Bring Your Own Key
Published: Tuesday, September 11, 2018 4:59 pm
Change Healthcare Rolls Out Kill Switch Technology
Despite all the training, despite the warnings, breaches of security still happen, and data can be quickly compromised. Change Healthcare hopes to put the power in clients' hands when every minute matters.
The Nashville-based company announced a big breakthrough in the health security landscape this summer, bringing "kill switch" and "Bring Your Own Key" (BYOK) technology to users to quickly respond to internal and external data compromise. Using the Microsoft Azure cloud, the technology gives payers, physicians, hospitals and health systems full security control and allows them to rapidly respond to active threats. Considering the number of healthcare hacks reported each year, having the equivalent of a 'panic button' to lock systems down in the face of a cyberattack is an appealing option.
"Hospitals, payers, and providers are under constant attack from a global network of cybercriminals using advanced and evasive techniques to penetrate networks, steal data, extort healthcare organizations, and capitalize on the personal health information of patients," said Haddon Bennett, chief information security officer at Change Healthcare. "It is of paramount importance that sensitive data be protected by proper encryption that is fully controlled by the payer or provider, so they can mitigate both insider and external threats on their own terms. This is a significant advancement that reduces the risk profile for all healthcare stakeholders, including health plan members and patients."
Change Healthcare Security Management, now part of the HealthQx® analytics suite, includes BYOK service to provide this added security level. While the HealthQx suite's main function is to collect, analyze, and report claims data and other information to help healthcare stakeholders with their value-based care programs, the security feature gives payers and providers granular control over their cybersecurity profile. Customers using HealthQx can make security changes without having to involve Change Healthcare staff and have their cloud-based systems re-encrypted and operational without service interruption.
Prior to this rollout, cloud encryption keys in healthcare have traditionally been the responsibility of solution vendors to manage. Providers and payers had to contact their vendors to respond to requirements large and small, including routine key updates, revocation of employee clearances, perceived threats, or actual attacks and breaches. This approach could take valuable time, which in turn could have a major impact in keeping data secure in the face of a threat.
The new BYOK capability lets payers and providers create, update, or revoke encryption keys on demand, enabling rapid responses when potential or active threats to sensitive data in the cloud are anticipated or encountered. Payers and providers can invoke a virtual "kill switch" that instantly stops access to protected data and services and can then re-enable access within minutes using a new encryption key -- effectively stonewalling active threats. To deploy the virtual kill switch, two authorized operators within the healthcare entity must issue a revocation order, which then locks the system down.
"Transparent data encryption with Bring Your Own Key capabilities helps organizations better protect sensitive data and meet regulatory and industry-specific compliance obligations which require specific key management controls," said Lindsey Allen, partner group program manager for Azure SQL Database R&D at Microsoft. "We integrated this technology in Azure SQL Database so that we could help ensure that the sensitive data of users was protected in a compliant manner."