An analysis of 98 healthcare organizations reveals that stale user accounts, shadow AI, and misconfigured cloud services create significant vulnerabilities as AI adoption grows.
A new data security report indicates that 90% of healthcare organizations have sensitive data dangerously exposed to AI tools, highlighting significant security gaps as the industry increasingly adopts artificial intelligence. The findings come from the 2025 State of Data Security Report: Healthcare & Life Sciences by Varonis, which analyzed nearly 1 billion files across 98 healthcare, biotech, and pharmaceutical organizations.
The report identifies several areas of critical risk, noting that security measures are struggling to keep pace with AI integration. According to the analysis, 95% of organizations have exposed sensitive cloud data that can be surfaced by AI tools like Microsoft 365 Copilot. On average, an organization had over 48,000 folders with sensitive data exposed to all employees.
A key issue identified is the prevalence of “ghost users”—stale but enabled accounts for former employees or contractors. The report found that 100% of the organizations studied had active ghost user accounts, which can be used by attackers to access data without triggering alarms. The average organization had 14 stale users with administrative roles and over 160,000 stale access permissions.
Shadow AI and Identity Management Gaps
The use of unauthorized generative AI applications, or “shadow AI,” presents another major risk. The analysis found that 64% of organizations have employees using unsanctioned apps. These tools can bypass corporate governance and IT oversight, increasing the potential for data leaks and non-compliance with regulations such as HIPAA and GDPR.
Identity and access management also emerged as a significant vulnerability. The report found that 34% of organizations have users with passwords that never expire, and the average organization had over 1,000 enabled users with expired passwords. This lack of enforcement for multi-factor authentication leaves accounts vulnerable to common cyberattacks. The report references the 2024 Snowflake breach, where hackers leveraged stolen credentials and missing MFA to access customer data.
The report also details risks specific to common enterprise platforms:
- Microsoft 365:Â 90% of organizations have sensitive files exposed to all employees via M365 Copilot, and only one in five healthcare organizations actively label their files for proper data governance.
- Salesforce:Â A high number of users have strong administrative permissions, with the ability to install custom applications or create public sharing links that could expose internal data to AI web crawlers.
To address these risks, the report recommends that organizations focus on reducing their “blast radius” by locking down permissions, treating data security as a foundation for AI security, and using AI-powered tools to automate threat detection and data classification.
ID 352474078 | Ai © Waingro | Dreamstime.com
