New technologies and old habits driving data breaches and risk in global healthcare

Published: 24-Feb-2017

Majority of global healthcare enterprises are using cloud, big data, and Internet of Things without securing sensitive data

  • Thales releases 2017 Thales Data Threat Report, Healthcare Edition
  • Results reveal 66% of healthcare IT professionals have experiences a data breach and 88% feel vulnerable as a result
  • 73% are increasing IT security spending to offset threats to data
  • Report warns action must be taken, including deploying security tools, classifying sensitive data, and using encryption technology

88% of healthcare IT professionals feel their systems are vulnerable to data breaches and cyber attacks, according to a new survey.

Critical information systems, cyber security and data security specialist, Thales, has announced the results of its 2017 Thales Data Threat Report, Healthcare Edition, issued in conjunction with analytics firm, 451 Research.

The fifth annual report indicates global healthcare IT professionals are confronting a rapidly-changing, challenging landscape, with 66% of respondents experiencing a data breach and 88% feeling vulnerable as a result.

In response to the threat, 73% are increasing IT security spending to offset threats to data.

Out with the old

While healthcare records have always been a desirable commodity on the black market, technological changes have further complicated its storage and protection.

And, despite the risks that come from increased access points, 65% of global healthcare respondents reported that their organisations are deploying to cloud, big data, and IoT environments without adequate data security controls.

The global healthcare industry is also adopting some of these technologies for sensitive data use wholesale, with 51% of global healthcare respondents deploying sensitive data to Software as a Service (SaaS) and Infrastructure as a Service (IaaS) environments, 36% to big data environments, and 34% to Internet of Things environments.

Despite the changing face of healthcare data deployments, many organisations remain stubbornly focused on network and endpoint security.

For healthcare data to remain safe from cyber exploitation, security strategies need to move beyond laptops and desktops to encompass an encrypt-everything approach that best suits a world of internet-connected heart-rate monitors, implantable defibrillators, and insulin pumps

53%of global healthcare respondents are spending the most on network security, followed by endpoint security at 51%. Additionally, 67% of global healthcare respondents perceive network security as highly effective at stopping data breaches, followed closely by endpoint security (66%).

While network and endpoint technologies are a required element of an organisation’s IT security stance, they are increasingly less effective at keeping external attacks at bay, and in securing cloud, big data, IoT and container deployments – which result in data being distributed, processed and stored outside corporate network boundaries.

Perceived barriers and threats

In response to questions about why they are not implementing more-effective data security controls, 43% of global healthcare respondents cited a lack of staff, followed by perception of complexity (37%), and a lack of organisational buy-in (also 37%).

Further exacerbating these barriers are internal and external threats. At 63%, privileged users top the list of internal threats. Executives are second at 51%, followed by external service providers with internal account access (29%). When it comes to external threats, cyber criminals are considered the greatest challenge by 47%, with hactivists a distant second (16%) and competitors in third (13%).

Encryption plays a role

Across the board, encryption is the technology of choice when it comes to protecting sensitive data residing within cloud, IoT and container environments.

58% of global healthcare respondents opt to encrypt data in the public cloud, with the survey yielding similar numbers for IoT data (58%) and container data (60%).

Data sovereignty – a hot topic in light of concerns about new privacy regulations and government snooping – is also spurring encryption adoption.

Adhering to the security status quo will create vulnerabilities that lead to breaches, and further erode customer trust

The technology is the clear choice for satisfying local data privacy laws such as the EU’s General Data Protection Regulation (GDPR) by 66% of global healthcare respondents. Also notable are the 33% searching for local data locations or cloud providers to meet data residency needs.

Peter Galvin, vice president of strategy for Thales e-Security, said: “Globally, healthcare companies are under pressure.

“The use of advanced technologies is increasingly impacting security decision-making, as our data privacy and residency requirements increase.

”For healthcare data to remain safe from cyber exploitation, security strategies need to move beyond laptops and desktops to encompass an encrypt-everything approach that best suits a world of internet-connected heart-rate monitors, implantable defibrillators, and insulin pumps.

“Adhering to the security status quo will create vulnerabilities that lead to breaches, and further erode customer trust.”

Thales urges healthcare organisations interested in improving their overall security postures to strongly consider:

  • Deploying security tool sets that offer services-based deployments, platforms and automation
  • Discovering and classifying the location of sensitive data, particularly within IoT and container environments
  • Leveraging encryption and ‘Bring Your Own Key’ (BYOK) technologies for the cloud and other advanced environments

Click here to download the report in full.

You may also like