ALPS blog

Cloud migration: healthcare organizations face major security challenges

by Richard Werner, Business Consultant

More and more companies are opting to use services from and with the help of the cloud. In fact, this change is not always voluntary, but often forced by external circumstances, such as the Covid 19 pandemic. And especially for an extremely stressed industry such as the healthcare sector, outsourcing offers urgently needed relief for work processes. What increased efficiency means on the one hand, of course, always means dealing with new challenges on the other. And when things have to move quickly, security concerns are often put on the back burner. This is also shown by the results of a survey commissioned by Trend Micro.

As part of a global survey of 2,500 IT decision makers in healthcare and other industries, in 28 countries, Trend Micro wanted to find out how the pandemic is impacting migration to the cloud and the security challenges that come with it.

Unfortunately, the results show that the frequent “quick step” into the cloud exposes companies to higher risks than necessary.

The study was able to identify four main challenges healthcare organizations face when moving to cloud-based environments:

  • Lack of expertise: 43% of respondents said that skills shortages are a persistent barrier to migrating to cloud security solutions.
  • Day-to-day operations: Challenges in protecting cloud workloads include setting and managing policies (34%), patching and vulnerability management (32%), and misconfigurations (32%).
  • Increasing costs: 43% have spent more on capital expenditures and paying for third-party services since migration, while 39% have higher operational and training costs.
  • Security responsibilities: Only 40% are confident they are doing their part in the shared responsibility model.

The transformation of processes to the cloud, especially in hospitals, is intended to relieve staff and free them from unnecessary ballast so that they can concentrate on what counts. Unfortunately, however, it is also true here that saving on IT security is misplaced. As 2020 has shown, many cybercriminals have no qualms about disrupting operations in healthcare organizations and putting lives at risk to extort their victims with ransomware and data theft.


Healthcare organizations need to be protected from attacks, especially in times of crisis, because unfortunately, cybercriminals care little about the crisis. Rather, they see this very situation as an opportunity to cash in on their profits due to the inhumane pressure on responsible parties. The disruption of operations coupled with the responsibility for human lives increase the likelihood that victims will allow themselves to be blackmailed with crypto ransomware and data theft. In this context, it is also no reassurance to be told that you are just “collateral damage” of an attack that actually intended to hit another victim.

IT systems, are often standardized for efficiency reasons, even in the cloud. But this is precisely what makes it so interesting for attackers to be able to attack different victims here with a successful scheme. That is why it is also important in the cloud not only to use suitable IT security measures, but above all to be aware of one’s own weaknesses and, for example, to compensate for knowledge gaps.

With the appropriate cloud-enabled solutions, healthcare organizations can make the most of the benefits of the cloud without putting business-critical systems or patient data at risk. Such tools can also minimize skills challenges by identifying misconfigurations, automating patching and policy management, and integrating security with DevOps – in both cloud and on-premise environments.


Featured News