Earlier this year Jeremy Hunt- the Secretary of State for Health and Social Care- signed off on the first official guidance specifically designed to help the UK’s National Health Service make the move to cloud.
Although some parts of the NHS already made use of cloud technologies, this marked the dawn of a new digital era for many working within the sector- one in which the widespread adoption of public cloud services and platforms, like Microsoft Office 365, is encouraged and the benefits can become a reality. Benefits which might help to relieve some of the strains currently facing our overstretched healthcare services.
Tighter budgets, fewer staff… it’s well publicised that the NHS is currently having to work with very little resource. But by storing data in the cloud, NHS organisations can rid themselves of some of the costs associated with buying and maintaining the hardware and software required to keep it on-premise.
Meanwhile, behind the scenes, IT teams can use cloud technologies to install more comprehensive backup solutions which will reduce recovery time in the event of a local system failure. And for those on the front line- the GPs and doctors seeing patients day in, day out- cloud could give them the flexibility and freedom to work remotely.
There’s no denying that the benefits of migrating some data from on-site systems to cloud environments could be colossal. This is now being widely recognised, with a recent report from Digital Health Intelligence discovering that 39% of organisations currently not using any cloud technologies plan on introducing some element of cloud-based infrastructure within the next two years.
But, these organisations will only be able to reap the benefits if their new cloud environments are protected. After all- as last year’s notorious WannaCry disaster proved- no one is immune to cyber attack. Not even the NHS…
Everyone is a target
Nowadays, cyber criminals don’t care who they hit with ransomware, as long as the victim is willing to pay up. This is what makes hospitals and healthcare providers very attractive targets. The NHS’s most valuable digital asset- confidential patient information- has become 100 times more valuable than stolen credit card details and when faced with losing it, IT teams often don’t have a choice. They have to pay the ransom because human lives are not negotiable.
This is why it’s important to secure all networks and all patient portals, including websites.
Despite common fears, keeping data in the cloud is just as secure as storing it on-premise- as long as you have a suitable security strategy and invest in the correct technologies.
Making the cloud safe
The fact is that a truly secure medical network infrastructure will probably contain more firewalls than patients, but most traditional firewalls are not cloud ready. Simply lifting and shifting traditional solutions and processes doesn’t work, because some are not engineered with the cloud’s elasticity and scalability. Therefore, IT teams looking to make the most of cloud may need to think about refreshing their security technology stack.
As part of this, they could also consider using machine learning and artificial intelligence in some capacity. These technologies enhance existing security solutions and protect against more cleverly disguised and targeted attacks- such as spear phishing. They do this by establishing a baseline of ‘normal’ behaviour and then flagging any actions that fall outside of it. Anything unusual or out of character is identified immediately, helping IT teams to pinpoint malicious outsiders.
But that isn’t all…
Education, education, education
Effective security is not just about stocking up on solutions and tools. Instead, it’s a combination of technology, people and culture. NHS organisations can block out some threats with a cloud-ready, up to date protection system but it is just as important to implement some sort of user awareness programme and training. After all, often your employees are your last line of defence- especially when it comes to social engineering attacks- so educating about potential threats and retraining around cloud environments will be essential.
As well as providing user awareness courses and materials, organisations can also look to invest in phishing simulation tools. Through mock campaigns, these can teach employees what signs to look out for and how to respond appropriately if- for example- they receive a malicious email. They can also provide useful data for organisations on which employees are most at risk of attack and transform them from a liability to a strength.
Cloud is a whole new world for many organisations within our National Health Service and its benefits could be endless. But, before organisations can reap the rewards, they must embrace a new way of thinking. For those planning on making the move to cloud, security needs to be priority number one.