Demystifying the cloud: cybersecurity and clinical software

Ensuring data security for your practice and your patients is crucial. Contrary to popular belief, that doesn’t mean it needs to be an expensive and time-consuming function in your practice. In fact, moving the process into a cloud-based solution is proving itself not only to be more secure than on-site data management, but also more time and cost effective. We sat down with Dan Draper, VP Engineering at MedicalDirector to discuss cybersecurity and clinical software. 

So why are some practices hesitant to make the move? 

Put simply, there is a pretty strong sentiment throughout Australian practices that the cloud is not secure. Although the idea has been totally disproven in technical circles, not everyone completely understands why. When data breaches are so widely publicised, and the repercussions so impactful, this gap in understanding can feel too wide to bridge.

It’s little wonder that the vast majority – sometimes referred to as “box huggers” – still believe that storing data on servers inside their practice, is the best option. The reality is that clinging to what we know is not always in our best interests. 

Why is on-site data management less secure than the cloud?

In most cases, a practice’s server is connected to the internet. That can be an open door for hackers using a virus or trojan. It is not uncommon for this weakness to be exploited in the form of crypto-locking – where a system is infiltrated and data is encrypted by the hacker. The ‘locked’ data is then held ransom. 

Complete security requires constant maintenance and patching to keep all software up-to-date. 

Cloud service providers encrypt all data and have dedicated resources to ensure servers and systems are patched and secure at all times. They also run sophisticated monitoring and alerting systems to identify potential threats early, allowing for quick responses and mitigating actions. 

What makes the best cloud data storage solution?

Blind faith is certainly not the answer when it comes to the cloud. All data storage services should be viewed critically.  

Cloud providers who follow best practices can provide far greater data security than small businesses who manage things themselves. Prime examples are Microsoft Azure and Amazon Web Services. Some of the world’s largest organisations, like Salesforce, Netflix, Commbank, LinkedIn, run their applications in the cloud because of the superior data security. They rely on the cloud provider’s large security teams, sophisticated threat monitoring and alerting scans, and adherence to strict security compliance frameworks.

How do the cloud and clinical software work together?

As a cloud application vendor, MedicalDirector follows best practices and is significantly more secure than a typical business offering services in the cloud. 

MedicalDirector Helix is based on Microsoft Azure and leverages hundreds of millions of dollars in advanced security, threat mitigation systems and process. Teams of hundreds of security and data privacy specialists monitor the platform for potential threats, and can eliminate issues without end users ever being aware.

At MedicalDirector, security is at the core of how we deliver software. Our developers are trained in threat mitigation techniques and code is reviewed and rigorously tested before being released to customers. In addition to the support and services provided by the Microsoft Azure platform, MedicalDirector regularly engages external independent security consultants to perform ‘penetration tests’ of our systems. The consultants actively try to break into our system and provide reports of any weaknesses. If any issues are found these are promptly fixed and re-tested by the consultant.

This level of security and compliance with stringent Australian privacy standards reduces the burden of security admin, is less expensive and more secure.