As the healthcare industry struggles to recover from countless data breaches that have cost millions of dollars, Metomic finds that many healthcare organisations are continuing to put their business—and patients—at risk of exposing their most sensitive data
London, England, July 24, 2024 – Metomic, a next generation data security and data loss prevention (DLP) solution for protecting sensitive data in cloud-based work environments and SaaS ecosystems, today released its “Healthcare Data Crisis - Uncovering the Alarming Gaps in Data Security and Compliance” report, offering deep insights on all the ways insecure file-sharing practices are putting healthcare organisations at risk of a data breach. Metomic revealed that 25% of publicly shared files owned by healthcare organisations contain Personally Identifiable Information (PII). Sixty-eight percent of private files that have been shared externally (giving access to people outside of the organisation) contained PII and 77% of private files shared internally.
While publicly shared files that contain highly sensitive data pose the biggest risk for healthcare organisations and underscore the need for data security and DLP tools, many of the access permissions for private files are never updated or removed. This leads to “stale data” living in places like Google Drive where multiple people continue to have access to files they no longer need or should not be able to retrieve, creating high-risk environments that could easily lead to a data breach.
Metomic’s findings are extremely alarming considering the spiralling trend of data breaches happening across the healthcare space, a highly regulated industry that must follow strict data standards and legislative policies such as HIPAA and GDPR. According to The HIPAA Journal, the healthcare industry experienced more data breaches in 2021 than any previous year. That upward trend has continued to rise. Not only did 2023 see a record number of data breaches, but also a record number of the “most breached records” with more than 133 million records exposed.
This year, the ransomware attack on Change Healthcare wreaked havoc across the industry, disrupting payments to hospitals, pharmacies, and healthcare providers for more than a week. UnitedHealth claims the attack will likely cost the company between $1.35 billion and $1.6 billion by the end of the year.
“The healthcare industry is plagued by rampant data breaches that are costing organisations millions of dollars and putting highly sensitive patient data and financial information at risk. After digging into these findings, it’s clear that healthcare security leaders need more resources, such as DLP solutions, and data security tools to overcome the vast number of data security challenges they face day-to-day,” said Rich Vibert, co-founder and CEO, Metomic. “Healthcare organisations need data security and DLP platforms that not only help protect highly sensitive information, but also provide tools to ensure employees are not inadvertently sharing data or giving access to files that put the organisation at risk. Metomic is designed for this exact need—we enable security teams to see where sensitive data is being stored and shared, and who has access to it. These data security tools are a must-have for today’s healthcare providers. It’s the only way to stop a data leak before it turns into a massive problem that could potentially put a healthcare organisation out of business.”
Another concerning trend identified by Metomic is the amount of payment card industry (PCI) information, such as credit card numbers and banking information, that is saved in publicly shared and external files. According to Metomic’s research, 1% of publicly shared files owned by healthcare organisations contain PCI—a number that, at first glance, seems relatively tiny, but 1% means that there are easily accessible files that contain highly vulnerable financial data.
Given the distressing number of data breaches happening across the healthcare space, it’s imperative that PCI data be heavily monitored at all times.
The full report, which also includes common file-sharing errors and DLP tactics to stop high-risk data from being exposed, can be downloaded on Metomic’s website at: “Healthcare Data Crisis - Uncovering the Alarming Gaps in Data Security and Compliance.”
About Metomic:
Metomic's data security software for SaaS, GenAI and cloud was born out of the frustration of its leaders trying to implement SaaS applications that make businesses more productive but are off limits because of high-risk security concerns. As a next generation security solution focused on cloud-based applications, Metomic gives security teams clear visibility into their organisation’s SaaS network to manage sensitive data and detect security threats, allowing businesses to take full advantage of their SaaS application network. To learn more visit www.metomic.io.
Media Contact:
Claire Wilson
claire.wilson@metomic.io