The insider risk within healthcare

April 1, 2021

Hospitals, biotech firms and pharma companies are entrusted to protect sensitive information, including personal patient data and valuable proprietary research, from skilled adversaries looking to grab sensitive data to steal, sell, or extort. Unfortunately, some of that threat can be within the organization.

In the 2021 Healthcare Data Risk Report from Varonis, analysts examined the state of data security – on-premises, cloud, and hybrid environments – for healthcare organizations including hospitals, biotech and pharmaceutical firms. The report analyzed a random sample of Data Risk Assessments for 58 companies—and a total of 3 billion files–to determine how data is exposed and at risk.

Here are just a few key findings:

Nearly 20% of all files are open to every employee.
The average healthcare organization has 31,000 sensitive files (including ones that include HIPAA-protected information, financial data, and proprietary research) open to everyone.
On average, more than 1 in 10 sensitive files are open to every employee.
77% of the companies we surveyed have 500 or more accounts with passwords that never expire.

The full report has more insightful findings, along with a case study of an urgent care clinic operator.

With the advent of Internet of Things (IoT) technology and Industrial Internet of Things (IIoT), the cyber security practices are increasingly getting integrated with the physical security practices.

We will provide insight on NDAA Section 889 and how the act has evolved and impacted business, so that organizations can better mitigate risk and stay compliant.