The 2021 Healthcare Data Risk Report Reveals 1 Out of Every 5 Files is Open to All Employees

The Varonis 2021 Healthcare Data Risk Report found 20% of all files at hospitals, biotech firms and pharma companiesare open to every employee.
Rachel Hunt
1 min read
Last updated October 21, 2021

Hospitals, biotech firms and pharma companies are entrusted to protect sensitive information—from personal patient data to valuable proprietary research–from skilled adversaries looking to grab sensitive data to steal, sell, or extort from victim organizations.

As the saying goes, hackers only need to be right once. One successful phishing email can set off a ransomware chain reaction that encrypts every file it touches. A single insider with unrestricted access to file shares can copy, change, or delete thousands or even millions of documents.

To shine a light on data security in the life sciences space, we developed the 2021 Healthcare Data Risk Report. We examine the state of data security – on-premises, cloud, and hybrid environments – for healthcare organizations including hospitals, biotech and pharmaceutical firms. We analyzed a random sample of Data Risk Assessments for 58 companies—and a total of 3 billion files–to determine how data is exposed and at risk.

Here are just a few key findings:

  • Near 20% of all files are open to every employee.
  • The average healthcare organization has 31,000 sensitive files (including ones that include HIPAA-protected information, financial data, and proprietary research) open to everyone.
  • On average, more than 1 in 10 sensitive files are open to every employee.
  • 77% of the companies we surveyed have 500 or more accounts with passwords that never expire.

Read the full report: 2021 Healthcare Data Risk Report

👋 Want to find out if your data is putting your organization at risk?

Get a highly customized data risk assessment run by engineers who are obsessed with data security. Request yours at https://info.varonis.com/start

What should I do now?

Below are three ways you can continue your journey to reduce data risk at your company:

1

Schedule a demo with us to see Varonis in action. We'll personalize the session to your org's data security needs and answer any questions.

2

See a sample of our Data Risk Assessment and learn the risks that could be lingering in your environment. Varonis' DRA is completely free and offers a clear path to automated remediation.

3

Follow us on LinkedIn, YouTube, and X (Twitter) for bite-sized insights on all things data security, including DSPM, threat detection, AI security, and more.

Try Varonis free.

Get a detailed data risk report based on your company’s data.
Deploys in minutes.

Keep reading

Varonis tackles hundreds of use cases, making it the ultimate platform to stop data breaches and ensure compliance.

the-2021-financial-data-risk-report-reveals-every-employee-can-access-nearly-11-million-files
The 2021 Financial Data Risk Report Reveals Every Employee Can Access Nearly 11 Million Files
Financial services organizations must safeguard tons of highly sensitive information, but data is often left exposed to far too many people. If just one employee clicks on a phishing email,...
the-2021-manufacturing-data-risk-report-reveals-1-in-5-files-is-open-to-all-employees
The 2021 Manufacturing Data Risk Report Reveals 1 in 5 Files is Open to All Employees
Threats against the manufacturing sector continue — from big game ransomware groups that steal victim’s data before encrypting it, to nation-state attackers seeking technology secrets, to company insiders looking for…
2019-data-risk-report-stats-and-tips-you-won’t-want-to-miss
2019 Data Risk Report Stats and Tips You Won’t Want to Miss
Our data risk report analyzed over 54 billion files across 30+ industries for the latest insights, stats and tips to improve your data security practices
varonis-opens-australia-data-centre-to-support-saas-customers
Varonis Opens Australia Data Centre to Support SaaS Customers
Australian expansion allows Varonis customers to achieve automated data security outcomes while following national standards for data privacy.