Application Security IT Security Outsourced IT

Cloud-Based E-Health System Security 

Cloud-Based E-Health System Security 

Cloud-based healthcare computing has become much more common as its advantages, such as scalability, collaboration with Artificial Intelligence (AI), and machine learning, are undeniably attractive. While there are many benefits, there are many concerns and challenges as well. Cloud-computing challenges for applications in healthcare include different types of management, technology handling, security measures, and legal issues1. Electronic health records application frameworks can oversee wellbeing controls, pervasive information access, distant patient checking, quick clinical intercession, and decentralized electronic-medical care records. In health care, electronic health records are required to be sharable among healthcare organizations, medical drug manufacturers, pharmacists, medical insurance providers, researchers, and patients. This poses obvious challenges to the security of sensitive data as this information passes through many disparate network systems and across many devices. The Internet of Things (IoT) coupled with cloud-based e-health frameworks create a system that is innovative, fast, and adaptable, but it is also fraught with security vulnerabilities.  

Cloud Platforms for e-Health 

Public Cloud. A cloud service provider that makes resources available to both public and private users via the internet for free, allowing clients to pay only for what they use. The organization purchases a virtual server and network, and the virtual server can be turned on or off for minutes and can be accessed anywhere. Public cloud services provide customized environments on virtual and identifiable third-party servers and are considered to be a lower cost option without monthly cloud service fees, but it is possible to confront unexpected costs due to higher-than-anticipated usage. 

Private Cloud. A private cloud may be less expensive than a public cloud, but it requires additional equipment expenses that may go to waste if the need for private cloud decreases. 

Hybrid Cloud. Hybrid cloud infrastructure is a combination of two or more clouds that can be combinations of private and public clouds. In a hybrid cloud infrastructure, the organization provides and manages resources within a private data center and provides outsourced services such as VMware. The hybrid cloud infrastructure allows organizations to take advantage of both types of cloud platforms and tailor it to their data storage needs. 

Cloud-Based E-Health Security Issues 

Confidentiality. Unauthorized access to patient health data is dangerous as data leakage could cause serious damage to patients and organizations. As the number of devices used to access patient data increases, so too does the potential for data leakage. Implementing access control and using encryption tools can be help address this security issue. 

Integrity. HIPAA requires that covered entities must implement procedures and policies to protect electronic healthcare information from improper destruction or alteration. A hashing mechanism or checksum for all data can help address integrity issues. 

Misconfiguration. This is a common issue in cloud computing where a misconfiguration of the data center exposes all customer data hosted within the same data center. 

Lack of Security Technologies. Transitioning to the cloud requires the implementation of security architecture to withstand cyberattacks. 

Account Hijacking. An attacker gains access to accounts and exploits sensitive data, cloud systems, or accesses stolen signals, putting accounts at risk. 

Insider Threats. Employees or other insiders may involve malicious servers, save sensitive data to their personal devices or programs, or steal email identities to attack company assets. 

Unsecured APIs. Poorly designed APIs can lead to misuse or compromise data security. 

Cloud-based e-Health systems provide excellent services and benefits to organizations and patients alike, but it is essential for cloud-based systems to have security infrastructure that is carefully and professionally developed for the unique needs and usages of each organization. 

1 Sivan & Zukarnain, 2021, symmetry, “Security and Privacy in Cloud-Based E-Health System”