Cloud Security Alliance releases new telehealth risk management guidance
The Cloud Security Alliance (CSA) has released Telehealth Risk Management, new guidance from the CSA Health Information Management Working Group, which focuses on the importance of healthcare delivery organizations (HDO) having processes and controls in place to ensure the privacy and security of telehealth patient information in the cloud in accordance with HIPAA privacy rules and the GDPR. The document offers best practices for the creation, storage, use, sharing, archiving, and possible destruction of data through the lens of governance, privacy, and security.
John Morgan, CEO at Confluera, a Palo Alto, Calif.-based provider of cloud cybersecurity detection and response, says, "As organizations review and consider the new guidance, they must not lose sight of the fact that modern cyberattacks such as multi-stage ransomware has as a significant impact on the security of telehealth patient information. Even a very well-planned data lifecycle can be compromised if attackers have already infiltrated the healthcare cloud environment and navigating through the network undetected. As organizations review and reassess their patient data security per the published guideline, they should ensure the same analysis is applied to their threat detection and response plans."