Healthcare organizations and cloud service providers receive guidance on cloud security measures – Technology

Healthcare organizations and cloud service providers receive guidance on cloud security measures – Technology

To help health care organizations and CSPs address cyber risks,
ENISA presents three practical use case scenarios of cloud services
applicable to the health care sector, namely electronic health
record services, remote care services, and services involving a
medical device-all available in the cloud. ENISA also identifies
factors organizations should consider during the risk-assessment
phase and provides risk-mitigation measures. To begin with, the Report outlines the applicable policy context
(i.e., NIS Directive, GDPR, additional regulators’ guidelines),
recalls cloud computing basic elements and lists the key types of
cloud services in the health care sector. The Report also
summarizes the main security and data protection challenges faced
by health care organizations when using cloud services, such as the
lack of cybersecurity expertise and the complexity of proving
regulatory compliance of the CSPs. While facing a wide range of
cyber threats, such as natural disasters, supply chain or system
failures, human errors and malicious actions, it can indeed be
particularly complex for health care organizations to navigate the
offerings of the CSPs to validate that sufficient data governance
controls are in place, and that privacy by design, data management,
and portability obligations are met. This is all the more important
in view of national and European legislative efforts to introduce class
actions also in relation to cyber breaches. Against this background, the Report provides a set of cloud
security measures and recommended practices for the health care
sector, based on common frameworks for cloud security and the
ongoing work on a cloud certification. Each suggested security
measure is cross-referenced with recommended practices included in
ENISA’s existing Procurement Guidelines for Cybersecurity in
Hospitals and with the different use case scenarios. In
addition, the roles of both cloud customer and CSP are indicated
for each cloud security measure, along with additional data
protection considerations.

As the health care sector is going through a comprehensive
digitalization process, the integration of cloud-based tools and
services creates new challenges in terms of cybersecurity and data
protection. Looking Ahead: Both health care organizations
and CSPs that are active in the European Union should follow
ENISA’s recommendations in order to secure the implementation
of their cloud-related projects and provide an appropriate level of
cybersecurity and data protection.

ENISA published its Report on January 18, 2021. The scope of the
Report relates more specifically to the eHealth ecosystem (e.g.,
health care services and facilities, medical devices and equipment,
remote care, etc.). It provides guidance to the health care sector
and cloud service providers (“CSPs”) on cloud security
practices and on the identification of critical data security
aspects. The Result: The European Union Agency for
Cybersecurity (“ENISA”) published a report on Cloud Security for Healthcare
Services (“Report”). The Report provides a set of 17
security measures for health care organizations-acting as cloud
customers-and cloud service providers (“CSPs”) to provide
cybersecurity and data protection in accordance with applicable EU
legislation (e.g., GDPR and NIS Directive). The Report also
provides practical guidance for health care organizations and CSPs
and sheds light on the stakeholders’ respective
responsibilities for implementing cloud services in accordance with
good cybersecurity and data protection practices.

Although it is clear from the Report that further support is
expected to facilitate the development and implementation of cloud
services in the health care sector (e.g., specific guidance from
national and EU authorities, industry standards for cloud security
in the health care context, guidelines from data protection
authorities on moving health care data to the cloud, etc.), the
ENISA Report provides useful guidance for health care organizations
and CSPs looking at implementing cloud services in compliance with
the current cybersecurity and data protection legal constraints as
well as recommended practices. Three Key Takeaways As the conclusion of the Report highlights, health care
organizations may still be reluctant to adopt cloud services beyond
those relating to the management of administrative data. This is
due to a number of factors, including the lack of cloud expertise
and the extensive compliance requirements, in particular with
respect to data protection and professional secrecy obligations. In
addition, although not mentioned in the Report, health care
organizations and CSPs should take into account the additional data
protection challenges resulting from the recent “Schrems
II” ruling of the European Court of Justice if they
contemplate any transfers of personal data from the EU to third
countries. See our previous Jones Day
Commentary.

As reminded by ENISA, the cloud security measures and the
related responsibilities vary depending on the type of cloud
service (e.g., SaaS, PaaS, or IaaS) and the deployment model (e.g.,
public, private or hybrid cloud). For instance, only the CSP would
normally be responsible for establishing processes for security and
data protection incident management in a typical case of remote
care services-whereas, for the use case relating to the provision
of services based on a medical device, the Report provides that
both the CSP and the cloud customer would normally be responsible
for implementing such a security measure. In total, 17 security measures are suggested in the Report,
including identifying applicable cybersecurity and data protection
legal requirements, conducting a risk assessment and a data
protection impact assessment, establishing processes for security
and data protection incident management and response, establishing
business continuity and disaster recovery plans, and enabling data
encryption for data at rest and data in transit.

The News Highlights

  • Healthcare organizations and cloud service providers receive guidance on cloud security measures – Technology
  • Check the latest Health news updates and information about health.
Disclaimer: If you need to edit or update this news from compsmag then kindly contact us Learn more

For Latest News Follow us on Google News


Latest Headlines
  • Show all
  • Trending News
  • Popular By week
Preferred Bank Reports Quarterly Earnings Nasdaq:PFBC

Preferred Bank Reports Quarterly Earnings Nasdaq:PFBC

News Highlights ...
“New Cyber Security center ” announces C-DAC, development for Supercomputing aided by software solutions

“New Cyber Security center ” announces C-DAC, development for Supercomputing aided by software solutions

The cybersecurity center — Cyber Security Operation Centre (CSoC) — is a 6000 square feet center in Thiruvananthapuram, that the government claims will offer ...
Lewis County residents are invited to enlighten mental health in their rural community |  Lewis County

Lewis County residents are invited to enlighten mental health in their rural community | Lewis County

The research team has a separate 90-minute meeting in each county with agencies and groups that work directly or laterally in the mental health and suicide ...
Saskatchewan’s Vapour Products Tax will increase smoking rates

Saskatchewan’s Vapour Products Tax will increase smoking rates

News Highlights Beamsville, ON, April 20, 2021 (News) — Saskatchewan recently announced a 20% vapour products tax, set to come into effect on September 1, ...
Pac-Man and Hello Kitty turned into interactive AR objects in Google Search

Pac-Man and Hello Kitty turned into interactive AR objects in Google Search

Google is putting a bunch of iconic Japanese characters in Search as augmented reality objects you can interact with. The tech giant is giving you the ...
Minute of health: when to discard your makeup

Minute of health: when to discard your makeup

As Seen on TV / Consumer Expired products can harbor potentially harmful germs. Source Eye makeup, such as eyeliner and mascara should be thrown or replaced ...
Skybox Security delivers industry’s most advanced exposure analysis

Skybox Security delivers industry’s most advanced exposure analysis

Skybox Security evolved its platform to support customers contending with expediated digital transformation initiatives such as cloud migration and IT/OT ...
Local professor receives IRS bill after raising money for families in difficulty during COVID |  News

Local professor receives IRS bill after raising money for families in difficulty during COVID | News

More than $16,000 is how much his purposeful acts of kindness cost him. He told Channel 3 he recorded his spending and every penny went towards relief for ...
Genesis HealthCare Announces Millionth Point-of-Care COVID-19 Test OTC Markets:GENN

Genesis HealthCare Announces Millionth Point-of-Care COVID-19 Test OTC Markets:GENN

News Highlights KENNETT SQUARE, Pa., April 20, 2021 (News) — Genesis HealthCare, (“Genesis” or “Company”) (OTC PINK: GENN), a national post-acute care ...
Siblings serve together in 88th Security Forces Squadron

Siblings serve together in 88th Security Forces Squadron

According to a 2016 article in Time, “Pentagon data shows that 80% of recent troops come from a family where at least one parent, grandparent, aunt or uncle, ...
Show next
Compsmag - Latest News from tech, business and health
Logo