Article
Technology & AI

Healthcare firms leaving "thousands of sensitive files open"

By Leila Hawkins
March 31, 2021
undefined mins
New report by Varonis finds that thousands of confidential files are being left open, creating a security risk...

A new report on data risk in healthcare, pharmaceuticals and biotech has found that many organisations have serious security gaps exposing them to risks. 

The report, by data security and analytics firm Varonis, includes data from global healthcare organisations in the UK, US, France and Germany, compiled using data analysis of 3 billion files across 57 organisations.

It revealed that overexposed data and an increased number of highly sophisticated cyber attacks have made healthcare one of the most at-risk sectors in 2021. 

It also highlights the importance of how organisations manage the security gaps created by remote working and cloud migration. When companies have obvious gaps like passwords that never expire and folders containing sensitive data open to every employee, their risks increase.  

Key findings from the report include: 

  • 2/3 of healthcare organisations have over 500 passwords that never expire   
  • On average, 79% of all data is stale  
  • Nearly 20% of files are open to every employee in healthcare organisations (on average)
  • 31,000 sensitive files (HIPAA + financial + proprietary research) are open to everyone
  • Over 50% of organisations have more than 1,000 sensitive files open to every employee

Smaller organisations in particular had a concerning amount of exposed data, including sensitive files, intellectual property and patient records. On their first day, new employees at small companies have instant access to over 11,000 exposed files, and nearly half of these contain sensitive data. This creates a massive attack surface and increases the risk of noncompliance in the event of a data breach; the average data breach cost $7.13 million in 2020, a 10.5% increase on the year before. 

To tackle increasingly malicious cyberattacks, the report concludes that hospitals, pharmaceutical companies, and biotech firms need to double down on their incident response procedures and mitigation efforts. Restricting access, locking down sensitive data, and restricting lateral movement in their environments are the bare minimum measures they must take to protect their data. 

data securityCyber AttacksCybersecurity
Share
Share

Featured Articles

Vaccine Breakthrough on Antibiotics Resistant Diseases

As researchers report breakthrough on vaccine against MRSA bacteria, we look at which pharmas are working on vaccines to combat antimicrobial resistance

Oracle Fusion Cloud Update Boost for Patients

Oracle Fusion Cloud SCM includes new Healthcare Marketplace solution to help hospitals & clinics optimise planning, automate processes and improve outcomes

WHO Tightens air Quality Guidelines as Pollution Kills 7mn

World Health Organisation tightens air pollution guidelines to safeguard health; COVID prompts WHO to redefine 'air-borne' as it relates to diseases

WHO Health Chatbot Built on 'Humanised' GenAI

Digital Healthcare

Costco Weight-Loss Drugs Move Highlights US AOM Growth

Medical Devices & Pharma

AstraZeneca Company Profile, as CEO Soriot Lands pay Deal

Medical Devices & Pharma