39% of healthcare organizations suffered ransomware attacks in the cloud in 2020
The survey found that in 2020, the most common incidents that healthcare institutions experienced in the cloud were phishing (reported by 44% of organizations), ransomware (39%) and data theft by insiders (35%). Data theft was the hardest of the three to detect; more than half of organizations required days or weeks to flag it, while phishing and ransomware were spotted in hours or less by the overwhelming majority.
The top consequences of cloud breaches in the healthcare sector were unplanned expenses to fix security gaps (24%), compliance fines (23%) and lawsuits (11%). Most healthcare organizations attribute their cloud security challenges to lack of budget (61%), lack of IT/security staff (56%) and employee negligence (39%).
Other survey findings include:
- 61% of healthcare organizations store customer data in the cloud and 54% store personal health records there.
- 32% of healthcare organizations needed days to discover accidental data leakage and supply chain compromise.
- The top security measures healthcare organizations are taking in response to cloud security challenges are encryption (78%), review of access rights (75%) and employee training (65%).
An explosion of telehealth services and the shift of non-clinical employees to WFH increased the need for cloud technologies in the healthcare sector. As a result, new avenues for cyber threats opened up. Moreover, because hospitals and health systems are dealing with high caseloads caused by the pandemic, the threat to care delivery remains extremely high. Our report highlights the lack of security fundamentals that could improve the security posture of these organizations. They should consider stronger data governance processes to reduce their attack surface; real-time user activity monitoring to improve time to detect incidents; and training and security awareness programs for both IT staff and employees.
Ilia Sotnikov, VP of Product Management at Netwrix
The 2021 Netwrix Cloud Data Security Report is based on feedback from 937 IT professionals worldwide who use private and public cloud services to store their data. To get the complete findings, please visit: www.netwrix.com/2021_cloud_data_security_report.html
Netwrix makes data security easy. Since 2006, Netwrix solutions have been simplifying the lives of security professionals by enabling them to identify and protect sensitive data to reduce the risk of a breach, and to detect, respond to and recover from attacks, limiting their impact. More than 13,000 organizations worldwide rely on Netwrix solutions to strengthen their security and compliance posture across all three primary attack vectors: data, identity and infrastructure.
For more information, visit www.netwrix.com.
Your questions and feedback are always welcome. Please dial our toll-free number: 888 - 638 - 9749, or enter your question details here and we will reply as soon as possible.
Erin Jones, Avista PR for Netwrix
Phone: 704 - 664 - 2170