Cloud security in healthcare:
10 AWS activities you should track

Healthcare organizations are increasingly adopting cloud computing and cloud services for storing electronic health records and processing medical data. A popular cloud provider for healthcare organizations is Amazon Web Services (AWS), which provides services like Amazon Elastic Compute Cloud, Simple Storage Service, Relational Database Service, Virtual Private Cloud, and AWS Lambda. Healthcare institutions leverage these and several other cloud computing services offered by AWS to meet specific security and compliance needs.

Ensuring robust cloud security in healthcare is paramount to safeguarding sensitive patient data and maintaining compliance with regulations such as HIPAA. This necessitates the hospital's IT security team to audit AWS activity and ascertain data security in the cloud. To achieve that, the security team should first know how their healthcare organization uses AWS. Only with this knowledge will they be able to collect the right logs and ingest them into their SIEM solution for tracking suspicious activities and preventing data breaches.

How is AWS used in healthcare?

AWS offers a suite of cloud computing services that are extensively utilized in healthcare to enhance various operations. This includes data management and security, application development, and infrastructure scalability. AWS also helps improve patient care and ensure compliance with HIPAA. The healthcare industry uses various AWS services to address specific needs as listed below.

• Amazon Elastic Compute Cloud (Amazon EC2): Healthcare organizations leverage EC2 instances to host applications, databases, and web servers securely in the cloud. EC2 provides scalable computing capacity, allowing healthcare providers to deploy and scale virtual servers based on demand, as well as facilitating the hosting of electronic health records (EHR) systems, medical imaging applications, and telemedicine platforms. Medical providers experience varying levels of demand for telemedicine consultations, with peak requests coming during flu seasons. Amazon EC2 allows telemedicine providers to scale their infrastructure dynamically based on current demand. With features like Auto Scaling, the platform can automatically adjust the number of EC2 instances to maintain optimal performance and ensure that healthcare providers can deliver uninterrupted services even during peak times.
• Web Application Firewall (WAF): AWS WAF helps healthcare organizations protect web applications from common web exploits and security threats, such as SQL injection, cross-site scripting (XSS), and DDoS attacks. By deploying WAF in front of web applications hosted on EC2 instances or through AWS Elastic Load Balancer, healthcare providers can safeguard sensitive patient data and ensure compliance with regulatory requirements.
• AWS Identity and Access Management (IAM): Healthcare organizations can leverage IAM to enforce access controls, manage user identities, ensure secure authentication, and monitor user activity, enforce the principles of least privilege, and demonstrate compliance with regulatory requirements within their AWS environments. IAM plays a critical role in helping healthcare organizations protect sensitive patient data, mitigate security risks, and maintain the confidentiality, integrity, and availability of protected health information (PHI) in the cloud.
• Relational Database Service (RDS): RDS simplifies database management for healthcare organizations by providing managed relational database solutions, including MySQL, PostgreSQL, and SQL Server. Healthcare providers utilize RDS to store and manage structured healthcare data securely, such as patient records, clinical data, and billing information, while benefiting from automated backups, high availability, and scalability.
• AWS Lambda: Lambda enables healthcare organizations to run code in response to events without provisioning or managing servers. Healthcare providers use Lambda functions to automate routine tasks, such as data processing, image analysis, and event-driven workflows, improving operational efficiency and reducing infrastructure costs.
• Security Token Service (STS): STS helps healthcare organizations manage access to AWS resources securely by issuing temporary security credentials for users and applications. Healthcare providers use STS to authenticate and authorize access to sensitive data stored in RDS databases, S3 buckets, and other AWS services, ensuring compliance with access control policies and regulations.
• Elastic Block Store (EBS): EBS provides persistent block storage volumes for EC2 instances, enabling healthcare organizations to store and access data reliably. Healthcare providers use EBS volumes to store critical healthcare data, such as medical images and patient records, while benefiting from features like snapshots, encryption, and high availability.
• Virtual Private Cloud (VPC): VPC enables healthcare organizations to provision a logically isolated section of the AWS cloud where they can deploy resources securely. Healthcare providers use VPC to build a virtual network infrastructure with private subnets, network access controls, and VPN connections, isolating sensitive healthcare workloads and ensuring data privacy and compliance with regulatory requirements.
• Elastic Load Balancer (ELB): ELB distributes incoming traffic across multiple EC2 instances to ensure high availability, fault tolerance, and scalability of web applications and services. Healthcare organizations use ELB to load balance incoming requests to web servers hosting patient portals, telemedicine platforms, and other healthcare applications, improving performance and reliability for end users.
• Amazon Simple Storage Service (Amazon S3): S3 is a scalable object storage service that healthcare organizations use to store and manage vast amounts of unstructured data, such as medical images, documents, and backups. Healthcare providers utilize S3 buckets to store and share healthcare data securely, implement data lifecycle policies, and integrate with other AWS services for data analytics, machine learning, and archival storage.

By leveraging AWS services such as IAM, EC2, WAF, RDS, Lambda, STS, EBS, VPC, ELB, and S3, healthcare organizations are able to store and access patient data from within secure, scalable, and compliant cloud infrastructures. But—irrespective of how secure the cloud platform is—there will always be some vulnerability or loophole that attackers find and exploit, especially if it's known to hold medical records. And that's why the hospital's IT team should track their AWS activity continuously. ManageEngine Log360 is a unified SIEM solution with integrated DLP and CASB capabilities that can help healthcare organizations track their AWS activities and alert them to suspicious events.

What are the AWS activities that healthcare organizations should track?

Healthcare organizations are increasingly using AWS for their cloud computing needs. However, to ensure AWS security, there are certain activities that healthcare organizations should track (see Figure 1). Tracking these activities will also help them gain compliance-related benefits. This is because, HIPAA requires healthcare organizations to implement access controls and other technical safeguards to protect electronic PHI (ePHI) from unauthorized access. By complying with this, healthcare institutions can protect the confidentiality, integrity, and availability (CIA) of ePHI, and ensure data security.

The following figure includes the AWS activities that healthcare institutions should track.

To evaluate how ManageEngine Log360 can improve AWS security: Sign up for a personalized demo

Figure 1: 10 activities healthcare organizations should track for improved AWS security.

Here's why you should track these AWS activities:

1. User login and SSO login activity: Monitoring user login and single sign-on (SSO) activity is crucial for healthcare organizations as it helps them gain visibility into user authentication events across integrated applications and services. This will help medical institutions ensure strong authentication and access control, and detect unauthorized access attempts. By tracking user authentication events, they can identify anomalies or suspicious login patterns that may indicate compromised credentials or unauthorized access. It also enables the hospital's IT team to promptly respond to potential security breaches by revoking access or implementing additional authentication layers and security controls.
2. IAM activity: Analyzing IAM activity helps healthcare organizations because it sheds light on the changes made to user permissions, roles, and policies. It also helps in ensuring least privilege access, detecting suspicious changes, and enforcing compliance with security policies. By ensuring that user permissions are appropriately configured, hospitals can reduce the risk of unauthorized access to PHI. In this way, it enables the security team to mitigate the risk of insider threats and unauthorized access by swiftly addressing suspicious IAM-related events that could compromise their hospital's security.
3. NSG activity: Network security groups (NSGs) act as virtual firewalls for controlling inbound and outbound traffic to AWS resources, including virtual machines in the cloud. Auditing them allows healthcare organizations to identify and block malicious traffic and enforce network segmentation. It also enables hospitals to review and validate their network security policies. Moreover, by monitoring changes to security group configurations and analyzing traffic logs, healthcare organizations can identify potential vulnerabilities and unauthorized network access attempts. This proactive approach helps in implementing granular access controls, preventing data breaches, and ensuring the confidentiality and integrity of patient information.
4. S3 activity: Auditing S3 bucket activity enables healthcare organizations to track who is accessing patient records, medical images, and other sensitive files, including when they are being accessed, and what actions are being performed. A SIEM solution like Log360 provides S3 file change audit reports. Healthcare organizations can use them to track modifications, deletions, and access permissions changes to sensitive files. This helps in detecting unauthorized activities or attempts to access or modify patient information files stored in S3 buckets. This will also help hospitals prevent data loss, maintain data integrity, and demonstrate compliance with privacy regulations such as HIPAA.
5. WAF activity: WAF activities offer insights into potential web traffic threats, as well as policy violations. As mentioned earlier, the threats WAF protects against include SQL injection, and XSS attacks. So, healthcare organizations should monitor WAF activity to identify and mitigate security risks to their web applications, which may process or store EHR. This aligns with HIPAA's requirements for protecting ePHI against unauthorized access and data breaches.
6. AWS Config activity: AWS Config continuously monitors and provides visibility into the configuration settings of AWS resources. This includes details of changes made to the AWS resources over time. Analyzing AWS Config activities helps healthcare organizations detect misconfigurations and ensure compliance with security best practices and organizational policies. Since every AWS Config rule maps to one or more HIPAA controls, auditing them enables healthcare organizations to maintain a secure and compliant cloud infrastructure. To learn more about AWS Config's mapping with HIPAA, read this doc.
7. EC2 activity: EC2 activities provide insights into the utilization, performance, and security of virtual machine instances in the cloud. In healthcare environments, EC2 instances may host applications handling PHI. Analyzing EC2 instance activities can help healthcare organizations identify vulnerabilities, optimize resource allocation, and detect unauthorized access attempts. Apart from helping hospitals mitigate security risks in the cloud, it also helps in ensuring that security configurations are properly implemented and maintained, which is essential for HIPAA compliance.
8. RDS activity: In the healthcare industry, RDS is often used to manage databases containing PHI. It provides insights into database configurations and activities, including unauthorized access and database performance. These insights can help the hospital's security team to implement appropriate security controls to protect ePHI. Hence, monitoring RDS activity helps healthcare organizations manage relational databases securely and ensure data availability, integrity, and compliance with HIPAA regulations.
9. STS activity: By tracking STS activity, healthcare organizations can monitor the issuance and usage of temporary credentials, ensuring that only authorized users have access to sensitive patient data. It can do this by identifying anomalies in credential issuance or role assumption events indicative of unauthorized access attempts or security breaches. Hospitals can use this information to track role-based access and ensure compliance with least privilege principles. Tracking STS activity provides insights into federated authentication events, helping healthcare organizations monitor external user access to AWS resources. It will also help them prevent credential abuse or theft, and achieve HIPAA compliance.
10. VPC activity: By tracking VPC activity, healthcare institutions can monitor inbound and outbound network traffic, detect anomalies, and enforce security controls to protect against unauthorized access and more sinister security incidents. It will also help the hospital's IT security team ensure that access controls are properly configured, further securing healthcare data.

AWS provides secure cloud access for the sensitive healthcare data it stores. However, as explained above, for ensuring CIA of ePHI, and to comply with privacy regulations in healthcare, auditing the activities that occur in your AWS environment is a must—and Log360 can help you with that.

How can Log360 improve AWS security in healthcare?

ManageEngine Log360 is a comprehensive SIEM solution that can ingest logs from and audit multiple cloud platforms, including AWS. It provides interactive dashboards (see Figure 2) with graphical data and detailed reports on important AWS activities (see Figure 3) that can be used by healthcare organizations to improve their cloud security and achieve HIPAA compliance.

Figure 2: Log360 dashboard providing insights into AWS activity.

Figure 3: AWS reports available in Log360.

Every report group offers multiple reports, as shown in Figure 4.

Figure 4: VPC activity reports in Log360.

Healthcare organizations can leverage a SIEM solution like Log360 to get actionable insights into their AWS environment, enabling them to improve cloud security. Apart from the 10 activities we've explored here, Log360 can audit many more activities, both in your AWS and other cloud environments. To learn more, sign up for a personalized demo of Log360.

FAQ

Is the cloud safe for healthcare?

Yes, using the cloud is safe for healthcare as long as hospitals have proper data security principles in place. They should also use a SIEM solution—such as ManageEngine Log360—which can audit various cloud platforms storing sensitive healthcare data, including AWS.

How is cloud computing transforming the healthcare industry?

Cloud computing is revolutionizing the healthcare industry by providing numerous benefits such as improved data accessibility, enhanced collaboration among healthcare professionals, increased efficiency, and reduced costs. The most notable way in which it has transformed the healthcare industry is by enabling healthcare providers to access patient data and medical records from anywhere at any time.

What are the security risks of cloud computing in healthcare?

Data privacy and security, data governance and access control, and cybersecurity threats are some of the main security risks associated with cloud computing in healthcare.

What is the biggest concern with cloud computing in healthcare?

A renown research article has identified data confidentiality as one of the biggest cloud computing security challenges in healthcare. This is followed by data security, data availability, and data integrity.

What is the most used cloud platform in healthcare?

The most used cloud platform in healthcare is Amazon Web Services (AWS) because medical practitioners and medical institutions trust the services it provides. AWS acts as the popular choice for cloud computing in healthcare because of the following reasons:

• It ensures reliable, secure, and highly scalable healthcare cloud storage.
• It provides numerous cloud services for healthcare that are used by doctors, physicians, clinicians, and nursing staff to improve patient care and operational efficiency.
• AWS makes healthcare cloud compliance—especially HIPAA compliance—easier.

Moreover, Forrester mentioned in their report, Best Practices For Healthcare In Cloud, that certain healthcare organizations choose AWS due to its convenience and presence in the healthcare space.

Why should healthcare organizations monitor their AWS activity?

Hospitals use AWS for cloud computing in healthcare. AWS hosts healthcare data in the cloud for easy access of EHR for doctors and other medical personnel. This calls for hospitals to monitor their sensitive data stored in the cloud. Doing so, will also help healthcare organizations comply with data privacy regulations such as the Health Insurance Portability and Accountability Act (HIPAA) and the General Data Protection Regulation (GDPR).