The cloud, a key technology for health data security


While cybercrime is increasing rapidly in France and around the world, the cloud makes it possible to respond easily and without massive investments to the issues of security, confidentiality and availability of health services and data. Mathieu Jeandron, Senior Solutions Architect Manager at Amazon Web Services (AWS), explained to DSIH the advantages of this technology.

The number of victims of cyberattacks has quadrupled in 2021 compared to 2020, according to a report on Common Situational Picturepublished by the National Information Systems Security Agency (ANSSI) and its German counterpart, the Bundesamt für Sicherheit in der Informationstechnik (BSI). “Targeting the entire healthcare system and supply chains is a major threat today”warn the two organizations.

This cyber threat brings various risks“against which organizations can protect themselves, by implementing technical, organizational and contractual protection measures”, explains Mathieu Jeandron. The objective of these protections is twofold: to guarantee the availability of the information system, which is particularly critical in healthcare establishments, and to preserve the confidentiality of the data. “Ransomware attacks, data theft, denial of service attacks… It is up to each organization to assess the main risks associated with its system in order to protect itself against them”underlines the expert of Amazon Web Services (AWS), specialized in cloud computing services.

For him, choosing the cloud allows you to benefit – without massive investments in infrastructure, since payment is made on a pay-per-use basis – from a reinforcement of security on two complementary levels to reduce these risks. “First, the customer benefits from the cloud service provider’s intrinsic security measures, which are both physical (protection of data centers against fire or intrusion, data redundancy, etc.) and software (security updates, etc.) “, he explains. AWS is thus HDS (Health Data Hosting) and ISO 27.001 certified, a security management standard that defines best practices in security management and control. The Lorraine Association for the Treatment of Kidney Insufficiency (ALTIR) with the help of SCC, for example, deployed its Electronic Patient Record (EPR) solution in the AWS Cloud, relying on AWS HDS certification.

The second level of security includes the various services provided by the service provider. “The right supplier is the one who will be able to provide its customers with the best level of intrinsic security of the cloud, but also a range of services which will allow it, like a toolbox, to build a completely protected information system”he summarizes. Living has, for example, chosen the AWS Cloud for its platform which allows the simple and secure exchange of medical documents between hospitals, healthcare professionals and patients.

Among these services offered by AWS, he cites the AWS Key Management Service (KMS), which makes it easy to create and manage cryptographic keys and control their use on a wide range of AWS services and in customer applications; AWS Nitro System, a combination of dedicated hardware and lightweight hypervisor that is used by AWS for its virtualization infrastructure, enabling faster innovation and stronger security; Amazon GuardDuty, a threat detection service that continuously monitors malicious activity and abnormal behavior to protect AWS customers, their workloads, and their data. Capable of analyzing tens of billions of events across multiple AWS data sources, GuardDuty uses multiple techniques to identify indicators of compromise, such as machine learning (ML), anomaly detection, and embedded threat intelligence to identify and prioritize hazards.

“Finally, it is important to note that we work with security partners who allow us to meet the needs of the greatest number”, added Mathieu Jeandron. This is the case of the company Fortinet, which offers enterprise security for workloads on AWS, including a next-generation firewall and a web firewall to prevent intrusions.

#security#cloud#HDS#privacy#health data#dsih#cybercriminality

Leave a Comment