Most healthcare providers store sensitive data, such as electronic protected health information (ePHI), personally identifiable information (PII) and financial data, in the cloud, yet only a few of them have pervasive visibility into who is accessing that data, according to a new survey.
Netwrix Corporation, provider of a visibility platform for data security and risk mitigation in hybrid environments, released a report on cloud security in healthcare. The report provides an industry perspective into the healthcare sector’s use of cloud technology and an assessment of the risks associated with cloud migration.
Netwrix surveyed 853 organizations in North America, Asia/Pacific and Europe, and across various industries, with 11 percent of respondents in healthcare.
Within healthcare, cloud adoption makes it easier for health care organizations to centralize the storage of health records and access data, according to the report. In the survey of IT professionals employed in the healthcare industry, a clear majority (84 percent) said their organizations are already using the cloud to store sensitive information and 69 percent of healthcare providers plan to move more data to the cloud, the survey found.
What’s more, 23 percent of healthcare organizations said they are ready for a broader adoption of the cloud, 23 percent plan to move their entire infrastructure to the cloud within the next five years and 19 percent plan to adopt a cloud-first approach.
The survey also examined cloud security challenges. Among the healthcare respondents, in response to a question about the impact of cloud adoption on the overall security of IT infrastructure, a quarter (26 percent) said it had worsened, while only 19 percent said it had improved the security of IT infrastructure. About 40 percent said they were not sure.
The top cloud security concerns were unauthorized access (named by 68 percent) and malware infiltrations (mentioned by 61 percent). Most respondents (55 percent) identified employees as the biggest risk to sensitive data stored in the cloud, with 13 percent identifying third parties with legitimate access as the biggest risk. However, despite this concern about the insider threat, only 14 percent of respondents have visibility into the activity of business users and just 21 percent have visibility into the activity of IT staff.
Even given this inability to combat the insider threat, only half of IT teams say that their top management supports their cloud security initiatives. For about half of respondents, increasing employee training and tightening security policies are the key measures to improve cloud security.
“This year shows positive dynamics in cloud adoption by healthcare providers, as more organizations are willing to move their sensitive data to the cloud, or already store it there. Yet the major security concerns remain the same: Most organizations perceive employees as the main threat to their systems and data, while lack of visibility across the IT environment makes it more difficult to deal with potential risks,” Michael Fimin, CEO and co-founder of Netwrix, said. “The majority of healthcare providers believe that more employee training and tighter security policies will help them improve cloud security. However, these measures have to be complemented with awareness of what users are doing in the IT infrastructure, what sensitive data the organization stores there and what weak points they need to address.”
