The healthcare sector is twice as likely to face data breach consequences as any other industry surveyed. Netwrix, a cybersecurity vendor that makes data security easy, announced additional findings for the healthcare sector from its global 2022 Cloud Security Report.
- 61% of respondents in the healthcare industry suffered a cyberattack on their cloud infrastructure within the last 12 months, compared to 53% for other verticals (see What are the Most Common Types of Cyberattacks?). Phishing was the most common type of attack reported.
- 32% of respondents from other industries report that an attack had no impact on their business, while only 14% of healthcare organisations say the same
- 80% of organizations store sensitive data in the cloud
- 53% of respondents experienced a cyberattack on their cloud infrastructure within the last 12 months
- 49% of IT pros said that an attack led to unplanned expenses to fix security gaps
After the sudden shift to remote work in 2020, cloud adoption is still in progress and, as this report proves, is expected to continue over the next 12-18 months. In March 2022 we surveyed 720 IT professionals all over the globe via an online questionnaire. This report will help organizations concentrate their security efforts on what really matters and highlight the main obstacles on their way to safe cloud computing.
73% of healthcare organizations store sensitive data in the cloud. The most common type (45%) is patient or protected health information.
The healthcare sector is a lucrative target for attackers because the chances of success are higher. The first two years of the pandemic exhausted the industry. With patient health being the main priority for these organisations, IT security resources are often too stretched and are focused on maintaining only the most necessary functionsDirk Schrader, VP of Security Research at Netwrix
Plus, the high value of data gives cyber criminals better opportunities at financial gain: they can either sell stolen sensitive medical information on the dark web or extort a ransom for ‘unfreezing’ the medical systems used to keep patients alive.
An cyberattack in the healthcare sector is more likely to result in financial consequences. 32% of respondents from other industries report that an attack had no impact on their business, while only 14% of healthcare organisations say the same (see Cyber Insurance Market: New Underwriting Strategies & Available Cybercapacity).
59% of respondents experienced an attack on their cloud infrastructure within the last 12 months. The most common cloud security incidents were phishing, ransomware or other malware attack and targeted attack on cloud infrastructure.
Unplanned expenses to cover security gaps and compliance fines are the most common types of damage that the healthcare sector faces due to a cyberattack.
Healthcare organisations plan to increase the share of their workload in the cloud from 38% to 54% by the end of 2023.
61% of respondents say integration with existing IT environment is the main obstacle for faster cloud adoption compared to 41% among the other industries.
Fast cloud adoption should be accompanied by relevant security measures and special attention to internet-of-things (IoT) devices and systems; for example, compromise of respirators or IV infusion devices can lead to physical harm to patients.
IT teams must also strictly limit who — humans and machines — can access what data and systems according to the least-privilege principle, and regularly review and right-size those access rights.
48% consider contractors and partners with legitimate access as the biggest risk to data security in the cloud.
14% of those who experienced an attack say it had no impact on their organization compared to 32% among all other verticals surveyed.
64% of respondents intend to implement data classification as a protective measure in the cloud. 43% of healthcare organizations plan to add access reviews to their cloud security bucket.
AUTHOR: Dirk Schrader – VP of Security Research at Netwrix