The healthcare industry is leaning upon cloud more heavily, but there is still mistrust regarding its security, according to research presented at HIMSS 2019.
The insights, shared by HIMSS Media’s Janet King at the conference, show contradictions around cloud in the industry. Security worries persist despite cloud usage growing.
Here are the five key takeaways from the HIMSS Industry Snapshot: Cloud Security in Healthcare.
Cloud continues to take off
Cloud adoption rates by hospitals have continued to increase, almost doubling in the past year. IT workloads in the cloud have reached 39%, up from 21% in 2018, according to HIMSS.
The current trend should continue, too, according to predictions. HIMSS projects that 50% of IT workloads will be in the cloud in 2020 – a peak for cloud usage in healthcare.
Along with its general growth, cloud is also playing a part in critical work in healthcare. Mission-critical workloads make up 53% of cloud’s usage, according to HIMSS. The other 47% is work that contributes to back-end, non-critical workloads.
The healthcare industry’s investment in cloud supports this. HIMSS reported that 78% were frequently or occasionally investing in new, non-missional-critical cloud applications, while 68% were frequently or occasionally investing in new, mission-critical cloud applications. This growth in both areas reflects the aforementioned adoption rise, as well as cloud’s all-round importance.
Despite this growth, there are fears regarding the security of cloud. Only 18% of respondents said that they found cybersecurity concerns not limiting when it came to cloud usage. Meanwhile, concerns were somewhat limiting for 56% of respondents, and 26% said they were significantly limiting.
Among the top concerns were data theft by malicious actors, maintaining regulatory compliance, identity/access management, and advanced persistent threats/attacks. The middle tier of concerns expressed were a lack of visibility as to where the data is stored, malware infections, a lack of staff with cloud security skills, an inability to monitor workloads and apps for vulnerabilities, cloud workloads created outside IT, and a lack of consistent controls to secure multi-cloud and on-premises data, shared by one in three respondents, as opposed to one in two for the top concerns.
Also of concern to respondents were insider theft/misuse of data and denial of service attacks. In general, larger hospitals showed greater concerns with regard to these threats.
Only 7% of security incidents in the past year were related to cloud, despite the fears expressed by respondents. In contrast, 65% of incidents weren’t cloud-related, while respondents were unsure about 28% of incidents.
Industry fears about cloud security aren’t being realized, and may even be unfounded, according to these results. With adoption growing, there is a chance that this trust grows if security incidents related to cloud stay infrequent.
Along with the fears not being realized, there is a growing trust in cloud generally in healthcare. While only 7% of respondents said they trust public cloud solutions to keep data secure without hesitation, 55% said they trusted it for some applications or workloads. At the same time, only 18% said they didn’t trust cloud for security.
What people are comfortable storing in the cloud depends if it’s a public cloud solution or not. The majority of respondents trusted the storage of de-identified electronic health records (EHRs) regardless of whether the platform was public, but it was alone in that. There were, however, stronger numbers for non-public cloud solutions. Along with the 88% who trusted non-public solutions for EHRs, 81% were comfortable storing information from general business apps in the cloud, and 80% were comfortable storing medial images.
This trust may signal an eventual change in attitude toward security, especially with further growth predicted.