Are Healthcare Contracts Truly Safe? Are they using cloud services from vendors like Amazon?

If your vendor is using the cloud services of vendors like Amazon, Microsoft and Google – Perhaps Not.

By Thom Davidson

Healthcare Contract Security

These vendors work diligently to address security. Security is of the highest priority and they work to meet the requirements of software vendors using their cloud services. So, what is the problem? It is quite simple – this is a very target rich environment and it is too attractive to ignore by those that have bad intentions. It reminds me of what is called the Willie Sutton Law. The law is named after the bank robber Willie Sutton, who reputedly replied to a reporter's inquiry as to why he robbed banks by saying "because that's where the money is."

Report finds 34M vulnerabilities across AWS, Google Cloud and Azure…

“A new report from Unit 42, the threat intelligence team at Palo Alto Networks Inc. has uncovered 34 million vulnerabilities across leading cloud service providers, highlighting that organizations are struggling with securing cloud installations.”
- Duncan Riley, siliconANGLE, July 24, 2019

In the article, he writes that hackers are well aware of the situation. According to the report, some 65% of all cloud-related incidents between February 2018 and June 2019 resulted from misconfiguration, the researchers said, with data leakage being the most common outcome of the attacks on cloud infrastructure.

One surprising finding in the report was the widespread detection of possible cryptomining malware. The spread of cryptomining malware has been documented in various reports in the past, but the report found 28% of organizations communicating with domains were operated by the Rocke threat group, a Chinese group known for its cryptomining operations. 100 Amazon Merchants Hacked In 'Serious' Six-Month Campaign:

There are number of recent incidents that should raise a level of concern for your healthcare contracts:
100 Amazon Merchants Hacked In 'Serious' Six-Month Campaign: Report by Michael Novinson, CRN
Tesla Hackers Hijacked Amazon Cloud Account to Mine Cryptocurrency by Robert Hackett, Fortune Magazine

Contract Guardian Security Team Comments

The most common security risks that your contract management software must address are data breaches, hijacking of accounts, insider threat, malware injection, abuse of cloud services, insecure APIs, denial of service attacks and basic insufficient due diligence.

The healthcare industry requires adherence to some of the most stringent regulatory requirements. Contract Guardian leverages the expertise of UCG Technologies, an IT infrastructure company with 30 years of experience in data protection and business continuity, to ensure these requirements are met.

The Contract Guardian Security team shared some of the server compliance and infrastructure security that is included with the healthcare contract management services.

  • SSAE 16 (SAS 70) compliant data centers
  • 24/7/365 video surveillance
  • Intrusion prevention
  • Environment Controls (HVAC, Generators, Fire Retardation)
  • Web filtering
  • Physical security systems
  • Biometric
  • Card and PIN access
  • Combination lock for cabinets
  • Frequent vulnerability scanning
  • Contract Vaulting - In addition to normal backups, all of the contracts are vaulted at two secondary data centers. Contract Guardian uses the services of UCG Technologies for server high-availability, cloud backups, and remote hardware disaster recovery. UCG Technologies backs up an entire organization’s business-critical data to their secure data center(s). Safe and off-site, the encrypted data is available online at all times for immediate, user-initiated recovery.

If you would like to learn more about Healthcare Contract Management Security, please contact us at Contract Guardian.