NHS Digital has issued guidance to the independent authorities and businesses that make up the UK's National Health Service, setting out the case for storing extremely sensitive patient data on public cloud servers.
The short version is: you can't afford to hire top-notch IT talent, but Amazon and Google can. If you keep storing data locally, it will be breached, compromised by ransomware, etc. But the big cloud services are already figuring out compliance with the General Data Protection Regulation, so if you can hire someone who knows how to use these services (a much more common skill than knowing how to create one from scratch), you will be better protected and in compliance with privacy rules.
I think there's a good case to be made for the platforms being safer than roll-your-own services, providing your threat model doesn't class governments among your adversaries. That may not be a great assumption here: the UK spy agencies are among the world's most reckless, lawless and secretive and I wouldn't put it past them to hoover up the nation's health data for some ill-defined fishing expedition to catch "bad 'uns."
Besides that, there's the disturbing fact that the NHS Digital advice does not include any explicit mention of encryption (there are some oblique references to overall security). Encrypting patient data at rest and on the wire should be an ironclad requirement of this system.
The guidance does warn that putting patient records in the cloud means that losing access to the internet is the same as losing the ability to provide health-care, but that is very nearly true already, given that NHS doctors and other providers often have to access electronic records stored in DIY offsite clouds, or data from referring providers, etc.
The report also warns healthcare organisations that they may need to change the way they budget for technology, as cloud services usually operate on a pay-as-you-go model rather than being paid for from capital expenditure.
"Use of the cloud increases the portability of data, meaning data can be distributed across multiple devices both within and without the boundary of your organisation. The right cultural understanding and behaviours need to be in place to manage this portability appropriately mitigate any risks," it said.
NHS organisations are also urged to consider carefully the location of their cloud providers. "To benefit from additional resilience it is highly recommended that for the data you deem to be of the highest risk you consider taking a multi-region approach; where, for example the data is stored both in and outside of the UK."