Given the world today, it’s vital to take a comprehensive approach to security
By 2020, 80 percent of all healthcare data will pass through the cloud, according to IDC. I talk with healthcare customers every day and this is already happening.
The reality of “the cloud”
Nearly everyone today uses a smartphone, which stores data in the cloud. Even if people don’t have a smartphone, they’re likely using the Internet and email. So your patients are already there, and you’re probably already interacting with them over email or sharing information online. Same goes for your staff. They’re probably doing some of their work—which involves your health organization’s data—using the cloud.
In other words, even if you don’t think your health organization has officially “moved to the cloud,” you, your patients, and your staff are already there. In fact, the cloud is becoming ubiquitous, so soon we won’t be making the distinction anymore between cloud, on-premises, and hybrid solutions. It will all just be “technology.”
Given the nature of technology moving forward and the increasing prevalence of cyberattacks on health organizations, it’s vital that you take a holistic approach to protecting your infrastructure and data. We help health organizations do that with our comprehensive set of solutions that work together for end-to-end security, protection, and compliance.
For example, the Microsoft Enterprise Mobility Suite can help you manage mobile devices—whether personal or company-issued—and ensure compliance whenever those devices are used to access company resources. It helps you manage and protect the experience across multiple layers—users, devices, apps, and data—with identity-based security.
You can also take a comprehensive approach to protecting against email threats
You can guard your email from known viruses, spam, and malware with Exchange Online Protection (EOP) through layered protection.
And you can help protect against unknown malware, viruses, and other sophisticated cyberattacks such as ransomware by applying behavioral analysis with Exchange Advanced Threat Protection (ATP). Just a couple of examples of how it helps you do that: The ATP Safe Attachments feature opens attachments in a cordoned-off virtual environment to detect malicious behavior. And the ATP Safe Links capability proactively protects your users from URLs that redirect to malicious sites—it dynamically blocks malicious links even if they’re changed after the message has been received.
Global regulations and compliance
You will also want to make sure that the vendors you work with understand the unique security, privacy, and compliance needs of health organizations and can help you keep up with the latest regulatory requirements. This is something we invest in heavily here at Microsoft, and we design our solutions to comply with a wide array of global regulations. For example, Microsoft enterprise cloud services offer customers a Health Insurance Portability and Accountability Act Business Associate Agreement that stipulates our ability to enable compliance with HIPAA technical, administrative, and physical safeguards.
As technology and regulations evolve and cyberattacks become more sophisticated, it’s more important than ever to take a holistic, end-to-end approach to protecting your health organization’s data and infrastructure. How are you tackling today’s security challenges for your health organization? Let us know via email, Facebook, or Twitter. And please also reach out if you’d like help or have any questions or comments.