Back to News

Only 30% of global healthcare organizations safe, data breaches one the rise

By: root, MAY 01, 2018

Thales, a leader in critical information systems, cybersecurity and data security, today announces the results of its 2018 Thales Data Threat Report, Healthcare Edition. The report found that only 30% of global healthcare organizations were unharmed by a data breach, yet 39% of the safe fell victim to data breach in the past year alone. The report also found that 70% of respondents reported that they were targets in the past, an increase of 17% from the findings in 2016. Another major takeaway is that the current trend in cybercrime has led 55% of organizations to feel ‘very’ or ‘extremely’ vulnerable to data breaches.


Risks in the midst of better healthcare enabled by digital transformation

The healthcare industry embraces digital transformative technologies, such as cloud, big data, Internet of Things, and containers, left and right in an effort to provide better healthcare and cut costs. The move towards bits and bytes enable organizations to create, manage, and store information quickly and efficiently.

The report found that an overwhelming majority of 93% reported that they use these technologies to handle sensitive data. In the midst of promising better care through technology, more points of entry can be exploited.

The highlights of this year’s findings include:

  • 100% of health organizations surveyed are using cloud technologies. 54% implement a cloud infrastructure as a service (IaaS) rather than on-premise.
  • 33% of respondents use more than 50 cloud based software services (SaaS). 54% are using three or more cloud based platform (PaaS) environments.
  • 99% use big data. Almost all (94%) are working or have implemented mobile payments. 90% have a blockchain project, either currently in place or in the pipeline.
  • 96% make use of IoT devices, such as internet-connected heart-rate monitors and implantable defibrillators.

Given the depth of digital penetration in these organizations, sensitive medical data is at risk. Unlike a credit card, which can be deactivated a phone call away, patient health info and electronic medical records contain permanent information that are traded in lucrative online black market.


Security through compliance?

Previous editions of the Thales Healthcare Data Threat Report showed that the US placed greater concern on compliance compared with other nations. Given the private enterprise nature of the US healthcare system, a sprawl of regulations and standards control how information is created, handled, and stored.

Is it effective? Yes and no.

77% of respondents reported that they have been breached at least once, making it one of the most breached sector.

Yet, 64% of respondents believe that regulatory compliance is ‘very’ or ‘extremely’ effective at preventing data breaches. So much so, that the healthcare organizations (51%) spent more money than other sectors (44%) to ensure security compliance.


Encryption: discrepant planned and actual spending

A majority (83%) of global healthcare respondents plan to increase security spending, a figure higher than the global average. Despite that, only 40% of those respondents are increasing their spending for data-at-rest security tools. Viewing the report as a whole, the discrepancy is perplexing – especially when the General Data Protection Regulation (GDPR) is due to be enacted this year, data sovereignty will be the top issue for multinationals. For the rest of the world, encryption is the first choice to comply with privacy regulations (36%). Non US-based healthcare organizations also see data-at-rest measures, such as encryption or tokenization, and data-in-motion measures as the go-to tool to protect sensitive data. On the contrary, US healthcare organizations rank data-at-rest measures as the second least effective data protection.

Peter Galvin, Chief Strategy Officer, Thales e-Security says:

“When it comes to data security, the global healthcare industry is increasingly under duress, which is why some of this year’s findings are so counterintuitive. For example, 63% of global respondents are investing money in endpoint security, even though it offers little help in protecting data once perimeters have been breached. Data security spending needs to match healthcare’s reality – which is that of an industry embracing digitally transformative technologies – in the form of investments in encryption solutions offering protection to known and unknown sensitive data that has moved beyond the traditional four walls of the healthcare environment.”

Please download a copy of the new 2018 Thales Healthcare Data Threat Report for more detailed security best practices.