Industry Insights: Personalized healthcare depends upon robust cybersecurity

April 11, 2022 Phoebe Yang

This Industry Insights post is one in a series from AWS thought leaders in healthcare, life sciences, and genomics- exploring the impact of technological innovation and cloud computing in their industries

The conference season is in full swing and finally in person again, after more than two years of virtual events due to COVID-19. As I was coming home from my latest event, I started thinking about the meetings, the dinners, the sessions, and all of the wonderful people I saw again after such a long hiatus and also those I met for the first time. And, as I thought back on the many conversations, I started to see a pattern emerge. Nearly everyone I talked to wanted to see healthcare move toward personalization, as it can be both more cost-effective and better for patient outcomes. As healthcare leaders, we all want better outcomes, more equitable access to care, and ultimately healthier communities.

However, before an organization can even begin to think about personalized healthcare, it needs to think about personal data. And in this case, I mean specifically personal healthcare data – things like clinical notes, payment data, medical images, and test results. Healthcare organizations must think about not only protecting that data, but also making sure it is available at all times. After all, we know that disasters are not an “if”, but a “when.”

Disasters, whether human-made or natural are unavoidable, so planning for them is critical to ensuring delivery of care, regardless of the situation. And, while most are aware of and planning for high-profile data breaches and ransomware, many are not considering the most common types of IT disasters, such as lost laptops, access control errors, server configuration errors, and employee security lapses. In the healthcare industry, where every second is critical, IT downtime can impact data access and cause interruptions in operational and clinical performance system-wide, resulting in patients not receiving the care they need when they need it.

Historically, disaster planning and ransomware mitigation solutions have focused on being able to respond and recover. But, as defined by the NIST cybersecurity framework (CSF), there is a need to implement the capabilities to identify, protect, and detect across the spectrum of vulnerabilities, coupled with understanding the tactics, techniques, and procedures (TTPs) that threat actors use to gain access to IT systems. Organizations can fortify their cybersecurity resiliency with deeper layers of protection and detection and appropriate courses of action that can be automated to prevent an incident, not just respond to it.

Resiliency is core to what really matters in cybersecurity, as it covers the ability to address disasters and disaster recovery along with ensuring the availability of data and applications. And resiliency design principles apply to everything – you should plan on having resilient applications, networks, data, people, etc. Being resilient means you are prepared not only to “bounce back quickly”, but also to prevent and mitigate. Modern cloud infrastructures, such as the AWS cloud, are designed with security as a top priority and also to be resilient by design.

As cloud computing services evolve, they also support more layers of protective and detective capabilities at their core. A good example is Amazon simple storage services (S3) – not only does it have a data durability measure of eleven 9’s (99.999999999%), but also enables a deeper layer of network protection with a private link from on-premises locations to AWS. AWS continues to add multiple layers of protective and detective controls to its services, and the durability of S3 storage can be seen as an additional layer of resiliency by design.

Having a centralized data backup and recovery strategy and solution is also critical to data resiliency. A solution such as AWS Backup makes it easy for an organization to centrally automate the backup and restoration of application data. It enables an organization to centrally create and manage immutable backups of S3 data, protect data from inadvertent or malicious actions, and restore the data to a specified point-in-time.

AWS has been architected to be the most flexible and secure cloud computing environment available today — backed by a deep set of cloud security tools and more than 200 security, compliance, and governance services and key features. We have a shared responsibility model with our customers to enable maximum protection, and we provide a wide variety of best practices documents, encryption tools, and other guidance our customers can leverage in delivering application-level security measures. In addition, AWS partners offer hundreds of solutions, tools, and features to help customers meet their security objectives, ranging from network security, configuration management, access control, and data encryption.

As our customers know, AWS is, and always has been focused on security, and for healthcare organizations intending to provide personalized care that is dependent upon multitudes of data and analyses, this security foundation could not be more critical. If you are one of these organizations, please look at your security posture, your data access points, your storage systems, and your disaster response plans, and build a robust resiliency plan that can not only respond and recover, but prevent, detect, and mitigate. After all, as healthcare leaders our focus is on the best possible care, and that care can not be delivered if we are not able to depend on and leverage best-in-class systems to help us deliver that care.

To learn more about AWS for Healthcare, visit: https://aws.amazon.com/health/

Previous Article
Executive Conversations: Proactive Cybersecurity in Healthcare with Shawn Henry, President of CrowdStrike Services
Executive Conversations: Proactive Cybersecurity in Healthcare with Shawn Henry, President of CrowdStrike Services

Shawn Henry, President of CrowdStrike Services and Chief Security Officer of CrowdStrike, joins Phoebe Yang...

Next Article
Automating the Installation Qualification (IQ) Step to Expedite GxP Compliance
Automating the Installation Qualification (IQ) Step to Expedite GxP Compliance

Read about the Installation Qualification (IQ), a proposed approach that can automate one of the first comp...