Growing Use of the Cloud in Healthcare Can Be Challenge to PHI Protection

The cloud is replacing on-premises infrastructures, however, healthcare continues to lag compared to other industries for cloud usage. Cloud usage has expanded in medical care since the pandemic because hybrid working acquired substantial ground. To aid a hybrid workforce, enhance efficiency, and reduce costs, more and more healthcare providers have begun their move to cloud hosting and data storage.

Based on Skyhigh Security’s Cloud Adoption Report – Healthcare Version, close to 50% of companies through all industries have accepted cloud-based solutions, however, the figure falls to 25% of healthcare companies. Among all industries, healthcare companies save the least volume of sensitive information in the cloud, with just 47% of healthcare companies utilizing the cloud for storing sensitive information in comparison to 61% throughout all sectors.

The healthcare market accumulates massive volumes of sensitive information that data is exceedingly valuable to cybercriminals, thus the increase in cyberattacks. The most recent numbers from the HHS’ Office for Civil Rights breach website indicate that there were 463 big data breaches (involving 500 and up records) in 2023 up to August 31, 357 of the breaches involved hacking. Over 71 million data records were breached to date this 2023, 67.7 million of which were compromised because of cyberattacks and other IT occurrences.

Healthcare companies need to make sure they are HIPAA compliant. Protected health information (PHI) must be secured all the time and consistently accessible. Protecting information and making sure of continuous availability is simpler when PHI is kept inside the corporate system. When PHI is kept in several cloud applications, safeguarding PHI and locating and dealing with security problems is a big problem and with cyber threat actors targeting the healthcare market, it is clear that there’s a concern regarding cloud services.

Healthcare could have been hesitant to adopt the cloud, however, usage has expanded considerably in recent times. In 2019, healthcare companies utilized about 19 public cloud services however employed about 24 in 2022. A number of the greatest increases have been in using programs and services such as Amazon Web Services, Google, and Microsoft SharePoint. The usage of these services in healthcare is greater than in other industries. For example, Google cloud services are employed by 76% of healthcare companies when compared to 63% throughout all industries.

As cloud solutions usage has grown, so do security problems. 19% of healthcare organizations reported SaaS security problems in 2022, unlike 10% across all industries. The most typical security problems reported by healthcare companies were shadow IT or the usage of cloud sources beyond the field of vision of the IT section; the absence of visibility into the information saved in cloud programs; a failure to evaluate the safety of the application cloud provider’s procedures; and a shortage of employees with the required skills to handle security for cloud programs.

The number of healthcare companies that mentioned shadow IT was impacting their capability to maintain data security grew by 25% from 2019 to 2022 as 74% mentioned it as a security problem. To help deal with this problem, 43% of healthcare companies stated they make use of cloud access security broker (CASB) options, a bit more compared to other industries. Based on Skyhigh Security, 30% of companies in the industry depend on data loss prevention options and encryption, in comparison to 23% of companies throughout all industries. Cybersecurity must be prioritized because of the regularity with which healthcare companies are attacked. Based on the report, 76% of healthcare companies have encountered a cybersecurity attack, threat, and theft of data.

Although the use of encryption, DLP, and CASB is serving to boost security, the report indicates there are certain parts where security must be upgraded. Firewalls and web gateways need attention and Skyhigh Security’s information shows regular audits of cloud apps are less probably performed in healthcare compared to other industries. Healthcare companies are likewise less likely to utilize identity and access management services and prevent access to unauthorized cloud solutions.

The healthcare industry, while having the same trends in cloud usage as other industrial sectors, deals with unique challenges when it comes to data safety and confidence in cloud services. Healthcare companies are common targets for cyberattacks with the intention to steal valuable information such as PHI, insurance claims, and clinical trial information, stated VP Thyaga Vasudevan at Skyhigh Security. In spite of these higher risks, just 51% of healthcare companies are sold on raising their cybersecurity funding, in comparison to 56% in other industries. Skyhigh Security’s Cloud Adoption and Risk Report shows more interesting information on the security threats that the healthcare sector faces and what must be done to offset them.

More investment in cybersecurity is required to control the growing number of cyberattacks and protect PHI. Healthcare companies likewise must work on minimizing the management problems of cloud security, particularly taking into consideration the problems healthcare companies have recruiting people with the required skills.

About the Author

Elizabeth Hernandez
Elizabeth Hernandez is the editor of HIPAA News. Elizabeth is an experienced journalist who has worked in the healthcare sector for several years. Her expertise is not limited to general healthcare reporting but extends to specialized areas of healthcare compliance and HIPAA compliance. Elizabeth's knowledge in these areas has made her a reliable source for information on the complexities of healthcare regulations. Elizabeth's contribution to the field extends to helping readers understand the importance of patient privacy and secure handling of health information. Elizabeth holds a postgraduate degree in journalism. You can follow Elizabeth on twitter at