Providers are moving to the cloud, but employee security remains lax

Many healthcare providers believe tighter policies will help them improve cloud security, but the measures have to be complemented with awareness of what users are doing in the IT infrastructure.

Jeff Rowe | Apr 13, 2018 12:00 am

Most healthcare providers are storing sensitive data in the cloud, but fewer than 25 percent of healthcare organizations have a complete understanding of what their IT staff members are doing in the cloud.  

That’s according to a new report on cloud security in healthcare from Netwrix Corporation, provider of a visibility platform for data security and risk mitigation in hybrid environments. The report provides an industry perspective into the healthcare sector’s use of cloud technology and an assessment of the risks associated with cloud migration.

Within healthcare, the report said, cloud adoption is making it easier for organizations to centralize the storage of health records and access data, and in the survey of health IT professionals, 84 percent said their organizations are already using the cloud to store sensitive information, while 69 percent of healthcare providers plan to move more data to the cloud.  

What’s more, 23 percent of healthcare organizations said they are ready for a broader adoption of the cloud, 23 percent plan to move their entire infrastructure to the cloud within the next five years and 19 percent plan to adopt a cloud-first approach.

On cloud security, the top concerns were unauthorized access (named by 68 percent) and malware infiltrations (mentioned by 61 percent). Most respondents (55 percent) identified employees as the biggest risk to sensitive data stored in the cloud, with 13 percent identifying third parties with legitimate access as the biggest risk. However, despite this concern about the insider threat, only 14 percent of respondents have visibility into the activity of business users and just 21 percent have visibility into the activity of IT staff.

“This year shows positive dynamics in cloud adoption by healthcare providers, as more organizations are willing to move their sensitive data to the cloud, or already store it there,” Michael Fimin, CEO and co-founder of Netwrix, said in a statement. “Yet the major security concerns remain the same: Most organizations perceive employees as the main threat to their systems and data, while lack of visibility across the IT environment makes it more difficult to deal with potential risks.”

For 50 percent of respondents, increasing employee training and tightening security policies are the key measures to improve cloud security.