[ageyfman]

In 2009 I was building an enterprise medical imaging SaaS for hospitals, and we would constantly come across hospital IT admins who were adamantly against trusting a cloud vendor with their sensitive healthcare data - even one that's audited, security-checked and whose sole responsibility is to take care of these images.

We always thought it was a joke that these guys questioned us, when we knew how bad their internal security practices were. At some point around 2011-2012 we seized on the idea that holding your images inside of the hospital's four walls was a liability for them, and not a point of pride.

So, not at all surprised about this, nor about the complete lack of security practices at many of these healthcare IT vendors.

[carbocation]

> In 2009 I was building an enterprise medical imaging SaaS for hospitals, and we would constantly come across hospital IT admins who were adamantly against trusting a cloud vendor with their sensitive healthcare data

This still rings very true in 2020.

[toomuchtodo]

Lots of open S3 buckets full of critical data not helping the counter argument. Security is hard, proving you’re secure to others more so. How do I know you’re not just storing my data in S3, abstracting away the mechanism, but your bucket policy or acls are garbage? I don’t. Cloud does not immediately mean more secure.

[ageyfman]

The point I was making isn't that the cloud is naturally more secure, it's that the company was 100% focused on medical imaging, not the 1000 projects a typical network/system admin at a hospital has to juggle.