Healthcare Information Security

Cloud News

What are the 3 Key Layers in Healthcare Data Security?

Healthcare data security requires organizations to incorporate strong physical security measures, logical security measures, and compliance measures.

By Bill Kleyman

- The healthcare industry used to be on the sidelines of the cyber war, with breaches and malicious attacks far more common elsewhere. That has all changed.

Healthcare data security requires three key layers to be successful

Five of the eight largest healthcare security breaches over the last five years—those with more than 1 million records compromised—happened during the first six months of 2015. Almost 100 million healthcare records were compromised.

Today’s healthcare organizations must take extra precautions when creating secure data center and infrastructure environments. To that extent, there are three core layers within healthcare to consider.

This revolves around physical, logical, and compliance-based security.

The three levels of modern healthcare data center security

READ MORE: How Automation, Orchestration Impact Healthcare IT Security

As you work to create your healthcare data center and cloud partnerships, it’s important to note that modern cloud and data center security has evolved quite a bit.

Modern data center and cloud providers take security and break them out into three critical levels to ensure compliance, efficiency, and workload security.

Physical Security

Too often, we get lost in the more traditional conversations around healthcare cloud and infrastructure security. Still, a critical way to secure your data center against advanced persistent threats (APTs) is to create a truly holistic approach to security.

This starts with physical cloud and data center security. There have been some big breaches that have happened because a locker was left open and a physical disk was taken.

READ MORE: Survey Finds Cloud Security, IoT Security Potentially Lacking

Let me give you an anecdotal example. As reported in a recent article, Texas Health Harris Methodist Hospital Fort Worth has put up a notice on its website titled “The Microfiche Incident.

That notice goes on to explain how on May 11, a portion of the microfiche meant to be destroyed by its paper-shredding vendor, was removed from a “secure” locker and later found in a park.

What did that microfiche contain? Patient names, patient addresses, dates of birth, medical record numbers, clinical information, health insurance information, and in some instances Social Security numbers.

Now, you might not be trying to secure microfiche, but what about backup tapes? Recovery drives? Entire rack lockers? With physical security being the most visible, data center and cloud providers – that are ready for healthcare customers – must make sure that their customers and visitors clearly notice the setbacks, fencing, active guard patrols, ID checks, visitor screening, active video monitoring, biometric access control (both iris scans and fingerprints), and other critical security factors.

This helps keep the physical aspect of your healthcare cloud and data center ecosystem secure.

READ MORE: OIG Finds Unprotected PII in Federal Cloud Computing System

Logical Security

Virtual appliances, services, and other abstracted security features are making their way into the data center. Furthermore, these new technologies are being utilized by healthcare organizations.

Pretty much all major security technologies now offer a physical and virtual appliance for you to work with. For example, security products now allow you to deploy virtual appliances and services throughout your cloud and localized network infrastructure.

These software blades can be deployed on any virtualized system and include Firewall, VPN, IPS, Application Control, URL Filtering, Antivirus, Anti-Bot, Identity Awareness and Mobile Access capabilities. And, they can help isolate and protect key repositories processing PHI data points.

Remember, it’ll always be your responsibility to ensure optimal security around your own workloads. However, data center providers that are ready to take on healthcare workloads take it a step further.

Additional layers of security revolve around information security, operations security, internal security, and logical security, with the latter being supported by two-factor authentication, testing with intrusion detection, penetration tests, and other aspects of logical access.


Having the most secure platform out there still may not make you compliant. This is why it’s critical to work with a data center partner that can offer the full trifecta of physical, logical, and compliance-drive security.

Look for providers that have the following compliance requirements set in place: PCI, HIPAA/HITECH, SOC 1, SOC 2, Safe Harbor, and more. For example, a large and growing number of healthcare providers, payers and IT professionals are using AWS's utility-based cloud services to process, store, and transmit PHI.

These types of environments allow you to leverage the secure AWS cloud ecosystem to process, maintain, and store PHI.

If you’re a compliance-driven organization, you should absolutely be having a conversation with a data center provider which can offload your workloads, help your infrastructure become a lot more agile, and still provide the full gamut of security and compliance services that you require.

Now, you’re beginning to see the truly big picture around the modern healthcare data center and cloud provider. Leaders in the data center industry are capable of taking your business requirements to the next level.

Remember, this conversation spans cloud, your users, security, and compliance.

If you’re in the healthcare industry, don’t fear cloud. Rather, plan around it and use it as a tool to better enable your business and the healthcare services that you deliver. 

Dig Deeper


SIGN UP and gain free access to articles, white papers, webcasts and exclusive interviews on

HIPAA Compliance
Data Breaches

Our privacy policy

no, thanks

Continue to site...