- Netskope report find almost all healthcare workers use AI tools trained on user data
- HIPAA-protected information, passwords, IP and more at risk
- Organizations need to approve AI tools more quickly
New research from Netskope has blamed healthcare workers for putting their companies at risk by regularly attempting to upload sensitive and regulated data to unapproved locations, including generative AI chatbots like ChatGPT and Gemini.
Highlighting the extent of unapproved tool usage, the report revealed that 96% of respondents used apps that leverage user data for training.
Besides the use of unapproved GenAI tools, many violations also stemmed from uploads to personal OneDrive or Google Drive cloud storage accounts.
Healthcare workers are putting your data at risk
The figures claim 81% of all data privacy violations involved regulated healthcare data such as HIPAA-protected information, while 19% involved passwords, source code or intellectual property.
More than two-thirds of GenAI users in healthcare also admitted to using their personal AI accounts to send sensitive data while at work, potentially alluding to their frustration regarding confusing regulation and delayed processes.
Netskope noted, “this behavior is hindering security teams’ visibility over GenAI-related activity among their staff.”
“Healthcare organisations must balance the benefits of genAI with the deployment of security and data protection guardrails to mitigate those risks,” explained Netskope Threat Labs Cloud Threat Researcher Gianpietro Cutolo.
Looking ahead, the research calls for faster deployment of organization-approved GenAI applications in order to reduce the use of shadow AI – a trend that is already starting to slow down, reducing from 87% to 71% over the past year.
Data Loss Prevention (DLP) policies are also an effective strategy to monitor and control access to GenAI applications, with more than half (54%) of organizations now using DLP policies compared with 31% last year.
Cutolo summarized: “Healthcare organisations are making progress, but continued focus on secure, enterprise-approved solutions will be critical to ensure data remains protected in this evolving landscape.”
Leave a comment