News Releases

2017 Thales Healthcare Data Threat Report: Organizations Spending Big on Cyber-Security
Digitization of healthcare records contributing to data security risks

SAN JOSE, Calif., Feb. 21, 2017 /PRNewswire/ -- Thales, a leader in critical information systems, cybersecurity and data security, announces the results of its 2017 Thales Data Threat Report, Healthcare Edition, issued in conjunction with analyst firm 451 Research. Eighty-one percent of U.S. healthcare organizations and 76 percent of global healthcare organizations will increase information security spending in 2017. These numbers are reflective of an industry undergoing rapid technological and social change in the form of electronic health records and increasingly digitized personal health data.

Click to Tweet: Digitization of #healthcare leading to sensitive data risks #2017DataThreat

The Double-Edged Sword of Digitization
In the U.S., government regulations such as the HITECH Act's Electronic Patient Care Reporting (ePCR) requirements are driving healthcare organizations to digitize their data. While this digitization creates efficiency, it comes at a hefty price: individual healthcare data is exposed to more people, in more places and on more devices, including smartphones, laptops and increasingly, Internet of Things (IoT) devices.

Despite the risks that come from increased access points, 60 percent of U.S. healthcare respondents reported their organization were deploying to cloud, big data, and IoT or container environments without adequate data security controls. The healthcare industry is also adopting some of these technologies for sensitive data use wholesale, with 69 percent of U.S. respondents leveraging SaaS, 59 percent big data, 46 percent mobile and 35 percent IoT environments. These numbers may explain why 90 percent of U.S. healthcare respondents feel vulnerable to data threats and why cybersecurity spending increases by U.S. healthcare companies leads that of all other vertical markets surveyed, including the government and financial sectors.  

Compliance Playing Location-Dependent Role
Compliance requirements also drive data security decision-making in U.S. healthcare, with 57 percent of respondents listing it as the top spending impetus. But, compliance ranks near the very bottom of spending drivers among global healthcare respondents. Instead, the top two motivations for security spending are "preventing data breaches" (39 percent) and "protecting reputation and brand" (also 39 percent). These findings further underscore the differences between the United States' privately focused healthcare system, and its emphasis on regulations like HIPAA-HITECH, EPCS and others versus areas of the world where healthcare is less regulated or primarily government-operated.

Encryption Playing Larger Role in Healthcare Data Protection
Across the board, encryption is the technology of choice when it comes to protecting sensitive data residing within cloud, IoT and container environments. Sixty-five percent of U.S. healthcare respondents and 58 percent of global healthcare respondents opt to encrypt data in the public cloud, with the survey yielding similar numbers for IoT data (59 percent U.S.; 58 percent global) and container data (58 percent U.S.; 60 percent global).

Data sovereignty, a hot topic in light of concerns about new privacy regulations and government snooping, is also spurring encryption adoption. The technology is the clear choice for satisfying local data privacy laws such as the EU's General Data Protection Regulation (GDPR) by 66 percent of global healthcare respondents.

Despite the healthcare industry's growing interest in encryption, many organizations remain stubbornly focused on network and endpoint security. Network security is still the top choice for U.S. healthcare spending by a wide margin (69 percent), compared to 53 percent of global respondents. Endpoint security, at 61 percent, isn't far behind. While network and endpoint technologies are a required element of an organization's IT security stance, they are increasingly less effective at keep external attacks at bay, and in securing cloud, big data, IoT and container deployments – which result in data being distributed, processed and stored outside corporate network boundaries.

Peter Galvin, VP of strategy, Thales e-Security says:
"Globally and in the U.S., healthcare companies are under pressure. In Europe, we see data sovereignty's impact on security decision-making. In the U.S., digital innovation is transforming the way patient information is created, shared or stored. For healthcare data to remain safe from cyber exploitation, encryption strategies need to move beyond laptops and desktops to reflect a world of internet-connected heart-rate monitors, implantable defibrillators and insulin pumps. Adhering to the security status quo will create vulnerabilities that lead to breaches, and further erode customer trust."

Healthcare organizations interested in improving their overall security postures should strongly consider:

  • Deploying security tool sets that offer services-based deployments, platforms and automation
  • Discovering and classifying the location of sensitive data, particularly within IoT and container environments
  • Leveraging encryption and "Bring Your Own Key" (BYOK) technologies for the cloud and other advanced environments

Please download a copy of the new 2017 Thales Healthcare Data Threat Report for more detailed security best practices.

Visit Thales at booth #7082, HIMSS Conference, Orlando, Florida, February 19-23, 2017.

For industry insight and views on the latest key management trends check out our blog

Follow Thales e-Security on Twitter @Thalesesecurity, LinkedIn, Facebook and YouTube.

About Thales e-Security
Thales e-Security is the leader in advanced data security solutions and services, delivering trust wherever information is created, shared or stored. We ensure that company and government data is secure and trusted in any environment – on premise, in the cloud, in data centers and in big data environments – without sacrificing business agility. Security doesn't just reduce risk, it's an enabler of the digital initiatives that now permeate our daily lives – digital money, e-identities, healthcare, connected cars and with the internet of things (IoT) even household devices. Thales provides everything an organization needs to protect and manage its data, identities and intellectual property and meet regulatory compliance – through encryption, advanced key management, tokenization, privileged user control and meeting the highest standards of certification for high assurance solutions. Security professionals around the globe rely on Thales to confidently accelerate their organization's digital transformation. Thales e-Security is part of Thales Group.  

About Thales
Thales is a global technology leader for the Aerospace, Transport, Defence and Security markets. With 62,000 employees in 56 countries, Thales reported sales of €14 billion in 2015. With over 25,000 engineers and researchers, Thales has a unique capability to design and deploy equipment, systems and services to meet the most complex security requirements. Its exceptional international footprint allows it to work closely with its customers all over the world.

Positioned as a value-added systems integrator, equipment supplier and service provider, Thales is one of Europe's leading players in the security market. The Group's security teams work with government agencies, local authorities and enterprise customers to develop and deploy integrated, resilient solutions to protect citizens, sensitive data and critical infrastructure.

Thales offers world-class cryptographic capabilities and is a global leader in cybersecurity solutions for defence, government, critical infrastructure providers, telecom companies, industry and the financial services sector. With a value proposition addressing the entire data security chain, Thales offers a comprehensive range of services and solutions ranging from security consulting, data protection, digital trust management and design, development, integration, certification and security maintenance of cybersecured systems, to cyberthreat management, intrusion detection and security supervision through cybersecurity Operation Centres in France, the United Kingdom, The Netherlands and Hong Kong.

The data in this study is based on Web and phone interviews of 1,105 senior executives in Australia, Brazil, Germany, Japan, the U.K. and the U.S. Most have a major influence on or are the sole decision maker for IT at their respective companies.

Respondents represented the following industries: automotive; education; energy; engineering; federal government; healthcare; IT; retail; and telecommunications.


For further information: Dorothée Bonneil, Thales Media Relations - Security, +33 (0)1 57 77 90 89,; Liz Harris, Thales e-Security Media Relations, +44 (0)1223 723612,