Hospitals Take ‘Measured’ Approach to Cloud
Under heavy ransomware attack, hospitals are expected to boost IT spending over the next several years with a particular emphasis on hybrid cloud services like disaster recovery as hackers attempt to hold patient records for ransom.
Under cyber siege and struggling to keep up with security and compliance issues as they consider cloud adoption, a vendor report on the state of healthcare IT described the situation as "never sleep, always worry" environment.
Market researcher Gartner confirms that healthcare providers are taking "measure steps toward the cloud" but they remain "circumspect about vendor security claims, purported service levels and cost savings," according to an industry report released last fall.
While IT infrastructure vendors like report sponsor Peak 10 are understandably bullish about the healthcare cloud adoption trends, growing security concerns along with the steady shift to electronic medical records are the main drivers of a measured shift to hospital clouds. The vendor study released on Thursday (May 19) notes that "cybersecurity and [regulatory] compliance go hand-in-hand" as hospitals scramble to deflect evolving threats like ransomware while complying with rules designed to protect personal medical records.
Healthcare "IT decision makers say that their budgets are increasing, but resources are still strained due to pressure to remain in compliance and breach-free," the Peak 10 report notes.
Vendors have responded with custom cloud offerings such as Peak 10's datacenter services that include what it claims are among the largest HIPAA-compliant clouds. HIPAA stands for the Health Insurance Portability and Accountability Act, the 1996 law that established privacy standards for protecting patients' medical records.
Compliance with HIPAA and other rules protecting patient data have been complicated by the steady shift to electronic media records and the gradual healthcare industry shift to cloud services. Those efforts have been further complicated by a recent spate of ransomware attacks on hospitals across the nation.
In March, for example, Methodist Hospital in Henderson, Ky., declared an "internal state of emergency" after hackers easily penetrated its IT infrastructure. Ransomware was used to encrypt hospital files. Victims then must pay a ransom for the keys to unlock files.
The medium-size hospital reportedly declined to pay the equivalent of about $1,600 in Bitcoin currency for the keys. Instead, it shut down the effected IT infrastructure and relied on backup copies of infected records.
Ransomware attacks have spiked since hackers reckon hospitals have the ability to pay.
Healthcare cloud vendors like Peak 10 contend they can help embattled healthcare CIOs with infrastructure services, especially disaster recovery and other security measures also designed to comply with privacy rules. They also pitch cloud services as a "revenue driver" for creating new cloud-based healthcare services like patient portals and electronic recordkeeping.
"Healthcare organizations hope to use these tools as competitive differentiators and drivers of business," the vendor study asserts.
Perhaps, but the Gartner survey of the healthcare cloud countered: "Security and compliance remain the most significant barriers to healthcare provider cloud adoption, followed by availability, performance and interoperability concerns."
The market researcher nevertheless predicts that growing healthcare infrastructure compounded by budget and IT staffing constraints "will continue to nudge them toward a hybrid IT environment in which the cloud will play an increasing role."