Healthcare Cloud Usage Grows But Protecting PHI Can Be a Challenge
The cloud is taking over from on-premises infrastructures, but healthcare still lags other sectors for cloud adoption. Cloud adoption has accelerated in healthcare since the pandemic as hybrid working gained significant ground. To support a hybrid workforce, improve efficiency, and cut costs, increasing numbers of healthcare organizations have started their transition to cloud infrastructure and data storage.
According to Skyhigh Security’s Cloud Adoption Report – Healthcare Edition, around 50% of organizations across all industry sectors have embraced cloud-based services but the figure drops to 25% of healthcare organizations. Across all industries, healthcare organizations store the least amount of sensitive data in the cloud, with only 47% of healthcare organizations using the cloud for sensitive data storage compared to 61% across all industries.
The healthcare industry collects huge volumes of sensitive data that information is extremely valuable to cybercriminals and cyberattacks have been increasing. The latest figures from the HHS’ Office for Civil Rights breach portal show that there were 463 large data breaches (500 or more records) in the year to August 31, 357 of which were hacking incidents. More than 71 million records have been breached so far this year, 67.7 million of which were exposed or compromised in cyberattacks and other IT incidents.
Healthcare organizations must ensure they are compliant with HIPAA, which requires protected health information (PHI) to be safeguarded at all times and constantly be available. Protecting data and ensuring constant availability is much more straightforward when PHI is stored within the corporate network. When PHI is stored across multiple cloud applications, protecting PHI and finding and addressing security gaps is a major challenge and with the healthcare industry being targeted by cyber threat actors, it is understandable that there is concern about cloud services.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
Healthcare may have been reluctant to embrace the cloud, but adoption has grown significantly in recent years. In 2019, healthcare organizations used an average of 19 public cloud services but used an average of 24 in 2022. Some of the biggest increases have been in the use of applications and services like Google, Amazon Web Services, and Microsoft SharePoint. In healthcare, utilization of these services is higher than in other sectors. For instance, Google cloud services are used by 76% of healthcare organizations compared to 63% across all industry sectors.
As cloud services utilization has increased, so have security issues. SaaS security issues were reported by 19% of healthcare organizations in 2022, compared to 10% across all industries. The most common security issues reported by healthcare organizations were shadow IT – the utilization of cloud resources outside the visibility of the IT department; the lack of visibility into the data stored in cloud applications; an inability to assess the security of the application cloud provider’s operations; and a lack of staff with the necessary skills to manage security for cloud applications.
The percentage of healthcare organizations that said shadow IT was affecting their ability to keep data secure increased by 25% from 2019 to 2022 when 74% cited it as a security issue. To help address this issue, 43% of healthcare organizations said they use cloud access security broker (CASB) solutions, slightly more than other sectors. According to Skyhigh Security, 30% of organizations in the sector rely on data loss prevention solutions and encryption, compared to 23% of organizations across all industry sectors. Cybersecurity needs to be a priority due to the frequency with which healthcare organizations are attacked. According to the report, 76% of healthcare organizations have experienced a cybersecurity breach, threat, and data theft.
While the adoption of encryption, DLP, and CASB is helping to improve security, the report shows there are several areas where security needs to be improved. Firewalls and web gateways require more attention and Skyhigh Security’s data indicates regular audits of cloud applications are less likely to be conducted in healthcare than in other industry sectors. Healthcare organizations are also less likely to use identity and access management solutions and block access to unauthorized cloud resources.
“The healthcare sector, while following similar trends in cloud adoption as other industries, faces unique challenges in terms of data security and trust in cloud services. Healthcare organizations are frequent targets for cyberattacks aimed at stealing valuable data like personal health information (PHI), insurance claims, and clinical trial data,” said Thyaga Vasudevan, VP of Products at Skyhigh Security told the HIPAA Journal. “Despite these heightened risks, only 51% of healthcare organizations are committed to increasing their cybersecurity investments, compared to 56% in other sectors. Skyhigh Security’s Cloud Adoption and Risk Report reveals more fascinating details on the security risks that healthcare industry faces and what needs to be done to mitigate them.”
Further investment in cybersecurity is necessary to counter the increasing number of cyberattacks and keep PHI protected. Healthcare organizations also need to work on reducing the management complexity of cloud security, especially considering the difficulty healthcare organizations have recruiting staff with the necessary skills.
