HIPAA Blog

[ Tuesday, June 21, 2011 ]

 

How Vulnerable is the Cloud? Providers don't want to use "the cloud" because they're afraid of security risks. So far, no big breaches can be blamed on the potential lack of security of using "the cloud" for data storage and retrieval. However, that could be because no providers are using the cloud.

I'm still a little suspicious. If you're using the cloud and good encryption, then it shouldn't be a problem. If you're putting unencrypted PHI in the cloud, I think you may well be taking a much bigger risk than you realize. Be safe out there.

Jeff [8:19 AM]

Comments:
Disagree that there have been no breaches attributable to the cloud. Put cloud + breach in Google and see what you get. For example, see http://www.techjournalsouth.com/2011/06/half-of-cloud-service-users-had-a-breach-malware-detected-in-amazon-cloud/

Jonathan P. Tomes, Attorny and HIPAA consultant
 
To be fair, I said "no big breaches could be blamed on the cloud" so far, and so far (at least as far as the OIG Wall of Shame is concerned) that's true.
 
I agree that the last time I visited the "OIG Wall of Shame" it had no breaches attributable to the cloud.

And yes, you did say "big" breaches. But going past the Wall, and while it was not strictly a HIPAA breach, Google Health is shutting down its online personal health records initiative after suffering a massive theft of password information which could comprise almost all of its web services. For a possible HIPAA cloud breach see http://fcw.com/articles/2010/12/23/va-calendar-cloud-breach.aspx.

I appreciate the dialog. I'm working on an article on the risks in cloud computing along with two tech guys.
 
Let me know when the article is done, I'll link to it. Thanks.
 
Post a Comment
http://www.blogger.com/template-edit.g?blogID=3380636 Blogger: HIPAA Blog - Edit your Template