AWS announced that they will be providing information security (infosec) solutions for the healthcare industry. The risk management and readiness security tool which AWS has in place will now be used across the healthcare sector. This move will help to ensure better infosec and set a new standard for hospitals.
While much of the software and the high level of security is already in place and used by AWS across many sectors, we will also see healthcare-specific tweaks made. Amazon Web Services Foundational Security Best Practices will provide infosec solutions by the end of November.
As healthcare evolves and becomes more and more digital, greater and more efficient data security is a necessity to prevent deceptive or fraudulent access to patient information. Nowhere is information more sensitive than on a healthcare provider’s database.
Highly specific data is stored on these systems to offer patients the highest quality of care. The better that we know our patients, the quicker we can offer diagnosis and correct treatment options. Healthcare systems rely on speedy reporting, efficient, and accurate sending of data and beyond all else, maximum security.
It is little surprise that a company such as AWS has been brought on board across the healthcare industry. Regulations have been getting tighter in recent years, especially as healthcare has launched into digital health and medtech. These tightened regulations are always evolving, hence the need for up-to-date infosec solutions.
The challenge with healthcare is that with so many moving parts, it is essential to have a framework in place which allows clear visibility of all aspects of security.
Speaking at an AWS summit last week, Ely Kahn, Principal Product Manager, spoke about the importance of finding best practices for healthcare:
“We looked at all of our major AWS services to come up with not only the security best practices for each of those services, but the automated security checks that can help you assess in an automated way whether you’re aligning to those security best practices.”
In order to provide infosec solutions for the healthcare sector, AWS’ first step was to identify the most common issues and seek solutions. Kahn went on to discuss this at the summit:
“We had analysts go through all the major security incidents that our professional services and security teams had responded to based on the analysis of the root causes of those incidents.”
From that process, AWS developed nine key areas on which the AWS Security Hub feature would be primarily focused as they provide infosec solutions for the industry:
– Accurate account information
– Use of multi-factor authentication
– No hard-coding secrets
– Limit security groups
– Intentional data policies
– Centralize CloudTrail logs
– Validate IAM roles
– Rotate keys
– Be involved in the dev cycle
This list is based on that created by AWS Chief Information Security Officer Steve Schmidt. Using healthcare security data and combining that with the original list, AWS were able to identify these main areas.
Given the fact that Amazon has long sought ways to more greatly involve itself in the healthcare industry, this news comes as little surprise. We have already reported, for example, how by using truly innovative AI, Amazon’s Comprehend Medical has been quickly growing.
Indeed AI is going to be enormous in healthcare in the coming years, something we covered here. This is why the AWS management of security within the industry makes a great deal of sense for the online giant. Amazon is now perfectly positioned for the coming demands of the sector.
Ultimately this is a smart deal for all parties involved. Amazon can continue to work on their AI tech and position themselves front and center in the industry, as they provide infosec solutions for hospitals across the country.
Given the high reliance on human behavior, the healthcare sector can add a higher level of security to their processes, protecting patients as they do so. Above all else, they can depend on the high quality service of Amazon, along with those Amazon principles of identify, protect, detect, respond and recover, which will certainly be welcomed.