Sept. 7, 2022
ClearDATA, a managed-cloud and defense provider, has released “The 2022 State of Cloud Security Among Healthcare Providers.” Available now, the report examines the state of that market’s cloud cybersecurity hygiene and investments, how it is collectively evolving in an era of both increasing risks and regulation and where improvements can be made.
ClearDATA collected survey data from over 200 IT, security and compliance leaders at health organizations ranging from health systems, hospitals, healthcare providers, home healthcare organizations and ambulatory practices, according to a press release that provided details about the survey results. The fieldwork was conducted May-June 2022.
The data reveals a confident industry that is, in fact, largely unprepared for breaches to cloud-based data, despite the elevated risk. While many providers believe their cloud infrastructure is secure, the reality is that significant gaps in technology and digital hygiene practices leave vulnerable private health data unprotected against the ever-growing risk of cyber-attack.
Healthcare providers may be overconfident in their cloud maturity and cybersecurity preparedness
While providers are optimistic about the security of their cloud infrastructure, this degree of confidence may not accurately reflect cybersecurity preparedness. As many as 85 percent of respondents expressed confidence in their cloud security and compliance program but, tellingly, there was a significant disparity between how C-level executives and other levels of management characterized their cloud maturity, indicating those further away from day-to-day realities may overestimate their assessment of security posture.
Other Articles to Explore
Cybersecurity is the top barrier to cloud adoption for midsize providers
Healthcare providers know that cybersecurity must remain a top priority to safeguard patient care and outcomes in today’s digitally connected world. Yet, cybersecurity is also the primary stumbling block preventing those organizations from pursuing digital transformation. The majority of respondents (56 percent) named cybersecurity as their biggest barrier to cloud adoption, with smaller provider organizations, who may have fewer resources to manage the complexity of cloud migration and security, more likely to identify it as a barrier.
Larger and more advanced provider organizations outsource security and compliance solutions
As patient data becomes increasingly digital, many providers are struggling to manage security and compliance solutions on their own. One-third (33 percent) of respondents fully outsource management of compliance and security measures in the cloud, with larger and more advanced providers more likely to outsource. This data indicates that, even with greater internal resources, providers still recognize the value of partnering with third-party experts to manage their cloud migration—even more so as the complexity grows for those in more advanced stages of the modernization journey.
Cybersecurity budgets are up as providers strive to protect patient outcomes and remain compliant
With cyber threats and compliance regulations on the rise, providers are proactively increasing their security budgets to match. According to respondents, 71 percent of budgets grew compared to the previous year. In the vast majority of cases, the decision to increase budget was made proactively to prevent key security concerns—including data leaks, breaches, ransomware and phishing—as well as to help providers meet evolving regulatory requirements.
“Healthcare is modernizing at an unprecedented pace, migrating to the cloud and embracing the many benefits of digital health. But, healthcare providers are new to the cloud, and the industry still has a long way to go to achieve the foundational level of security needed to keep patient data safe,” said Chris Bowen, founder and CISO at ClearDATA. “Going forward, every provider must implement the basics of cybersecurity blocking and tackling within their organization, and seek outside support from cloud experts as needed to effectively modernize their healthcare delivery without sacrificing the security of their patients.”