At its first-ever Health Summit in Nashville on Tuesday, Oracle announced a new cybersecurity-focused service for its healthcare customers, Autonomous Shield.

WHY IT MATTERS
The launch of the new Autonomous Shield Initiative is meant to help clients migrate to a comprehensive electronic health record and cloud infrastructure that can reduce cyber risk, according to the company – thanks to the automation and security of Oracle Cloud Infrastructure.

Autonomous Shield aims to simplify Oracle Health EHR migrations to OCI with built-in security best practices, solution architecture development, application migration, go-live support and more.

OCI can help healthcare customers "prevent, detect, and respond to security concerns with autonomous databases and operating systems that can automatically patch and protect against the latest vulnerabilities," the company says, physically isolating itself and customers from one another to reduce avenues of attack.

Its always-on data encryption and on-by-default multi-factor authentication, activity auditing and DDoS protection – along with 256-bit AES encryption for data at rest and in transit – offer further protection.

"Cyberattacks represent an imminent and existential threat to healthcare worldwide," said Seema Verma, general manager of Oracle Health and Life Sciences, in a statement.

"With our clinical applications running on OCI, we provide our customers – big and small – with the same military-grade security that is used to protect the most sensitive data at some of the largest and most sophisticated businesses, national defense agencies, and governments around the world."

THE LARGER TREND
The cybersecurity stakes in healthcare are as high as ever. Oracle Health cites a report from the U.S. Department of Health and Human Services showing a 239% increase in large breaches involving hacking and a 278% increase in ransomware reported in the past four years.

And while cybersecurity budgets are on the rise, providers still only lay out about 8% of their IT budgets on security, the company notes – well below what other industries spend.

Two years since its acquisition of Cerner, Oracle says it's made big investments to improve the security and performance of its core clinical applications.

After the Change Healthcare cyberattack, Oracle says it helped divert the traffic of several large health networks that used the clearinghouse to other gateways in a matter of days, helping them avoid payment disruptions on more than $3 billion in claims.

"Recent events in healthcare have exploited vulnerabilities facing health systems around the world," said Kemal Erkan, CEO of United Medical, in a statement. "Now more than ever, it's important for health systems to choose companies like Oracle that make security simple – easy to use, deploy, and operate. Our transition to Oracle Cloud Infrastructure has been seamless and gives us more confidence in the performance and security of our technology."

ON THE RECORD
Speaking with former Senate Majority Leader Dr. Bill Frist in Nashville on Tuesday, Oracle founder and Chief Technology Officer Larry Ellison described the company's approach to autonomous database technology (and suggested Oracle Health would set up new headquarters in Tennessee).

"There's a new generation of data systems called autonomous databases that are virtually unbreakable because human beings don't run them, they're autonomous," he explained.

"Almost all cyberattacks begin the same way: Human error," he added. "But if you get the human being out of the loop and these critical parts of the cyber system, the thing that manages your data, you can't attack those systems because they can't be misconfigured, because human beings don't configure them. They can't be an insider job where someone maliciously attacks the system because there's no human access to this. It's all completely automated."

That "autonomous digital infrastructure exists, we have it," said Ellison. "Our history is building highly secure systems. The only way we figured out, and it took us a long time to make sure these systems are indeed secure because the second there's a human actor, there's a vulnerability, either mistake or malice.

"And until you take the human actor out, and that's what we ultimately did to build these systems, because to defend your data, to defend your computer systems, it can't be their robots – because these are robot attacks, these are robots they build to attack our systems – it can't be their robots versus our people. We're going to lose that every day of the week. It's got to be our robots versus their robots. Once you do that, the balance of power tips to us. We have the advantage, and, so far, it has a record of consistently preventing cyber attacks."

Mike Miliard is executive editor of Healthcare IT News
Email the writer: mike.miliard@himssmedia.com
Healthcare IT News is a HIMSS publication.