Despite the security risks, 69 percent of healthcare organizations plan to transfer more sensitive data to the cloud in the near future, according to the 2018 Netwrix Cloud Security: In-Depth Report for Healthcare. The report reveals that most healthcare providers store sensitive data, such as electronic protected health information (ePHI), personally identifiable information (PII) and financial data, in the cloud, yet only a few of them have pervasive visibility into who is accessing that data.
State healthcare companies are likely to be pioneers in cloud adoption, with large commercial healthcare institutions holding off until authorities oblige them to store healthcare data in the cloud. Right now, the price of a mistake is simply too high, especially given the lack of visibility into user activity and the high risk of insider threats. The adoption rate will change if and when C-level executives pay more attention to the cloud security initiatives proposed by their health IT teams.
Other key findings of the report include:
– 84% of IT professionals employed in the healthcare industry said their organizations store sensitive data in the cloud
– The top cloud security concerns were unauthorized access (named by 68%) and malware infiltrations (mentioned by 61%)
– (55%) identified employees as the biggest risk to sensitive data stored in the cloud. Despite this concern about the insider threat, only 14% of respondents have visibility into the activity of business users and just 21% have visibility into the activity of IT staff.
– Even given this inability to combat the insider threat, only half of IT teams say that their top management supports their cloud security initiatives
– For 50% of respondents, increasing employee training and tightening security policies are the key measures to improve cloud security.
– Smaller healthcare providers are more likely to turn to the cloud in near future, especially if cloud providers reduce the price of data encryption. The cloud security services offered today exceed the modest capabilities of many small and medium companies, and are able to ensure enough protection to pass HIPAA, GDPR and other compliance audits. By removing the burden of compliance, at least partly, cloud providers will enable these organizations to better focus on their core mission of serving their patients.
“This year shows positive dynamics in cloud adoption by healthcare providers, as more organizations are willing to move their sensitive data to the cloud, or already store it there. Yet the major security concerns remain the same: Most organizations perceive employees as the main threat to their systems and data, while lack of visibility across the IT environment makes it more difficult to deal with potential risks. The majority of healthcare providers believe that more employee training and tighter security policies will help them improve cloud security. However, these measures have to be complemented with awareness of what users are doing in the IT infrastructure, what sensitive data the organization stores there and what weak points they need to address,” said Michael Fimin, CEO and co-founder of Netwrix.
