Skyhigh Security released the Skyhigh Security Cloud Adoption and Risk Report, Healthcare Edition, showing that the healthcare sector lags behind in cybersecurity investment despite the risks it faces.

The report investigates the state of cloud security in healthcare organizations, including patient care facilities and healthcare technology companies.

While healthcare parallels other sectors in cloud adoption trends, it faces distinct obstacles regarding data security and trust in the cloud, according to Skyhigh. Cyber attackers often target healthcare organizations to attempt to steal highly prized data, such as personal health information (PHI), insurance claims data, clinical trial information, and unfortunately, they’re often successful.

The report shows that 86% of healthcare organizations have experienced data theft compared to only 80% across all industries. Software-as-a-Service (SaaS) security issues are also rising far more quickly in this sector than others. But despite the elevated threat level, only 51% of healthcare organizations are committed to investing more in cybersecurity, versus 56% across all industries.

To keep sensitive data secure and private, the healthcare sector has been hesitant to embrace cloud services. While other industries have seen a 50% average uptick in cloud services in use, the adoption rate in healthcare is only half of that, at 25%. However, there’s been steady movement to increase utilization. Although the healthcare industry still stores the least amount of sensitive data in the public cloud (47%) compared to all industries (61%), they are up from only 35% in 2019.

“Apprehension about cloud security remains high in the healthcare sector, but there are a variety of factors making greater trust in the cloud necessary—such as the increase in hybrid work and anytime, anywhere collaboration,” said Rodman Ramezanian, global cloud threat lead at Skyhigh Security. “Healthcare organizations have historically stored sensitive data on premises, but there’s been a shift to cloud and hybrid providers. By adopting unified, zero trust cloud security solutions, organizations can increase cloud use without putting sensitive data at risk and allow their leaders to focus on what’s most important—supporting the health and wellbeing of our communities.”

While healthcare’s adoption and trust in the cloud is trending in the right direction, the sector lacks critical visibility into who is using sensitive data, where it’s being stored and how secure their apps and services are. For example, healthcare organizations perform audits of their applications less frequently than their peers in other sectors and are less likely to use identity and access management to monitor access to resources. Other top challenges for healthcare include the following: Shadow IT, complex or outdated infrastructure, IT budget constraints, and cybersecurity talent shortages.

On the bright side, healthcare organizations recognize their heightened cybersecurity risks and are taking action to reduce data threats. The report finds that healthcare is most likely of all sectors to deploy data loss prevention (DLP) and encryption solutions, at 30% versus 23% for all industries. Like its peers, 40% of the healthcare sector is interested in adopting a zero trust approach.

The research presented in the report points to the advantages of a single, centralized Security Service Edge (SSE) solution that simplifies cloud security and enables security teams to apply consistent data protection controls and policies across the web, cloud, and private apps—from anywhere, any application, and any device.