Data Driven Futures

Cloud-based health data ‘left unprotected’

Written by Hannah McGrath

Nearly a third of healthcare organisations store all their sensitive data in the cloud yet lack the resources to protect it, according to a new analysis.

A study of the progress of cloud data security in the healthcare industry conducted by information security company Netwrix also found that the number of providers who say they are ready to ready to adopt a cloud-first approach has increased by a third (31 per cent) since 2018.

In addition, nearly a quarter (26 per cent) of healthcare organisations had experience at least one security incident in the cloud during the past 12 months.

None of the affected organisations classified all the data they stored in the cloud, and all of them stored all their sensitive data in the cloud, according to the analysis.

The study found that 32 per cent of healthcare organisations currently store a wide range of sensitive data in the cloud, including healthcare data and personally identifiable information (PII) of customers and employees.

However, while the number of cloud providers considering becoming 100 per cent cloud-based has grown by 12 per cent over the last 12 months, 85 per cent said they had not seen a rise in their cloud security budgets for 2019, meaning IT teams lack resourced to properly protect sensitive data.

The majority of IT teams at healthcare organisations said they were planning to strengthen data security in the cloud by encrypting data (70 per cent) and monitoring activities around data (50 per cent).

However, security incidents and dwindling resource mean that 18 per cent of healthcare organisations are now considering reversing the process by moving their data from the cloud back on premises.

Their main reasons include security concerns (56 per cent), reliability and performance issues (22 per cent), and high costs (22 per cent) for the cloud.

If they decide to make this move, they will start by migrating healthcare data (33 per cent), customer data (33 per cent) and employee data (11 per cent), the survey found.

Commenting on the findings, Steve Dickson, chief executive of Netwrix, said:“Prioritising security efforts is the key to ensuring data security in the cloud, especially if budgets are tight, as is common at healthcare organisations.

“When organisations know exactly what data they have in the cloud and have classified it according to its value and level of sensitivity, they are in a better position to choose appropriate controls within their budgetary constraints and protect sensitive data more effectively,” he added.