- According to cloud security vendor Skyhigh Networks, over 90% of cloud services used in healthcare are classified as medium risk or higher: 13% are classified as "high risk" and 77% are classified as "medium risk."
- Skyhigh calculated its risk assessments based on measurements of 54 security attributes, including data encryption and "two-factor" authentication.
- The opportunity for security exploitation of cloud-based services is huge: Currently, there are 944 cloud services in use across all healthcare sectors and 118 collaboration services (like Gmail, for example).
The recent Community Health Systems breach is a striking example of the potential scope of such exploitations. The hack resulted in the theft of 4.5 million patient records and was a result of the open-source software glitch Heartbleed. And the reliance on open-source software, for which there is no warranty of any kind, may prove the lynch pin of the class action lawsuit against CHS, according to Forbes contributor and healthcare expert Dan Munro. Can CHS be held negligent because it relies on on open-source software as "a mission-critical component of web security in protecting patient records?" Munro asks.
Meanwhile, the hack and subsequent release of nude photos of Jennifer Lawrence and other celebs over the weekend is suspected to be the result of a breach in Apple's iCloud feature. Given the tech giant's recent foray into healthcare with its new HealthKit platform, this may raise some concerns about the company's ability to adequately ensure the security of HIPAA-protected data.
Want to read more? You may enjoy this story about Apple's recent talks with major insurers.