Risk analysis of cloud sourcing in healthcare and public health industry
Institute of Electrical and Electronics Engineers Inc.
Security Research Institute
The task of protecting healthcare information systems (HIS) from immediate cyber security risks has been intertwined with cloud computing adoption. The data and resources of HISs are inherently shared with other systems for remote access, decision making, emergency, and other healthcare related perspectives. In the case of a multitude of requirements by multiple stakeholders, various, and diverse cloud models are being adopted across the healthcare and public health industry, which defies the real essence of sharing and using cloud computing in this domain. The misconception of security is one of the key hurdles in the adoption of cloud as a de facto standard in the healthcare and public health sector. In this paper, we demonstrate the similarity of the security aspects of the cloud computing models, by identifying the critical assets in the HIS, and by assessing their impact on the HIS. We also evaluate the risk exposure of the cloud computing models by performing a critical analysis. To the best of our knowledge, this is the first study of its kind for risk analysis of cloud computing models in order to demonstrate their suitability for the HIS.