November 15, 2013

Keeping your Healthcare Data Safe in the Cloud

by with 4 comments


Image from

Image from

While more and more companies are adopting cloud computing for its convenience and flexibility, the healthcare industry has been little slow in adopting this new trend. But gradually many hospitals and clinics are recognizing the benefits of cloud computing and embracing this technology to revolutionize their procedures. In the modern world of healthcare, it can be extremely challenging for the physicians to keep track of significant amount of information, from patient records to insurance information. With the traditional system, it can be burdensome to transfer physical files from one facility to another, wasting time and spending money on transportation and employee expenses. The cloud storage systems allow organizations to place data on a centralized electronic system that can be accessed anytime from anywhere. The healthcare industry has to deal with the massive amount of data, and cloud services help them to access and manage health records effectively in order to provide better patient care.

Research done by Healthcare IT news (

Research done by Healthcare IT news (

The cloud storage services provide lots of benefits to the healthcare industry. The healthcare data is doubling every year, what that means is the industry has to invest in hardware equipments, tweak databases and servers for storing large amount of data. With a properly implemented cloud storage system, hospitals can establish a network that can process tasks quickly without a drop in performance. Doctors no longer need to be tied to their offices to look up patient information. They can pull up medical records remotely to review patient records and tests. Cloud computing has proven cost effective for patients and healthcare providers, as the patients do not have to pay twice for the same test when they go to different doctors and medical offices do not have to pay for on-site hardware and storage services to maintain medical records. Lastly, the cloud services requires less technical support or maintenance compared to the traditional data storage systems.

However with all these benefits there are certain risks with using cloud services as well. As we all know disasters and security breaches can be damaging to every organization.But with health care it can be even more damaging because healthcare cloud security not only have to ensure that the sensitive patient information are protected but also to ensure the availability of critical medical data that can be the difference between life or death. Two security breaches at Oregon Health and Science University were reported recently.” In the two OHSU incidents, information on a total of more than 3,000 patients was inappropriately posted in unencrypted spreadsheets using cloud-based e-mail and document storage services from Google.” These data breaches expose a lot of personal information of the patients apart from medical records such as name, address and social security numbers.

Image from

Image from

The healthcare companies can take following steps to ensure that patient records are secure in the cloud:

  • Assess your risks: Risk assessments are mandatory for the protection of electronic health records. Conduct tests and evaluations to determine possible threats to your information systems and how will it impact your cloud environment.  “Be thorough in your assessment, and analyze all security policies and architectural vulnerabilities relating to storage and backup, encryption use and data authentication and transmission”.By assessing the risks and their impact you can take corrective actions to protect your information systems.
  • Train employees to use strong passwords: Make sure that your staff uses strong and hard to guess passwords. The passwords should be at least 8 digits long and a combination of letters, numbers and special characters. Also implement a procedure where your staff needs to change passwords periodically. 
  • Logout:  Almost all cloud services log you out after a period of inactivity. Still then make sure you log out of the application once you are done. That will make sure nobody can your information when you are not around.
  • Active monitoring: Constantly monitor and scan your systems to detect any suspicious activities. Set up alerts for anomalies like brute force attempts, abnormal web application requests or suspicious increases in traffic. In case of any security breach, research and determine the data patterns of the attack and take countermeasures for better security.

Keep your health records secure with SpiderOak

SpiderOak is a secure cloud storage service that protects its user data from government surveillance. This service provides users with fully private cloud storage and syncing, featuring all of the benefits of the cloud along with 100% data privacy. SpiderOak is available with onsite deployment and private servers or outsourced deployment through a private and secured public cloud server, so that users and small businesses of all sorts and sizes can tailor the service to fit their needs.

SpiderOak protects sensitive user data with 256-bit AES encryption so that files and passwords stay private. Authorized accounts and network devices can store and sync sensitive data with complete privacy, because this cloud service has absolutely “zero-knowledge” of user passwords or data. And all plaintext encryption keys are exclusively stored on approved devices because SpiderOak never hosts any plaintext data. This way, even if programs like NSA’s PRISM continue to stand unchallenged, people can rest easy knowing that their data is truly protected. SpiderOak’s cross-platform private cloud services are available for users on Windows, Mac, and Linux platforms, along with Android and iOS mobile devices, allowing for full flexibility and mobile access. SpiderOak offers amazing products like SpiderOak Hive and SpiderOak Blue to secure consumer and enterprise data. You can signup for this product now.


  1. I am really worried about the security within the cloud. Medical data is very regulated. I work in the medical data field and we have to keep it very secure. I had to pass a background check and use a security badge to get into my office. I hope the security for this is good.

  2. Having taken a certification course on Health Care IT, I got a real sense of how tenuous security is when sharing private information on a wider and wider scale and how massive data volume is and will continue to be. My medical group has electronic Healthcare Record access and I love it, but I’m always a bit nervous about my information getting out “there” or into someone else’s hands without my knowledge or approval. I think we’ll likely see more situations like the security breaches at Oregon Health and Science University as the push for EHR grows faster than the the ability to keep that data secure.

  3. I wonder why more doctor’s don’t want to adopt using the cloud system. I mean looking at the chart it shows nineteen percent don’t plan on using it. It makes me wonder because there might be a high risk of information being given out on purpose or accident. But on the same hand any information is accessible to anyone if they know what they are doing or looking for. Whether it’s on the cloud system or in a filling cabinet. I think it would be up to the patient’s own discretion if they want there information stored on a cloud system. The doctor or hospital should make it clear that they are using this type of system and can somehow opt to allow it or opt out of it. I think it is extremely beneficial to have all your information in one place and with easy access for your doctor because it saves time and money for everyone involved. Also, I like the idea that if I am out of town and have an emergency or need to go to the doctor they can look up my files using a cloud system. All in all I think more doctors should use it.

  4. I understand that medical data is very sensitive information and that adequate precautions should be taken to keep it private and out of the hands of those who would misuse it. Having said that is there really anymore risk in storing information on the cloud than on a server or hard drive that is constantly connected to the internet? What are the potential factors that make storing this info in the cloud more susceptible to prying eyes and data thieves?