Over the weekend, organizations around the world were stopped in their tracks due to the ransomware “wannacry.” Although the latest ransomware attack to make the news, this isn’t a new phenomenon. Because the stakes are so high when it comes to delivering critical care to patients, healthcare organizations, in particular, are prime targets for cyber criminals. Last year, 13 ransomware attacks against US hospitals were reported in just the first 3 quarters of the year and attacks are increasing. In response, agencies across the globe are issuing increased warnings to healthcare organizations to protect themselves and the patients they serve from the growing threat.
True cloud security
Healthcare organizations are turning to true cloud solutions to reduce security risks. Think about it this way: let’s say you have a single 100 unit apartment building downtown and 100 houses spread across the country. If you wanted to secure each building, it is much easier to focus your attention on one location than 100 locations spread across a large area. The same goes for software. True cloud software companies are in a better position to ensure security because they can standardize and have tighter controls around all of their processes and systems due to their singular focus on the one instance of their software. In fact, some of the hospitals hacked in 2016 were (and continue to be) Kit Check customers and, even though many of the hospital hosted systems were hijacked, Kit Check remained accessible and pharmacy continued to process trays quickly and safely throughout the entire ordeal.
Security risks of self-hosted or vendor-hosted client-server software
Here are 3 reasons why hospital pharmacy leaders should be wary of the increased security risks of using old-school, self-hosted or vendor-hosted, client-server software products:
- Staying on top of all the security patches released by different vendors, which often require taking systems offline to apply, is an often insurmountable task for hospital IT groups.
- The majority of client-server software products run on Microsoft Windows and because of that large market share Windows systems are more frequently targeted by cyber criminals.
- Even when hosted by the vendor, the software provider is managing multiple instances and versions of their software for each customer. Expanding the analogy above, maybe the houses aren’t spread across the entire country, but each house has different configurations of doors and windows. Due to that variation, it is much more difficult to identify and secure potential risks.
Security advantages of true cloud software
Here are 3 reasons why hospital pharmacy leaders should insist their next pharmacy IT purchase be a true cloud solution:
- True cloud solutions rarely run on Windows infrastructure and thus are less frequently targeted by cyber criminals.
- True cloud providers standardize their infrastructure. Less complexity = less risk.
- True cloud providers only run one instance of their software (albeit spread across highly redundant infrastructure) and there is also no such thing as an “upgrade”. True cloud providers roll out security fixes (in addition to bug fixes and new features) in a way that requires no downtime and is unnoticeable to end users which means they can fix issues as soon as they have a solution ready and all their customers get the fix at the exact same time.
The benefits of true cloud applications are so advantageous that healthcare organizations are abandoning self-hosted and vendor-hosted client-server applications in droves. In response, many client-server companies are putting their old software on services like Microsoft Azure and slapping a “cloud” label on their offering in an attempt to compete. Don’t be fooled by these cloud imposters as they don’t provide the same advantages as true cloud solutions. If the software vendor doesn’t host 100% of their customers and/or offers self-hosted options in addition to their “cloud” offering… you are dealing with a cloud imposter.