39% of healthcare organisations suffered ransomware attacks in the cloud in 2020

One in four healthcare organisation was fined for non-compliance and 1 in 10 was sued as a result of a cloud breach.

  • 3 years ago Posted in

Netwrix has published findings for the healthcare sector from its global 2021 Netwrix Cloud Data Security Report.



The survey found that in 2020, the most common incidents that healthcare institutions experienced in the cloud were phishing (reported by 44% of organisations), ransomware (39%) and data theft by insiders (35%). Data theft was the hardest of the three to detect; more than half of organisations required days or weeks to flag it, while phishing and ransomware were spotted in hours or less by the overwhelming majority.


The top consequences of cloud breaches in the healthcare sector were unplanned expenses to fix security gaps (24%), compliance fines (23%) and lawsuits (11%). Most healthcare organisations attribute their cloud security challenges to lack of budget (61%), lack of IT/security staff (56%) and employee negligence (39%).


Other survey findings include:

  • 61% of healthcare organisations store customer data in the cloud and 54% store personal health records there
  • 32% of healthcare organisations needed days to discover accidental data leakage and supply chain compromise
  • The top security measures healthcare organisations are taking in response to cloud security challenges are encryption (78%), review of access rights (75%) and employee training (65%)

 
“An explosion of telehealth services and the shift of non-clinical employees to WFH increased the need for cloud technologies in the healthcare sector. As a result, new avenues for cyber threats opened up. Moreover, because hospitals and health systems are dealing with high caseloads caused by the pandemic, the threat to care delivery remains extremely high. Our report highlights the lack of security fundamentals that could improve the security posture of these organisations. They should consider stronger data governance processes to reduce their attack surface; real-time user activity monitoring to improve time to detect incidents; and training and security awareness programmes for both IT staff and employees,” said Ilia Sotnikov, VP of Product Management at Netwrix.

Research shows ‘game needs to be changed,’ with security innovation years behind that of the...
73% of organizations lack automated patch management, and 62% experienced incidents involving...
Quest Software has signed a definitive agreement with Clearlake Capital Group, L.P. (together with...
Dell EMC PowerProtect Cyber Recovery for AWS provides a fast, easy-to-deploy public cloud vault to...
Aqua’s cloud native application protection platform becomes the only solution that protects cloud...
54% of organisations working on a security transformation project now or in the next 12 months.
Node4 has released its Mid-Market IT Priorities Report 2021. The independent report reveals that...
Zscaler Zero Trust exchange cloud-based architecture enables superior green security capabilities...