There is a significant disparity in how management and C-suite executives assess their organizations' cloud-based cybersecurity, and how secure they really are, according to the new ClearDATA 2022 report, "A False Sense of Cybersecurity."

WHY IT MATTERS

Despite the high level of the risk of data-hacking experienced in the healthcare space, the Austin-based cloud provider not only found the healthcare leaders it surveyed to be overly optimistic, but also that many of the larger provider organizations outsource their security and compliance.

Of the 200 IT, security and compliance leaders from hospitals and health systems, 85% responded with confidence in their cloud security and compliance programs.

"While many providers believe their cloud infrastructure is well secured, the truth is they still have a long way to go to meet the minimum threshold for effective protection against an increasing attack surface," said ClearDATA researchers in the report.

Many providers struggle to manage security and compliance on their own, the report showed. The continued digitizing of patient data is a factor, with 33% of respondents fully outsourcing in the cloud. Those with larger teams and more funding reported being able to progress further into cloud adoption.

In order to prevent data breaches, protect against ransomware and phishing, and comply with regulatory requirements, 71% of the healthcare IT leaders surveyed indicated cybersecurity budgets grew in 2022. 

Though they reported being prepared or "totally prepared" for security incidents, many still do not employ industry best practices – including backing up data and multifactor authentication for passwords. 

Fewer have formed hierarchical cybersecurity policies or have taken steps to ensure IoT security, although 58% perform mock breach exercises regularly. The rest do so rarely, or never. And only 49% of those surveyed monitor third-party access to data.

Cybersecurity is also the primary stumbling block preventing midsize organizations from pursuing digital transformation, according to 56% of respondents. Other cloud adoption barriers cited were budget (35%), data management (32%), compliance (32%) and lack of expertise (17%).

"These results underscore the complexity of navigating cloud migration, particularly, the accumulating cybersecurity implications that come with each new digital technology a provider adds – all of which smaller providers may be less equipped to manage on their own," ClearDATA researchers said in the report.

Overall, 47% of the respondents indicated they use a combination of in-house and external expertise for security and compliance.

"Going forward, every provider must implement the basics of cybersecurity blocking and tackling within their organization, and seek outside support from cloud experts as needed to effectively modernize their healthcare delivery without sacrificing the security of their patients," Chris Bowen, founder and CISO at ClearDATA said in a prepared statement.

THE LARGER TREND

With cybersecurity budgets at an all-time high, many healthcare providers are focused on taking steps to protect patient data and their organizations against cyberattacks. 

Though healthcare is challenged by cloud adoption, cloud tools that detect, prevent and address privacy and security gaps can serve as a barrier against cyberattacks. 

But while the cloud offers the opportunity to improve patient outcomes by driving faster innovation and lowering costs, healthcare with all its physical assets, like medical devices, generally operates in a hybrid cloud state where security risks continue to evolve. 

The complexities of securing a hybrid cloud, with blind spots between infrastructure, can expose a healthcare organization to outside data breaches and other attacks. 

Partnering with outside organizations in multi-cloud environments requires a significant risk assessment. Engaging cloud services and introducing cloud-enabled medical devices into healthcare ecosystems requires teams to understand data risks at each stage – processing, transmitting and storing data. 

ON THE RECORD

"Healthcare is modernizing at an unprecedented pace, migrating to the cloud and embracing the many benefits of digital health," said Bowen. "But, healthcare providers are new to the cloud, and the industry still has a long way to go to achieve the foundational level of security needed to keep patient data safe."

Andrea Fox is senior editor of Healthcare IT News.
Email: afox@himss.org
Healthcare IT News is a HIMSS publication.