Skyhigh Security has released the Skyhigh Security Cloud Adoption and Risk Report, Healthcare Edition, which investigates the state of cloud security in health care organizations, including patient care facilities and healthcare technology companies. This report explores the health care vertical data from Skyhigh Security’s The Data Dilemma: Cloud Adoption and Risk Report, which provides a comprehensive look at data security challenges across industries.
While health care parallels other sectors in cloud adoption trends, it faces distinct obstacles regarding data security and trust in the cloud. Cyber attackers often target health care organizations to attempt to steal highly prized data, such as personal health information (PHI), insurance claims data, clinical trial information and more. And unfortunately, they’re often successful. The report shows that 86% of health care organizations have experienced data theft compared to only 80% across all industries. Software-as-a-Service (SaaS) security issues are also rising far more quickly in this sector than others. But despite the elevated threat level, only 51% of health care organizations are committed to investing more in cybersecurity, versus 56% across all industries.
To keep sensitive data secure and private, the health care sector has been hesitant to embrace cloud services. While other industries have seen a 50% average uptick in cloud services in use, the adoption rate in health care is only half of that, at 25%. However, there’s been steady movement to increase utilization. Although the health care industry still stores the least amount of sensitive data in the public cloud (47%) compared to all industries (61%), they are up from only 35% in 2019.
“Apprehension about cloud security remains high in the health care sector, but there are a variety of factors making greater trust in the cloud necessary – such as the increase in hybrid work and anytime, anywhere collaboration,” said Rodman Ramezanian, global cloud threat Lead at Skyhigh Security. “Health care organizations have historically stored sensitive data on premises, but there’s been a shift to cloud and hybrid providers. By adopting unified, zero trust cloud security solutions, organizations can increase cloud use without putting sensitive data at risk and allow their leaders to focus on what’s most important – supporting the health and wellbeing of our communities.”
Top Challenges
While health care’s adoption and trust in the cloud is trending in the right direction, the sector lacks critical visibility into who is using sensitive data, where it’s being stored and how secure their apps and services are. For example, health care organizations perform audits of their applications less frequently than their peers in other sectors and are less likely to use identity and access management to monitor access to resources. Other top challenges for health care include the following: Shadow IT, complex or outdated infrastructure, IT budget constraints and cybersecurity talent shortages.
The Treatment Plan
On the bright side, health care organizations recognize their heightened cybersecurity risks and are taking action to reduce data threats. The report finds that health care is most likely of all sectors to deploy data loss prevention (DLP) and encryption solutions, at 30% versus 23% for all industries. Like its peers, 40% of the health care sector is interested in adopting a zero trust approach.
The research presented in the report points to the advantages of a single, centralized Security Service Edge (SSE) solution that simplifies cloud security and enables security teams to apply consistent data protection controls and policies across the web, cloud, and private apps – from anywhere, any application, and any device.
