Data risk report shows healthcare worker has access to 31,000 sensitive files on first day of work

By | March 31, 2021

UK cybersecurity firm, Varonis has released a data risk report, which focuses on the issue of unrestricted data in the healthcare industry.

The ‘2021 Data Risk Report: healthcare, Pharma & Biotech’ report underscores the importance of data security as organisations manage the security gaps created from remote working and cloud migration.  

The data is compiled using data analysis of three billion files across 58 organisations and examines the state of data security on-premises, cloud, and hybrid environments for healthcare organisations including hospitals, biotech and pharmaceutical firms. 


Health organisations such as hospitals, biotech firms and pharmaceutical companies are entrusted to protect sensitive information such as HIPAA-protected information, financial data, and proprietary research.

This can include personal patient data that may be appealing to cybercriminals looking to obtain sensitive data to sell or extort from victim organisations. Someone with unrestricted access to file shares can copy, change, or delete thousands or even millions of documents.

Highlighting that the average healthcare worker has access to 31,000 sensitive files on their first day of work, the report found that near 20% of all files are open to every employee, which is on average more than 1 in 10 sensitive files. Furthermore, 77% of the companies surveyed have 500 or more accounts with passwords that never expire.

Other key findings from the report revealed the following facts:

  • Password hygiene:  2/3 of healthcare organisations have over 500 passwords that never expire. 
  • Stale data: On average, 79% of all data is stale.
  • Overexposure: 1/10 sensitive files are open to every employee.
Read More:  Does the dubrow diet plan work?


Meanwhile, the WHO has warned about fake COVID-19 vaccines on the black market as forged vaccination certificates and fake negative tests are reportedly available for purchase.

Earlier this month, access management security technology vendor, BeyondTrust released its 2021 Microsoft Vulnerabilities Report, which identifies the key threats for the Microsoft ecosystem and includes the latest breakdown of Microsoft vulnerabilities by category and product.


Matt Lock, Varonis’s technical director, told Healthcare IT News: “Hospitals are lucrative targets for cybercriminals – from insiders seeking valuable information to well-funded attackers seeking medical data to steal and hold for ransom. Healthcare organisations must manage vast quantities of information but often struggle with issues around open access—information left open to far too many people. When attackers strike, they can move through an IT network just like an authorised employee unless measures have been taken in advance to restrict access

The report highlights how data is overexposed is the healthcare space. In healthcare, minutes count. The same is true in cybersecurity. With ransomware, organisations typically have a tiny window to spot and stop an attack from laying waste to invaluable patient data. Attackers will follow the money, and unfortunately, healthcare has a target on its back. Overexposure will impact the security landscape for many years to come and the healthcare industry has the most to lose.”

News from