essential for a consistent approach to the network security. As human error is the most significant risk factor for causing potential breaches, educating professionals about secure data handling, phishing awareness, and cloud-specific security measures helps prevent accidental breaches.

Case Study: Securing Multi-Cloud in a Large Hospital Network

The network for a leading healthcare provider struggled with managing data security across multiple clouds, which included:

• Amazon Web Services (AWS): for medical imaging
• Microsoft Azure: for patient record management and EHR systems
• Google Cloud Platform: for network and Internet of Medical Things (IoMT) analytic monitoring.

They had found that the security implementations from each system didn’t line-up, leaving potential vulnerabilities that they needed to patch so that they could meet regulatory demands.

By implementing a centralised Identity Access Management (IAM) solution, automated encryption and SIEM monitoring, the healthcare provider was able to circumvent the potential for breaches and maintained regulatory compliance.

Future Trends in Multi-Cloud Security for Healthcare

In recent years, AI and machine learning are increasingly being implemented in order to improve threat detection and response capabilities. Learning from large datasets and combined threat intelligence, AI can adapt to new threats by learning malicious behaviours, catching even zero-day threats.

Within a healthcare setting, AI network security tools analyse network traffic patterns in real-time to detect anomalies that may indicate breaches, as well as automated threat responses to reduce the time taken when addressing incidents.

This is especially important given how changes to data privacy regulations may require healthcare providers to implement more rigorous security measures over time, particularly in environments that utilise multiple cloud providers and transfer data between them.

Harry Yelland

Cybersecurity Writer

Harry holds a BSc (Hons) in Computer Science from the University of East Anglia and serves as a Cybersecurity Writer here at Netify, where he specialises in enterprise networking technologies. With expertise in Software-Defined Wide Area Networks (SD-WAN) and Secure Access Service Edge (SASE) architectures, Harry provides in-depth analysis of leading vendors and network solutions.

LinkedIn

Fact-checked by: Robert Sturt - Managing Director, Netify