Like other providers I've talked to about the cloud, Navarro takes solace in the kind of penetration testing that a cloud provider such as FireHost can attempt on a monthly basis—testing that a healthcare provider can hardly claim as a core competency. "This is all part of the service," he says.
The average healthcare executive can be forgiven for forgetting that the software powering today's systems is a patchwork quilt of updates, security fixes, and bug workarounds. The CIOs reading this, however, know all too well that it becomes less practical every day for this cost to be shouldered entirely by your average hospital or healthcare provider.
Remember this when you're watching IT assumptions from the past decade crash and burn all around us: Every organization that's switched to the cloud seems to have its own version of the hackers-from-China story or the power outage story.
Remember this when you have to hire outside consultants to test your firewall's open ports, and then wonder how long it's been since the last test. Three months? Six months? Would your auditors be happy? Is not doing this testing often enough meeting the spirit and letter of the HIPAA law?