Skip to main content

HealthcareIT News
By Nathan Eddy | July 10, 2019

Nearly a third of healthcare organizations are storing a wide range of sensitive data in the cloud – and more than a quarter have experienced a security breach in the last year, according to a survey by Netwrix.

The study also indicated that even as the number of organizations who said they’re ready to adopt a primarily cloud-based approach is rising, nearly a fifth of healthcare organizations surveyed said they would consider moving their data from the cloud back on premises.

Security concerns were the top reason – cited by 56% of respondents – followed by reliability and performance issues and the high costs of cloud technology.

Those health players who plan on keeping their data in the cloud said they are looking to strengthen data security in the cloud by encrypting data and monitoring activities around data, despite the fact that a third get no financial support from management.

Organizations who are planning on relying more heavily on the cloud for data storage aren’t getting the financial support they need on the security side, with 85% saying there was no increase in their cloud security budgets this year.

The Netwrix study comes as numerous other surveys and other studies indicate general security under preparedness in the healthcare space, even as nearly a third of hospital data centers will be based in the cloud within the next four years.

More than half of respondents to the survey said they needed to access 50 or more data sources to get a clear picture of where their sensitive data resides.

The general survey results strongly indicated the vast majority of healthcare companies simply don’t have the tooling in place to access and monitor the volume, variety, and velocity of personal data flowing in, out, and across their organizations.

A June study CHIME and KLAS found the majority of health organizations are following cybersecurity practices recommended by a federally convened task group.

However, the survey also found that small organizations are less likely to have well-developed cybersecurity policies, with small to medium-size organizations four times less likely to have a chief information security officer than large organizations.

And a recent Integris Software survey of healthcare security executives indicated that, even as they rely on outmoded data management processes, the majority (70%) of execs and IT leaders still say they’re “very” or “extremely” confident of their infosec strategies.

“Prioritizing security efforts is the key to ensuring data security in the cloud, especially if budgets are tight, as is common at healthcare organizations,” said Netwrix CEO Steve Dickson in a statement.

“When organizations know exactly what data they have in the cloud and have classified it according to its value and level of sensitivity, they are in a better position to choose appropriate controls within their budgetary constraints and protect sensitive data more effectively,” he said.