Healthcare institutions have experienced an alarming rate of data attacks and theft over the past year, researchers have found.
Phishing was reported by 44% of organisations, ransomware by 39% and data theft by “insiders” by 35%. Data theft was the hardest of the three to detect; more than half of organisations required days or weeks to flag it, while phishing and ransomware were spotted in hours or less by the “overwhelming majority”.
The top consequences of cloud breaches in the healthcare sector were “unplanned expenses to fix security gaps” (24%), compliance fines (23%) and lawsuits (11%). Most healthcare organisations attribute their cloud security challenges to lack of budget (61%), lack of IT/security staff (56%) and employee negligence (39%).
Other survey findings include:
- 61% of healthcare organisations store customer data in the cloud and 54% store personal health records there
- 32% of healthcare organisations needed days to discover accidental data leakage and supply chain compromise
- The top security measures healthcare organisations are taking in response to cloud security challenges are encryption (78%), review of access rights (75%) and employee training (65%)
Ilia Sotnikov, vice president of product management at Netwrix, which commissioned the research, said that an “explosion of telehealth services and the shift of non-clinical employees to working-from- increased the need for cloud technologies in the healthcare sector.”
Sotnikov added: “New avenues for cyber threats [have] opened up. Moreover, because hospitals and health systems are dealing with high caseloads caused by the pandemic, the threat to care delivery remains extremely high.”
The 2021 Netwrix Cloud Data Security Report is based on feedback from 937 IT professionals worldwide who use “private and public.”
