Live Cyber Attack Lab 🎯 Watch our IR team detect & respond to a rogue insider trying to steal data! Choose a Session


The 2021 Healthcare Data Risk Report Reveals 1 Out of Every 5 Files is Open to All Employees

Cybersecurity News, Data Security

Hospitals, biotech firms and pharma companies are entrusted to protect sensitive information—from personal patient data to valuable proprietary research–from skilled adversaries looking to grab sensitive data to steal, sell, or extort from victim organizations.

As the saying goes, hackers only need to be right once. One successful phishing email can set off a ransomware chain reaction that encrypts every file it touches. A single insider with unrestricted access to file shares can copy, change, or delete thousands or even millions of documents.

To shine a light on data security in the life sciences space, we developed the 2021 Healthcare Data Risk Report. We examine the state of data security – on-premises, cloud, and hybrid environments – for healthcare organizations including hospitals, biotech and pharmaceutical firms. We analyzed a random sample of Data Risk Assessments for 58 companies—and a total of 3 billion files–to determine how data is exposed and at risk.

Here are just a few key findings:

  • Near 20% of all files are open to every employee.
  • The average healthcare organization has 31,000 sensitive files (including ones that include HIPAA-protected information, financial data, and proprietary research) open to everyone.
  • On average, more than 1 in 10 sensitive files are open to every employee.
  • 77% of the companies we surveyed have 500 or more accounts with passwords that never expire.

Read the full report: 2021 Healthcare Data Risk Report

👋 Want to find out if your data is putting your organization at risk?

Get a highly customized data risk assessment run by engineers who are obsessed with data security. Request yours at


Does your cybersecurity start at the heart?

Get a highly customized data risk assessment run by engineers who are obsessed with data security.