The 2025 Netskope Threat Labs Healthcare Report reveals a growing cybersecurity crisis within the healthcare sector, fueled by increased reliance on cloud applications and generative AI (GenAI) platforms.
As hospitals and providers embrace digital transformation to improve care delivery and efficiency, they also expose themselves to significant risks, including regulatory violations, data breaches, and reputational damage.
Cloud and AI tools fuel data risks in healthcare
According to the report, 81% of healthcare policy violations in 2024 involved protected health information (PHI), driven by the rapid adoption of GenAI tools, which 88% of companies now use. Employees often upload sensitive data to unauthorized platforms such as Google Drive, ChatGPT, and OneDrive. Many of these platforms do not comply with healthcare privacy and data protection standards.
Despite a decrease in personal AI account use from 87% to 71%, the absence of approved, organization-wide generative solutions drives what experts call “shadow AI,” the unsanctioned use of the technology without IT oversight. These behaviors have led to policy breaches, 44% directly involving regulated health records.
Regulatory and reputational risks
The report also finds that 96% of AI platforms are trained on personal data, compounding long-term privacy concerns. Unchecked uploads of PHI to such platforms could trigger steep penalties of up to €20 million under the General Data Protection Regulation (GDPR) or $1.5 million per violation under the Health Insurance Portability and Accountability Act of 1996 (HIPAA).
“Beyond financial consequences, breaches erode patient trust and damage organizational credibility with vendors and partners,” warned Ray Canzanese, director of Netskope Threat Labs.
In response, 54% of healthcare organizations have adopted data loss prevention (DLP) tools—up from 31% last year—to block unauthorized uploads in real time. These applications have shown a measurable impact: 73% of employees who receive automated alerts stop such risky behavior.
Security experts recommend broader implementation of zero-trust network access (ZTNA) frameworks to monitor and control sensitive data flow. Rather than banning AI outright, training and transparency can become effective methods for balancing innovation with compliance.
How does this affect outsourcing in healthcare?
As digital risks increase, healthcare providers outsource non-core functions such as IT management, cybersecurity, revenue cycle operations, and electronic health record (EHR) support. These partnerships help hospitals meet compliance demands, bridge staffing gaps, and maintain continuity in a volatile regulatory environment.
In the U.S., where hospitals face mounting funding pressure and labor shortages, managed service providers (MSPs) are becoming essential to long-term resilience. Many providers outsource to firms with specialized experience in privacy compliance, risk mitigation, and scalable tech infrastructure.
Mergers and acquisitions among vendors, particularly in population health, analytics, and member services, are also reshaping the landscape, aligning outsourcing capabilities with evolving healthcare priorities.
The Netskope report marks a critical shift. As healthcare digitizes, organizations must adopt a unified approach to security, vendor oversight, and employee training. Outsourcing is no longer just a cost-saving measure—it’s a strategic necessity for operating securely in the digital era.
Read more Unity Communications and industry news on our main BPO News page.
Briones, J. A. (2025, May 13). Healthcare workers’ AI use risks patient data, Netskope report warns. Outsource Accelerator. Retrieved from https://news.outsourceaccelerator.com/healthcare-workers-ai-use-risks-patient-data/
Turner, G. (2025, May 8). Sensitive Health Data at Risk From AI Tools, Report Warns. DIGIT. Retrieved from https://www.digit.fyi/healthcare-data-risk-netskope/
