Is Data Storage Security in Healthcare Good Enough?

It’s no secret that health care is one of the sectors most vulnerable to cybercrime.

Medical records have higher black market values than other information like credit card numbers.

As a result, cybercriminals are laying siege to medical data.

With the cost of data breaches historically higher across health care companies, securing data storage processes is essential to combating the mistrust of medical facilities and care providers.

Where health care data gets stored

To understand how and where health care data is stored, it first helps to know how it’s collected.

Health care administrators increasingly use connected medical devices that store data in electronic databases.

Hospitals collect patient data using a host of devices.

These include IoT (Internet of Things) sensors and monitors that report patient and hospital information in real-time, allowing unprecedented levels of transparency and insight among staff.

There are also the traditional inclusions of data from X-rays, CT scans, MRIs, and more.

These tools gather millions of gigabytes of information each year, and that data has to go somewhere.

Most care facilities choose to host the information in-house, on private servers and networks.

This makes it even more critical for all medical staff to be well-versed in the status of the information systems they use, as changes in EMRs, administrative systems, patient portals, and data security features can put information at risk.

Other facilities use Cloud databases and decentralized storage systems.

Hospitals can mitigate some of the risks by outsourcing data storage to organizations with cybersecurity expertise and the means to back up and secure information.

However, these options come with their own set of drawbacks.

Regardless of the approach, care providers face widespread uncertainty regarding data protection.

Can health care data storage ever really be secure?

Strengths and weaknesses

The health care industry does a lousy job of managing data security.

Only 25% of registered nurses expressed recent changes in how their employers protect patient data, and cyberattacks are skyrocketing.

The COVID-19 pandemic only saw the situation get worse, and we face many cybersecurity problems in 2021 and beyond.

One of the most common attacks against health care information systems involves ransomware.

Ransomware infiltrates systems and locks them down, making it impossible for users to access the information they need unless a ransom is paid.

For example, in October 2020, six hospitals were hit by Ryuk ransomware in 24 hours.

Without measures to continuously improve employee awareness and the quality of cybersecurity protections, health care data cannot be secure.

However, modern cybersecurity efforts have their strengths.


Several regulations and data management standards govern the health care industry.

Additionally, evolving technologies offer new and comprehensive ways to secure information. Here are some strengths:

  • Cloud solutions offer cheaper and better security for care facilities, with the added benefit of reducing the risks of human error in a private network.
  • Advancements in the blockchain – the technology that makes cryptocurrency possible – allow for digital, immutable data storage. Each patient possesses their own authorization keys.


Despite these efforts, care facilities still have to stave off many attacks every day.

They also face internal threats, with 18% of health care employees admitting they would sell patient data for profit. Here are some other significant weaknesses:

  • Telehealth and remote working present more access points for vulnerable information systems.
  • Care providers are already overwhelmed, leaving little room to focus on cybersecurity.

No health care data storage system is truly safe.

The risk of human error alone means virtually any system can suffer a breach. However, an informed approach and advancing tech can help secure the future of health care data.

The future of health care data security

Personal data is always at risk.

For example, many corporations are introducing wellness programs that promote employee health and teach staff how to improve and maintain wellness.

Don’t just educate your employees on their health, however.

These programs collect and store a lot of personal data, so you should also teach staff how to protect their accounts.

By educating employees and using the latest cybersecurity technology, health care information systems can add much-needed layers of safety.

Whether hospitals are storing information in-house or outsourcing to the Cloud, the strengths and weaknesses of data cybersecurity abound.

Manage the risks by practicing great digital hygiene and exploring the potential of databases like blockchain for safer data storage.

This is a guest article written by Jori Hamilton. The author’s views are entirely her own and may not reflect the views of IT Governance USA.