92% healthcare institutions expect a hack

SoftwareOne, a leading global provider of software and cloud solutions, conducted research in the Netherlands on healthcare institutions and their cloud adoption, compliance with the NTA 7516 standard, and security. Respondents from nearly 30 large healthcare institutions were also asked about their use of innovative applications in healthcare. This shows that the willingness to comply with laws and regulations is great, but practice is still challenging.

Cloud environments in healthcare

In healthcare, the transition to cloud environments has increased in recent years. According to respondents, the main strategic considerations for choosing the cloud are the need for manageability, improved security capabilities, and the desire to innovate. Approximately 44% of healthcare applications used are in the cloud, with both public and private cloud being used. Remarkably: exactly where the stored data is located is not entirely clear to 35% of respondents, 4% indicate they have no idea at all.

NTA 7516 and data protection

Sharing information such as medical data via email or chat is only allowed if employees can communicate securely. This data protection standard, NTA 7516, was introduced a few years ago to protect all forms of healthcare data in the Netherlands. To comply with this and prevent data breaches, most healthcare institutions use an advanced email security solution (79%), but respondents indicate that Mobile Device Management (69%) and Endpoint Detection & Response (52%) are also deployed.

Cybersecurity as top priority

Security is taken seriously by healthcare institutions; 'cybersecurity is a top priority within our organization' says 73% of respondents. This group also finds that 'the knowledge level regarding cybersecurity of their employees in the IT department is of high quality'. This does not apply to all employees in healthcare, 85% believe that non-IT employees have little knowledge of security, 92% also realistically say 'that it's not a question of if we'll ever be hacked, but when'.

That a hack can lead to significant problems is evident from the fact that while all healthcare institutions have a data backup system, only half indicate that the disaster recovery procedure is tested regularly. Also, only 50% of healthcare institutions have a remediation plan for critical applications within the organization.

• 92% expect a hack. Almost all respondents realistically acknowledge that it's not a question of if they'll be hacked, but when.
• Only 50% have recovery procedure in order. Although all healthcare institutions have a data backup system, only half regularly test the disaster recovery procedure.
• 44% of healthcare applications in the cloud. The transition to cloud environments is increasing, but 35% don't know exactly where data is stored.

Innovation in healthcare under pressure

The use of innovative applications that can improve healthcare and reduce workload is becoming increasingly urgent due to the shortage of healthcare personnel. Healthcare institutions therefore find that employees spend too much time on administrative work (83%). Another stumbling block is that only 13% of employees have access to relevant data insights. Approximately two-thirds of healthcare institutions have therefore invested in tools that help with reporting and insights, PowerBI is also frequently mentioned. 38% are engaged with Artificial Intelligence, but typical healthcare innovations such as smart patches are also used by 28%. Many healthcare institutions would like to be more innovative, but don't get around to it because they're too busy with daily work (59%), or don't have sufficient budget (31%).

Points of attention for the healthcare sector