Varonis announces strategic partnership with Microsoft to accelerate the secure adoption of Copilot.

Learn more

The 2021 Healthcare Data Risk Report Reveals 1 Out of Every 5 Files is Open to All Employees

The Varonis 2021 Healthcare Data Risk Report found 20% of all files at hospitals, biotech firms and pharma companiesare open to every employee.
Rachel Hunt
1 min read
Published March 29, 2021
Last updated October 21, 2021

Hospitals, biotech firms and pharma companies are entrusted to protect sensitive information—from personal patient data to valuable proprietary research–from skilled adversaries looking to grab sensitive data to steal, sell, or extort from victim organizations.

As the saying goes, hackers only need to be right once. One successful phishing email can set off a ransomware chain reaction that encrypts every file it touches. A single insider with unrestricted access to file shares can copy, change, or delete thousands or even millions of documents.

To shine a light on data security in the life sciences space, we developed the 2021 Healthcare Data Risk Report. We examine the state of data security – on-premises, cloud, and hybrid environments – for healthcare organizations including hospitals, biotech and pharmaceutical firms. We analyzed a random sample of Data Risk Assessments for 58 companies—and a total of 3 billion files–to determine how data is exposed and at risk.

Here are just a few key findings:

  • Near 20% of all files are open to every employee.
  • The average healthcare organization has 31,000 sensitive files (including ones that include HIPAA-protected information, financial data, and proprietary research) open to everyone.
  • On average, more than 1 in 10 sensitive files are open to every employee.
  • 77% of the companies we surveyed have 500 or more accounts with passwords that never expire.

Read the full report: 2021 Healthcare Data Risk Report

👋 Want to find out if your data is putting your organization at risk?

Get a highly customized data risk assessment run by engineers who are obsessed with data security. Request yours at https://info.varonis.com/start

What you should do now

Below are three ways we can help you begin your journey to reducing data risk at your company:

  1. Schedule a demo session with us, where we can show you around, answer your questions, and help you see if Varonis is right for you.
  2. Download our free report and learn the risks associated with SaaS data exposure.
  3. Share this blog post with someone you know who'd enjoy reading it. Share it with them via email, LinkedIn, Reddit, or Facebook.

Try Varonis free.

Get a detailed data risk report based on your company’s data.
Deploys in minutes.

Keep reading

Varonis tackles hundreds of use cases, making it the ultimate platform to stop data breaches and ensure compliance.

threat-update-28-–-re-ryuk’ed-&-exchange-zero-day
Threat Update 28 – Re-Ryuk’ed & Exchange Zero-Day
Is it too soon for a 2020 throwback? The Ryuk ransomware gang certainly doesn’t think so! It looks like one of the premiere ransomware-as-a-service groups was not content to rest on their laurels, and it appears they’ve added self-spreading capabilities.
the-2021-manufacturing-data-risk-report-reveals-1-in-5-files-is-open-to-all-employees
The 2021 Manufacturing Data Risk Report Reveals 1 in 5 Files is Open to All Employees
Threats against the manufacturing sector continue — from big game ransomware groups that steal victim’s data before encrypting it, to nation-state attackers seeking technology secrets, to company insiders looking for…
threat-update-43-–-ransomware-early-warning:-brute-force
Threat Update 43 – Ransomware Early Warning: Brute Force
With the proliferation of more sophisticated, human-operated ransomware, attackers can live inside an organization for days, weeks, or months - finding and exfiltrating data before making their presence known by detonating ransomware.
threat-update-#14---post-ransomware-recovery
Threat Update #14 - Post-Ransomware Recovery
To stop ransomware, every second counts. But once the threat is contained, the race is on to get back up and running after a ransomware incident. Click to watch Kilian Englert...