Enterprise Architecture Applications: Cloud Security in Healthcare

Verified

Added on 2022/12/05

AI Summary

This report addresses the critical business problem of cybersecurity in the healthcare industry, specifically focusing on the challenges faced by Royal Melbourne Hospital. The report highlights the increasing cyber threats, including ransomware and data breaches, and the slow adoption of security measures. It proposes cloud computing as a solution to enhance data security, reduce costs, and improve access to healthcare services. The report details how cloud computing can mitigate DDoS attacks, protect sensitive patient data, and ensure regulatory compliance. It also examines the impact of cloud adoption on the enterprise, including changes in data management and infrastructure. Furthermore, the report discusses the conditions necessary for successful implementation, such as encryption and multi-tenancy, emphasizing the importance of a strategic approach to cloud adoption in healthcare for improved security, efficiency, and patient care.

Enterprise Architecture Applications, student names
Student name(s):
Student number(s):
Enterprise Architecture Applications
Course code
Date

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Enterprise Architecture Applications, student names
1. The business problem
Explain clearly and succinctly
 the business problem to be solved, and
 why is change strategically important?
Healthcare industries are facing many challenges and changing many times. Small and big healthcare
industries are facing the challenges (Cárdenas, Manadhata & Rajan, 2013). The technological innovation,
fast emerging regulation of government and expectation of patients are creating new environment that is
not about treating the patients or running the medical practice only (Archenaa & Anita, 2015). Many
aspects are there that the healthcare authority needs to do in this emerging industry.
Cyber security is the prime concern in the healthcare industry (Kruse, Frederick, Jacobson & Monticone,
2017). The previous few years have experienced many IT security and hacking incidents in the healthcare
industry. The healthcare industries are struggling for defending the network perimeter and keeping the
cyber criminals at the bay. One of them Royal Melbourne Hospital is facing many privacy and security
challenges in the organization. The surface of cyber-attacks are emerging and the intruders are creating
more advanced tools for attacking the healthcare organization and they are trying to gain access to the
information and the data of the organization. The healthcare industries are being the prime target of the
cyber-criminal as they hold extremely sensitive information of the patients (Perakslis, 2014). The healthcare
industry Royal Melbourne Hospital has been slow for responding and lagged behind the other healthcare
organization in context of cyber security. The complexity and the scope of the regulation of the healthcare
industry has made difficult for the organization to adopt innovation or technology (Fernández-Alemán,
Señor, Lozoya & Toval, 2013). The organization is comparatively slow in adopting new technologies.
Moreover, the limited budget on the cyber security investment is one of the reasons for poor security of the
sensitive data. There is a high demand of the information of the patients in the black market that is fuelling
many cyber-attacks and that is affecting the finance and reputation of the healthcare industry. Cyber
criminals do not need to steal information form the system of the healthcare for making money. There are
many ways to hack the system in which ransomware is a threat to the data and this ransomware has
targeted many healthcare industry in recent years. This type of malware the hackers use to infect the IT
system of the healthcare industry and prevent the industry to access to any file.
While thinking of the technology and innovation in healthcare industry and more embedded
communication, several vital factors are there to consider.
Most important aspect is the security of the sensitive information. Security is the main concern in the
healthcare industry as they always deals with the sensitive and confidential data of the patients. The
industry has adamant requirements around the security of cryptography, which is able to dictate the details
about the encryption, decryption and transmission of the data (Yang, Li & Niu, 2015). For building, any
application for the healthcare industry, security standards and encrypted algorithm is needed. Moreover,
the third party helps secure the system with the access control, data protection and business continuity
procedures.
Data regulation and privacy is the another concern in the healthcare industry (Casola, Castiglione, Choo &
Esposito, 2016). Many laws and regulation of the data privacy are there that surround the document rights
of the patients. This type of regulatory measures creates a burden on the fluidity of the sensitive data and
makes the system more difficult in adopting innovation or new technology (Saedi & Iahad, 2013). HIPAA
compliance is the raised concern for Royal Melbourne Hospital. For communication of the information of
the patient through technology such as HIPAA, WebRTC requires the communication channel that needs to
be secured for protecting and securing the confidentiality of the patients (El Jaouhari & Bouabdallah, 2018).
For adding to complexity, the rules and regulation do not fit in all size. Data legislation and protection varies
between the countries.
The potential effect of cyber-attack in the healthcare industry is great. Moreover, to the certain potential
for the surgeries, disruptive treatments and other operations, this type of facilities included with the huge
amount of sensitive data of the patients. Hackers find the lucrative data from the medical records of the

Enterprise Architecture Applications, student names
patients such as healthcare provider details, social security numbers, treatment history, address, phone
numbers, credit card details and other information about the patients. The damage that can be caused by
the cyber-attack never should take lightly otherwise, the credibility of the healthcare organization will be
damaged extremely by the cyber-attack. These are the main reason that the healthcare should change their
security system. It is very crucial to change the security system in order to protect and secure the
confidential data of the patients.
2. The proposed technology (or method, approach, ...)
 explain clearly and in a language appropriate for a management audience what is the proposed
technology (or method or approach), then
 argue and provide proof that it is expected to solve the business problem.
Changes in the healthcare industry sweep through for reducing the cost and improving the outcomes of the
industry. The healthcare industry is turning to the streamline and is managing the data or information of the
patients in the cloud environment (Pino & Di Salvo, 2013). The increased data in the storage makes the
healthcare to use the latest technology of cloud computing because of the hardware and software
utilization with the less investment. As the ability of retrieving and storing data in the cloud in very
essential, the industry has faced many challenges. The industry has a couple of concern about the security
of the sensitive data of their healthcare. The first concern is about the reach to the high level of privacy of
the data of the patients. Another concern is providing compatible information and the data integrity of the
sensitive information is maintained (Sajid & Abbas, 2016). The healthcare industry needs to manage more
of the request with available resources. The key objective of Royal Melbourne Hospital is to maximize the
number of access to the healthcare service of their hospital. Therefore, the huge amount of data or
information requires being stored, updated and processed. The healthcare demands more of the ability of
computation in order to increase the quality of healthcare service. Cloud computing is able to improve the
system by providing secure, better, ubiquitous and faster service at very low cost. This will also fulfil the
requirement of Royal Melbourne Hospital. The increment in the life expectancy has led to the faster aging
of the population. This has created the growing demand of the additional resources and medical care. Cost
effective and innovative methods are needed for assisting the healthcare providers, who are able to address
the global issues in a productive way. Cloud computing offers more practical solution in the information
management system (Darwish, Hassanien, Elhoseny, Sangaiah & Muhammad, 2017). The system is based on
the cloud computing, which is able to help the healthcare staff for accessing to the information and data of
the healthcare from the various sources. It also will be beneficial for the patients who are suffering from the
chronic conditions for connecting with the physicians and following up the prescribed medicines. Some of
the benefits are eliminated for updating the IT system at the time of change in the guidelines or
requirements of the healthcare.
Considering the benefits of the cloud-based healthcare system, various concerns will be there about the
privacy and security of the data. For maintaining the privacy and the security of the data of the healthcare,
service provider of cloud and the healthcare industry needs to take extreme measures for securing and
protecting the confidentiality of the patients. Many concerns are from the context of having the health
information and data, which are classified into confidential in the cloud server. This data in the virtual world
can be hacked easily. Therefore, the measures for the security of the data must be enforced before the
deployment of the cloud-based healthcare provider. Appropriate encryption system implemented to role-
based system is able to support the secure environment for storing the data and managing the data. In the
data migrating process of healthcare in the cloud server, security precaution should be taken with the
proper data encryption. While encrypting the data, the encryption is likely to be the secure way to handle
the data of the patients. However, EHR (Electronic Health record) system is compatible with the encryption
methods (Xhafa, Li, Zhao, Li, Chen & Wong, 2015). This is because of the multiple users, who have the
access to the system. The access of the user can overlap due to the job speciality that is required in various
routes for accessing to the EHR. This exemplifies the requirements for developing the sophisticated
encryption methods, which is suitable for EHR. For an instance, using the SKE (Symmetric-Key Encryption)
can be the advance encryption tools that are considered as efficient (Abbas & Khan, 2014). However, it can
create complexity in the EHR system. This is because of the encryption of the technique, which needs the

Enterprise Architecture Applications, student names
healthcare providers for using the key to encrypt and decrypt the system.
Cloud computing is becoming the necessity in the healthcare industry. It is able to address the issues and
helps in transforming the healthcare for sharing the data and information of the patient among the
healthcare on any urgent case in the real-time. Before the transformation happen, there needs to be the
strategy. For an instance, a potential strategy of cloud for the facility of healthcare can use the public
infrastructure of cloud computing for allowing the public access for generic information or the medical
resources of healthcare. Healthcare industry can use the public cloud to store the medical data of the
organization. Essentially, public cloud provides the cost savings and service agility of the healthcare
industry.
3. Introducing the proposed change in the Enterprise
3.1 Where in the enterprise will this change have an effect, and what kind of change one could expect?
Cloud computing in healthcare for data security is evolving in the prime areas to cover entities as the
providers are seeking for the best option for keeping the system secure and protected. The healthcare
needs to understand the security concerns of cloud computing. Cloud computing helps to improve the
strength of the healthcare and controls the technology. Cloud computing can affect the healthcare in many
ways in protecting and securing the confidential data of the patients.
 Cloud will create a protection against the DDoS (Distributed denial of service) (Khalil, Khreishah &
Azeem, 2014). There are many chances of the DDoS attacks and the cloud computing focuses to
take measure for stopping the huge traffic on the server of the healthcare. Cloud monitors, absorb
and disperse the attack of DDoS and reduce the risks.
 Cloud has the security protocol for protecting the confidential data of the patients and prevents
the tampering of the third party in data transmission (Rodrigues, De La Torre, Fernández & López-
Coronado, 2013).
 Cloud will help in regulating the healthcare industries in maintaining and managing the
infrastructure to protect the sensitive data.
 Cloud has the flexibility for avoiding the crashes of the server due to the high traffic. When the
traffic is over, the server scales down for reducing the cost.
 Cloud computing will provide constant support to the healthcare’s assets and monitors the system
24/7.
3.2 What are conditions for being able to perform this change?
The cloud service providers share the burden of the integration with the clients. For realizing the
advantages of SaaS, the cloud service provider needs to manage the updates with no additional charges and
the clients will adopt the sophisticated capabilities in updating the timelines. Multi-tenancy is the cloud
architecture, which eliminates the problems that is created by the old software model (Maenhaut, Moens,
Ongenae & De Turck, 2016).
A configuration cloud service needs to include the catalogue of business process of the healthcare, which is
designed for meeting the requirements of the healthcare. A cloud service will provide the best security with
no additional cost. Policies and the processes need to encompass the application, physical, data level
security, back up, data recovery and network.
The cloud service provider needs to maintain the performance of the IT infrastructure that is included with
the database, data centre, storage system, network and operating system run on the cloud application. As
the cloud system does not need the installation and investment of the software and hardware, the

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

Enterprise Architecture Applications, student names
healthcare needs to get the productive and running in the fraction compared with the on-premises
software.
For implementing the cloud application, the healthcare needs to control the data of the off-premises as
well. For implementing the cloud application, it is essential to free the management the teams from the
spent effort and time on the non-strategic and the IT operation of the system of the healthcare.
3.3 Who would be responsible for initiating the necessary change?
For the implementation of the change to cloud computing, the responsible person will be the cloud
developers, cloud administrator the third party cloud service provider. It is clear that many personal is
responsible for the implementation and the development of the cloud application. The cloud developers
have the knowledge of the cloud architecture practices. Cloud developers are involved in debugging,
deploying and developing the cloud-based system. The cloud administrator is responsible for the
installation, configuration, support and maintenance of the cloud application (Stock, Stöhr, Rauschecker &
Bauernhansl, 2014). The responsibility of the cloud administrator is variable based on the healthcare and
the demands of the healthcare. The third party service providers offer the cloud-based platform for the
organization. The cloud service providers provide the organization huge benefits, flexibility and scalability.
Third party service provider is the important aspect, who is responsible in many ways for the
implementation of cloud in the healthcare with the old system. Third party can customize the configuration
of the servers of the responsive load of the data that can respond in changing demands.
3.4 How could this change be approached organisationally?
Define the project: Some infrastructure and application need not to put on the cloud. First, it is needed to
decide the shift to cloud is feasible or not.
Select the platform: Easy, fast and safe platform needs to be chosen for deployment. Flexible platform is
needed to scale the business growth (Yetton, Henningsson & Bjorn-Andersen, 2013).
Understanding of security policy: The healthcare should have the understanding of the security policies and
needs to ensure the resources.
Select cloud service provider: Partner with the service provider has the success with the business similar to
the technology of the healthcare.
Determination of service level agreements: It is needed to be clear with the service provider at the time of
SLA and about the things they either cover or not like data protection and data availability.
Understand who owns the recovery: Technical problems will come. Therefore, the healthcare needs to
ensure that the service provider takes the responsibility for the recovery.
Migrating in the phases: Rolling out the phased migration allows the healthcare to maximize the load and
provide the time to reduce the risks (Velimeneti, 2016)
Think ahead: the requirements of the business can change any time. Therefore, cloud solution should be
chosen to move among the cloud and on-premises as requirements.
Implementing and creating the cloud strategy will take time, effort and energy. It is essential to choose the
correct strategy of cloud, which will help to open up many opportunities to emerge the business in the
market.

Enterprise Architecture Applications, student names
4. Conclusion
The current changes in adopting the cloud computing in the healthcare can solve the various issues related
to information security and cost optimization in the healthcare industry. Thus, this can be concluded by this
study that the cloud-based application will provide various benefits to the physicians, patients, insurance
company, imagining centre and pharmacies while sharing the information and data within the medical
industries and provides best result to the security system. Many challenges like interoperability and various
security and privacy concerns will rise to the cloud-based infrastructure. Therefore, adopting the cloud
system is progressing slowly. By implementing the best cloud application in the system, use and deployment
of the cloud-based system can generate the growth in future in adopting the cloud-based infrastructure
despite of all the barriers and obstacles.
REFERENCES
Abbas, A., & Khan, S. U. (2014). A review on the state-of-the-art privacy-preserving approaches in the e-
health clouds. IEEE Journal of Biomedical and Health Informatics, 18(4), 1431-1441.
Archenaa, J., & Anita, E. M. (2015). A survey of big data analytics in healthcare and government. Procedia
Computer Science, 50, 408-413.
Cárdenas, A. A., Manadhata, P. K., & Rajan, S. P. (2013). Big data analytics for security. IEEE Security &
Privacy, 11(6), 74-76.
Casola, V., Castiglione, A., Choo, K. K. R., & Esposito, C. (2016). Healthcare-related data in the cloud:
challenges and opportunities. IEEE Cloud Computing, (6), 10-14.
Darwish, A., Hassanien, A. E., Elhoseny, M., Sangaiah, A. K., & Muhammad, K. (2017). The impact of the
hybrid platform of internet of things and cloud computing on healthcare systems: Opportunities,
challenges, and open problems. Journal of Ambient Intelligence and Humanized Computing, 1-16.
El Jaouhari, S., & Bouabdallah, A. (2018, July). A privacy safeguard framework for a WebRTC/WoT-based
healthcare architecture. In 2018 IEEE 42nd Annual Computer Software and Applications Conference
(COMPSAC) (Vol. 2, pp. 468-473). IEEE.
Fernández-Alemán, J. L., Señor, I. C., Lozoya, P. Á. O., & Toval, A. (2013). Security and privacy in electronic
health records: A systematic literature review. Journal of biomedical informatics, 46(3), 541-562.
Khalil, I., Khreishah, A., & Azeem, M. (2014). Cloud computing security: A survey. Computers, 3(1), 1-35.
Kruse, C. S., Frederick, B., Jacobson, T., & Monticone, D. K. (2017). Cybersecurity in healthcare: A systematic
review of modern threats and trends. Technology and Health Care, 25(1), 1-10.
Maenhaut, P. J., Moens, H., Ongenae, V., & De Turck, F. (2016). Migrating legacy software to the cloud:
approach and verification by means of two medical software use cases. Software: Practice and
Experience, 46(1), 31-54.
Perakslis, E. D. (2014). Cybersecurity in health care. N Engl J Med, 371(5), 395-397.
Pino, C., & Di Salvo, R. (2013, March). A survey of cloud computing architecture and applications in health.
In Proceedings of the 2nd International Conference on Computer Science and Electronics
Engineering. Atlantis Press.
Rodrigues, J. J., De La Torre, I., Fernández, G., & López-Coronado, M. (2013). Analysis of the security and
privacy requirements of cloud-based electronic health records systems. Journal of medical Internet
research, 15(8), e186.
Saedi, A., & Iahad, N. A. (2013, June). An Integrated Theoretical Framework for Cloud Computing Adoption
by Small and Medium-Sized Enterprises. In PACIS (p. 48).
Sajid, A., & Abbas, H. (2016). Data privacy in cloud-assisted healthcare systems: state of the art and future
challenges. Journal of medical systems, 40(6), 155.
Stock, D., Stöhr, M., Rauschecker, U., & Bauernhansl, T. (2014). Cloud-based Platform to facilitate Access to
Manufacturing IT. Procedia CIRP, 25, 320-328.
Velimeneti, S. (2016). Data Migration from Legacy Systems to Modern Database.
Xhafa, F., Li, J., Zhao, G., Li, J., Chen, X., & Wong, D. S. (2015). Designing cloud-based electronic health
record system with attribute-based encryption. Multimedia Tools and Applications, 74(10), 3441-
3458.
Yang, J. J., Li, J. Q., & Niu, Y. (2015). A hybrid solution for privacy preserving medical data sharing in the

Enterprise Architecture Applications, student names
cloud environment. Future Generation Computer Systems, 43, 74-86.
Yetton, P., Henningsson, S., & Bjorn-Andersen, N. (2013). Ready to Acquire’: IT Resources for a Growth-by-
Acquisition Strategy. MIS Quarterly Executive, 12(1), 19-35.