Health care providers' cyber vulnerabilities trend higher


Illustration: Sarah Grillo/Axios
As health care providers digitize and move to the cloud, many organizations are not adequately protecting themselves from ever-growing cyber threats.
Why it matters: Besides the need to meet heightened compliance requirements, the gap between technology and digital hygiene practices is putting patient information increasingly at risk, according to a newly published ClearDATA report.
What they're saying: While the healthcare industry is modernizing rapidly, "health care providers are new to the cloud, and the industry still has a long way to go to achieve the foundational level of security needed to keep patient data safe,” said Chris Bowen, founder and CISO at ClearDATA.
- Gus Malezis, CEO of Thoma Bravo-backed digital identity technology company Imprivata, told Axios in March that cyber threats had escalated by at least 50% to 60% over the previous 24 months.
By the numbers: 56% of respondents surveyed by ClearDATA identified cybersecurity as the No. 1 barrier to cloud adoption and digital transformation.
- 33% of respondents fully outsource management of compliance and security measures in the cloud. The larger and more advanced the provider, the more likely it outsources.
- 71% of providers increased their security budgets in the most recent year.
Context: The survey data was gathered from May to June 2022 from more than 200 IT, security and compliance leaders across various constituents in the health care ecosystem: hospitals and health systems, providers, home health organizations and ambulatory practices.
State of play: Cyber threats only elevated through the pandemic as health IT departments were hyper-focused on addressing COVID-related issues.
- Imprivata, for its part, addressed the issue in part with its recent acquisition of SecureLink, which enables appropriate access to non-employee third-party vendors at hospitals that are using devices. (Inadequate controls around third-party contractors account for 51% of data breaches, per Axios' previous report.)
- Insurance providers have also become more demanding, Malezis said previously, "because of the advent of heavy ransomware and the expense of recovering those systems and the expense of recovering [from] general hacks."