We've touched on cloud security risks here on the Ananova blog in the past. In case you missed any of the articles, here's a quick fact: cloud hosting is just as risky as traditional hosting. While it may seem as if it is more vulnerable to hacker attacks, that is just simply not true. It's all in the way you store your data, and the strength of the password that protects it.
When you turn to cloud hosting for the healthcare industry, it becomes even more important to follow best practices. You don't want the medical records, social security numbers, imaging files like x-rays and MRIs, and other confidential data to be compromised!
Porticor: Security Is Key
How do you safely manage and store all of this data while minimizing the risk of a security breach? Probably the single most important step you can take in order to ensure security: encryption. This is a no-brainer. The key lies in how you encrypt that information.
You need to keep patient data safe, while at the same time maintaining regulatory compliance. That means you need to think long and hard on your strategy regarding encryption keys. Typical methods don't really apply with cloud hosting — you are trying to cut out the data center, so making your ISP the key holder isn't going to work here.
Porticor: What Works
One idea is split-key encryption, a method normally used to encrypt smaller files. Porticor is a company that revamped the process to make it faster than before, allowing it to be used for larger files like you would find in a healthcare database.
Porticor: How Does It Work?
Let's use a doctor as an example. The doctor enters data into the system, which is encrypted, and the key to access that data is split into two. The doctor is the owner of the “master key,” the first half. The second half heads to the Porticor Key Management Service for future use.
The master key is the doctor's, protected by homomorphic encryption. With this method, the master key is encrypted at all times. Not just in the cloud, but even when it's being used. What's more, each time you use the key, it is encrypted in a new way. That means that even if someone hacks in and steals the master key, it is useless. It cannot be used to access any patient files.
If that doctor wants to allow, say, the hospital access to his files, he can create a key for the hospital, which will also be split into two. The hosting provider cannot access this information at all, just the doctor and whomever he grants a key to.
This isn't a new technique used to encrypt data, but has been historically slow and not something a business would think to rely on when data must be obtained quickly. Porticor has found a way to make this a much faster process, allowing any industry to quickly access their records in highly secure fashion.
Do you think this is a positive advancement in the healthcare industry, or do you still have doubts it is secure enough to store such sensitive data in the cloud?