Recommended reading

Healthcare workers are making a worrying amount of security mistakes at work

News
By published

Healthcare workers are being careless with data, report claims

healthcare
(Image credit: Rawpixel / Pixabay)
  • Netskope report find almost all healthcare workers use AI tools trained on user data
  • HIPAA-protected information, passwords, IP and more at risk
  • Organizations need to approve AI tools more quickly

New research from Netskope has blamed healthcare workers for putting their companies at risk by regularly attempting to upload sensitive and regulated data to unapproved locations, including generative AI chatbots like ChatGPT and Gemini.

Highlighting the extent of unapproved tool usage, the report revealed that 96% of respondents used apps that leverage user data for training.

Besides the use of unapproved GenAI tools, many violations also stemmed from uploads to personal OneDrive or Google Drive cloud storage accounts.

Healthcare workers are putting your data at risk

The figures claim 81% of all data privacy violations involved regulated healthcare data such as HIPAA-protected information, while 19% involved passwords, source code or intellectual property.

More than two-thirds of GenAI users in healthcare also admitted to using their personal AI accounts to send sensitive data while at work, potentially alluding to their frustration regarding confusing regulation and delayed processes.

Netskope noted, "this behavior is hindering security teams' visibility over GenAI-related activity among their staff."

"Healthcare organisations must balance the benefits of genAI with the deployment of security and data protection guardrails to mitigate those risks," explained Netskope Threat Labs Cloud Threat Researcher Gianpietro Cutolo.

Looking ahead, the research calls for faster deployment of organization-approved GenAI applications in order to reduce the use of shadow AI – a trend that is already starting to slow down, reducing from 87% to 71% over the past year.

Data Loss Prevention (DLP) policies are also an effective strategy to monitor and control access to GenAI applications, with more than half (54%) of organizations now using DLP policies compared with 31% last year.

Cutolo summarized: "Healthcare organisations are making progress, but continued focus on secure, enterprise-approved solutions will be critical to ensure data remains protected in this evolving landscape."

You might also like

Craig Hale
Craig Hale

With several years’ experience freelancing in tech and automotive circles, Craig’s specific interests lie in technology that is designed to better our lives, including AI and ML, productivity aids, and smart fitness. He is also passionate about cars and the decarbonisation of personal transportation. As an avid bargain-hunter, you can be sure that any deal Craig finds is top value!

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.