Information technology staff at health organizations should craft risk management policies and adopt security measures to secure medical data in a private cloud platform, two chief technologists at Lockheed Martin wrote in a GCN article published Wednesday.
Mahesh Kalva and Andrew Underhill said health care IT personnel must carry out certain measures such as penetration auditing, firewall monitoring and hardware components maintenance, in order to protect health care data from potential cloud network vulnerabilities.
An organization should have a security policy that details its “defense-in-depth strategy,” they suggested.
Kalva and Underhill said security policies should address encryption strategies, user authentication, data sensitivity and security, frequency of penetration tests and use of automated tools to detect vulnerabilities.
Health organizations also have business factors to consider in adoption of private cloud services such as requirements from the the Federal Risk and Authorization Program and the creation of a detailed service level agreement, they added.