* [Blog](https://www.paloaltonetworks.com.au/blog)
* [Palo Alto Networks](https://www.paloaltonetworks.com.au/blog/corporate/)
* [Cloud Computing](https://www.paloaltonetworks.com.au/blog/category/cloud-computing-2/)
* Healthcare Orgs Move to t...

# Healthcare Orgs Move to the Cloud -- Are They Secure?

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww.paloaltonetworks.com.au%2Fblog%2F2019%2F05%2Fcloud-healthcare-orgs-move-cloud-secure%2F)  
[](https://twitter.com/share?text=Healthcare+Orgs+Move+to+the+Cloud+%E2%80%93+Are+They+Secure%3F&url=https%3A%2F%2Fwww.paloaltonetworks.com.au%2Fblog%2F2019%2F05%2Fcloud-healthcare-orgs-move-cloud-secure%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww.paloaltonetworks.com.au%2Fblog%2F2019%2F05%2Fcloud-healthcare-orgs-move-cloud-secure%2F&title=Healthcare+Orgs+Move+to+the+Cloud+%E2%80%93+Are+They+Secure%3F&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www.paloaltonetworks.com.au/blog/2019/05/cloud-healthcare-orgs-move-cloud-secure/&ts=markdown)  
\[\](mailto:?subject=Healthcare Orgs Move to the Cloud – Are They Secure?)  
Link copied  
By [Paul Calatayud](https://www.paloaltonetworks.com/blog/author/paul-calatayud/?ts=markdown "Posts by Paul Calatayud")  
May 02, 2019  
4 minutes  
[Cloud Computing](https://www.paloaltonetworks.com/blog/category/cloud-computing-2/?ts=markdown)  
[CSO Perspective](https://www.paloaltonetworks.com/blog/category/cso-perspective/?ts=markdown)  
[Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown)  
[Secure the Cloud](https://www.paloaltonetworks.com/blog/category/secure-the-cloud/?ts=markdown)  
[Cloud compliance](https://www.paloaltonetworks.com/blog/tag/cloud-compliance/?ts=markdown)  
[VM-Series](https://www.paloaltonetworks.com/blog/tag/vm-series/?ts=markdown)

This post is also available in: [日本語 (Japanese)](https://www.paloaltonetworks.com.au/blog/2019/06/cloud-healthcare-orgs-move-cloud-secure/?lang=ja "Switch to Japanese(日本語)")

Healthcare is outpacing many other vertical market segments when it comes to cloud adoption, and for good reason -- namely, to reduce IT complexity, slash costs and stay ahead of increased regulatory scrutiny.

*According to the* [*Global Healthcare Cloud Computing Market 2017-2021*](http://www.prnewswire.com/news-releases/global-healthcare-cloud-computing-market-2017-2021-300414312.html)*report, the global healthcare cloud computing market is expected to grow at a compound annual rate of just over 21% between now and 2021.*

That said, many small and mid-sized enterprises -- not healthcare-specific, but certainly inclusive of healthcare -- are struggling to find people with the necessary skill sets as well as the security tool sets to secure their cloud systems and manage them using on-premises security. And it's even more of a challenge for healthcare organizations when security isn't centrally managed by anyone, but instead is managed by the CIOs, operations, development and remote office teams.

Under such pressures, public cloud computing provides a way to meet these objectives while also improving the security of IT infrastructure. Security improvements are always relative, of course, to organizational ability to execute. That said, healthcare organizations with significant restraints on resources and lacking dedicated security expertise on staff have a better chance at improving security in the cloud than managing their own on-premises systems.

**Let's put things into perspective.**

According to the [HIPAA Journal](https://www.hipaajournal.com/healthcare-data-breach-statistics/), "Between 2009 and 2018 there have been **2,546 healthcare data breaches** involving **more than 500 records** . Those breaches have resulted in the **theft/exposure of 189,945,874 healthcare records.** That equates to **more than 59% of the population of the United States.** Healthcare data breaches are now being reported at a rate of **more than one per day."**

Not to mention there are significant fines that come along with it. "**2018 was a record breaking year for HIPAA fines and settlements, beating the previous record of $23,505,300 set in 2016 by 22%.** OCR \[Office for Civil Rights\] received **payments totaling $28,683,400 in 2018** from HIPAA covered entities and business associates who had violated HIPAA Rules."

**Cloud security is a shared responsibility. No excuses.**

Being tight on staff and resources is certainly a reason for rising data breaches and system availability problems -- but it's not an acceptable excuse. This is especially true for healthcare providers. Guidance from the Department of Health and Human Services Office for Civil Rights [made it clear](https://cloudsentry.evident.io/hhs-hipaa-guidance-cloud-security-team-effort/) -- healthcare providers and business associates are the ones responsible for making certain that their cloud environments and cloud service providers are secure and compliant with security and privacy mandates.

There's no one way for healthcare providers to succeed at managing and securing cloud environments, but there are certainly tactics that don't work. Those tactics include doing what too many businesses have focused on for too long: ad hoc security and reviews, attempting to secure systems based on checklists, and building "security" programs that focus on compliance rather than mitigating real risks.

**Don't worry -- there's good news.**

The good news here is that the cloud can be used to help simplify these efforts through [automation](https://www.paloaltonetworks.com/products/security-for/cloud/public/automation-in-the-cloud) and continuous monitoring, both for new systems that may arise as well as systems that fall out of compliance with regulatory and security policies or otherwise become vulnerable. Cloud systems exist in a constant state of flux, where misconfigurations and vulnerabilities can creep in at any time. Continuous monitoring helps identify these anomalies and then automatically respond and remediate them. Automation is also especially beneficial for any enterprise with tight limits on resources. You can learn more in our new [eBook, Continuous Monitoring and Compliance in the Cloud](https://start.paloaltonetworks.com/continuous-monitoring-cloud-compliance.html). I'd also encourage you to check out the recent automation webinar we hosted with [SANS, Delivering Infrastructure, Security \& Operations as Code](https://start.paloaltonetworks.com/delivering-infrastructure-security-and-operations-as-code.html).

If you're ready to experience the security power of automation and continuous monitoring firsthand, I encourage you to take a test drive of our suite of public cloud security products: [RedLock cloud security and compliance service](https://marketplace.paloaltonetworks.com/s/product-rdl) and [VM-Series virtualized next-generation firewalls](https://www.paloaltonetworks.com/events/test-drive).

*** ** * ** ***

## Related Blogs

### [Cloud Computing](https://www.paloaltonetworks.com/blog/category/cloud-computing-2/?ts=markdown), [CSO Perspective](https://www.paloaltonetworks.com/blog/category/cso-perspective/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown), [Secure the Cloud](https://www.paloaltonetworks.com/blog/category/secure-the-cloud/?ts=markdown)

[#### Cloud Security, Yes -- But Is AI Ready for Its Cybersecurity Spotlight?](https://www.paloaltonetworks.com.au/blog/2018/10/cloud-security-yes-ai-ready-cybersecurity-spotlight/)

### [Cloud Computing](https://www.paloaltonetworks.com/blog/category/cloud-computing-2/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [Secure the Cloud](https://www.paloaltonetworks.com/blog/category/secure-the-cloud/?ts=markdown)

[#### Four Cloud Security Concerns (and How to Address Them)](https://www.paloaltonetworks.com.au/blog/2019/05/cloud-security-concerns-address/)

### [CSO Perspective](https://www.paloaltonetworks.com/blog/category/cso-perspective/?ts=markdown), [Healthcare](https://www.paloaltonetworks.com/blog/category/healthcare/?ts=markdown), [Secure the Cloud](https://www.paloaltonetworks.com/blog/category/secure-the-cloud/?ts=markdown)

[#### Healthcare Hot Seat: 3 Things to Remember About Cloud Compliance](https://www.paloaltonetworks.com.au/blog/2019/02/healthcare-hot-seat-3-things-remember-cloud-compliance/)

### [Cloud Computing](https://www.paloaltonetworks.com/blog/category/cloud-computing-2/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown), [Secure the Cloud](https://www.paloaltonetworks.com/blog/category/secure-the-cloud/?ts=markdown)

[#### 8 AWS Security Best Practices to Mitigate Risk](https://www.paloaltonetworks.com.au/blog/2019/02/8-aws-security-best-practices-mitigate-risk/)

### [Cloud Computing](https://www.paloaltonetworks.com/blog/category/cloud-computing-2/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown), [Secure the Cloud](https://www.paloaltonetworks.com/blog/category/secure-the-cloud/?ts=markdown)

[#### The Hole in Your Container Security Strategy](https://www.paloaltonetworks.com.au/blog/2019/02/the-hole-in-your-container-security-strategy/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Cloud Computing](https://www.paloaltonetworks.com/blog/category/cloud-computing-2/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [Secure the Cloud](https://www.paloaltonetworks.com/blog/category/secure-the-cloud/?ts=markdown)

[#### A Shared Commitment Towards Cloud Security: Expanding Our Partnership with Google Cloud](https://www.paloaltonetworks.com.au/blog/2018/12/shared-commitment-towards-cloud-security-expanding-partnership-google-cloud/)

### Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www.paloaltonetworks.com.au/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language