The healthcare sector has emerged as a prime target for cyber attackers, driven by the increasing reliance on cloud applications and the rapid integration of generative AI (genAI) tools into organizational workflows.
According to the Netskope Threat Labs Report for Healthcare 2025, cybercriminals are exploiting trusted platforms like GitHub, with 13% of healthcare organizations experiencing malware downloads from the developer hub each month.
Alongside GitHub, widely used cloud storage services such as Microsoft OneDrive, Amazon S3, and Google Drive are also becoming conduits for malicious file distribution, capitalizing on their popularity and perceived trustworthiness.
.png
)
This surge in malware delivery via cloud apps underscores the urgent need for robust threat protection mechanisms to inspect HTTP and HTTPS traffic and safeguard against network infiltration.
Cloud Apps and GenAI Fuel Rising Threats
A deeper dive into the data reveals that mishandling regulated data remains the most pressing cybersecurity concern in healthcare, constituting 81% of data policy violations.
Sensitive information, including patient records and other regulated data, is frequently uploaded to unapproved cloud destinations and personal apps like OneDrive and Google Drive, with a smaller but notable portion involving intellectual property and source code leaks.
The mainstream adoption of genAI tools-used by 88% of healthcare organizations, with 96% leveraging user data for training and 98% embedding genAI features-has further compounded these risks.
While genAI offers transformative potential, it introduces new vectors for data exposure, as regulated data and critical assets are often shared with these applications.
Encouragingly, the sector is responding by ramping up Data Loss Prevention (DLP) adoption, with 54% of organizations now using DLP policies to monitor and control genAI app access, up from 31% last year.
However, the persistent use of personal genAI accounts by 71% of users, though down from 87%, signals a lingering gap in centralized security controls.
Data Breaches and GenAI Risks
ChatGPT dominates as the most widely used genAI app in healthcare, followed by Google Gemini and other domain-specific tools, yet privacy concerns have led to frequent blocking of apps like DeepAI, Tactiq, and JasperAI in favor of enterprise-grade alternatives.
As a countermeasure, Netskope Threat Labs urges healthcare providers to enforce strict access policies, block high-risk apps lacking legitimate business purpose, and deploy DLP to detect sensitive data uploads to unauthorized locations.
Additionally, implementing Remote Browser Isolation (RBI) technology for accessing risky web categories and conducting thorough threat inspections of all downloads are critical steps toward mitigating these evolving threats.
As genAI continues to reshape healthcare operations, balancing innovation with stringent data governance and cybersecurity awareness is no longer optional-it’s imperative to protect the sector from becoming an even larger target for cyber adversaries in the years ahead.
Setting Up SOC Team? – Download Free Ultimate SIEM Pricing Guide (PDF) For Your SOC Team -> Free Download
