Thales eSecurity Blog

Multi-cloud use by healthcare providers puts patient data at risk

Andy Kicklighter
Andy Kicklighter | Director of Product Marketing More About This Author >

As a result of government mandates, the need for greater efficiency, and the desire to enable better patient care, U.S. healthcare organizations are nearly universal in the adoption of digital transformation technologies (cloud, SaaS applications, big data, IoT, digital payments, containers, and blockchain). But digital transformation also introduces the potential to put patients’ sensitive financial and healthcare data at risk by changing where and how data needs to be secured. And the cloud is arguably the most daunting of these environments, and the most widely deployed.

This year’s Thales Data Threat Report-Healthcare Edition shows that cloud usage in the U.S. continues to proliferate rapidly:

  • Over 90% of all healthcare respondents said they plan to use all three of the common cloud environment types – Infrastructure as a Service (IaaS), Software as a Service (SaaS) and Platform as a Service (PaaS) – within 12 months. The highest of any vertical that we measured.
  • Moreover, these deployments won’t be to just one vendor or one platform: 47%+ report that they will use three or more IaaS or PaaS environments, and 61% that they will use 26 or more SaaS environments.
  • Overall, 80% report that they will also use sensitive data within at least one of these cloud environments.

This level of multi-cloud usage greatly compounds the difficulties of protecting a patient’s sensitive data, as each environment (and often each implementation within the environment) can require a unique data security approach.

Healthcare Multi Cloud

Tools that reduce multi-cloud data security complexity are critical

With multi-cloud use, managing, controlling and monitoring data security across all of these environments becomes a critical problem. As a result, it’s not surprising that complexity was identified by 46% of respondents as a top barrier to data security deployment.

Healthcare IT Security

At the same time, analysis of this year’s results showed that the percentage of healthcare organizations increasing IT security spending declined. Only 54% reported increases in spending, which is well down from last year’s 84%. With increased complexity in data environments and funding increases tapering off, healthcare organizations will need to get the highest possible return from their IT resources and spending. Data security platforms and service offerings that can help organizations manage the complexity of spanning cloud, on-premises and other environments are critical to meeting these needs.

Encryption technologies are the top tools needed – and healthcare’s data encryption usage for critical systems is low

Encryption and tokenization solutions provide some of the strongest protection in today’s data threat environment, and respondents seem to understand this. Forty-six percent of respondents chose data encryption as the top technology needed to alleviate data security concerns for cloud environments.

Encryption

But results showed that today, U.S. healthcare rates of encryption usage to protect data are low – below 38% for every critical data center and digitally transformative technology.

 Data Encryption

Compounding the problem is how big a target is painted on healthcare organizations because of the value of patient information. Private patient data sets don’t lose their value quickly like credit card data – it’s a premium data source when acquired by hackers that can come back to haunt patients years later.

For more key findings and security best practices, download a copy of the new 2019 Thales Data Threat Report – Healthcare Edition. Thales will also host a webinar on Thursday, Sept. 12 at 2:00 p.m. ET about “The State of Data Security in Healthcare.” To join, please visit the registration page.