close
close
Your Network of Tomorrow
Your Network of Tomorrow
Plan your path toward a faster, more secure, and more resilient network designed for the applications and users that you support.
          Experience Netskope
          Get Hands-on With the Netskope Platform
          Here's your chance to experience the Netskope One single-cloud platform first-hand. Sign up for self-paced, hands-on labs, join us for monthly live product demos, take a free test drive of Netskope Private Access, or join us for a live, instructor-led workshops.
            A Leader in SSE. Now a Leader in Single-Vendor SASE.
            A Leader in SSE. Now a Leader in Single-Vendor SASE.
            Netskope debuts as a Leader in the Gartner® Magic Quadrant™ for Single-Vendor SASE
              Securing Generative AI for Dummies
              Securing Generative AI for Dummies
              Learn how your organization can balance the innovative potential of generative AI with robust data security practices.
                Modern data loss prevention (DLP) for Dummies eBook
                Modern Data Loss Prevention (DLP) for Dummies
                Get tips and tricks for transitioning to a cloud-delivered DLP.
                  Modern SD-WAN for SASE Dummies Book
                  Modern SD-WAN for SASE Dummies
                  Stop playing catch up with your networking architecture
                    Understanding where the risk lies
                    Advanced Analytics transforms the way security operations teams apply data-driven insights to implement better policies. With Advanced Analytics, you can identify trends, zero in on areas of concern and use the data to take action.
                        The 6 Most Compelling Use Cases for Complete Legacy VPN Replacement
                        The 6 Most Compelling Use Cases for Complete Legacy VPN Replacement
                        Netskope One Private Access is the only solution that allows you to retire your VPN for good.
                          Colgate-Palmolive Safeguards its "Intellectual Property” with Smart and Adaptable Data Protection
                          Colgate-Palmolive Safeguards its "Intellectual Property” with Smart and Adaptable Data Protection
                            Netskope GovCloud
                            Netskope achieves FedRAMP High Authorization
                            Choose Netskope GovCloud to accelerate your agency’s transformation.
                              Let's Do Great Things Together
                              Netskope’s partner-centric go-to-market strategy enables our partners to maximize their growth and profitability while transforming enterprise security.
                                Netskope solutions
                                Netskope Cloud Exchange
                                Netskope Cloud Exchange (CE) provides customers with powerful integration tools to leverage investments across their security posture.
                                  Netskope Technical Support
                                  Netskope Technical Support
                                  Our qualified support engineers are located worldwide and have diverse backgrounds in cloud security, networking, virtualization, content delivery, and software development, ensuring timely and quality technical assistance
                                    Netskope video
                                    Netskope Training
                                    Netskope training will help you become a cloud security expert. We are here to help you secure your digital transformation journey and make the most of your cloud, web, and private applications.

                                      Netskope
                                      Threat Labs Report: Healthcare 2025

                                      The 2025 Netskope Threat Labs Healthcare report highlights malware distribution via Cloud apps, generative AI adoption trends, and data policy violations over the past 12 months.
                                      Netskope Threat Labs Report
                                      7 min read

                                      In this report link link

                                      The healthcare sector faces evolving cybersecurity challenges as cloud application usage grows and generative AI (genAI) applications become more integrated into organizational workflows. This report examines the latest trends in malware distribution, data policy violations, and genAI application usage within the healthcare industry.​

                                      Malware distribution: Cloud apps continue to be an avenue for malware delivery, with 13% of organizations in the healthcare sector seeing malware downloads from GitHub, highlighting growing threats in trusted developer platforms.

                                      Data policy violations: Mishandling regulated data is the top data security concern across the board in the healthcare sector, with regulated data being the most common type of sensitive data uploaded to personal cloud apps, genAI apps, and other unapproved destinations.

                                      GenAI usage: 88% of healthcare organizations are using genAI apps directly, with 96% using apps that leverage user data for training and 98% using apps that incorporate genAI features. Organizations are responding to the resulting sensitive data (primarily regulated data) exposure risk by increasing their adoption of DLP.

                                       

                                      test answer

                                      Malware downloads link link

                                      Malware distribution via cloud apps

                                      In 2025, GitHub emerged as the leading cloud application for malware downloads in the healthcare sector, with 13% of healthcare organizations seeing malware downloads per month. Attackers are abusing GitHub’s open platform to host and distribute malware, leveraging its widespread trust and use among developers. Following GitHub are Microsoft OneDrive, Amazon S3, and Google Drive, three of the most popular cloud storage apps in the enterprise (and therefore also common channels for attackers to host malicious files that their victims are more likely to download).

                                      Netskope Threat Labs Report Healthcare 2025 - top apps for malware downloads in healthcare sector

                                       

                                      Data policy violations in cloud apps

                                      The most common type of data policy violation in healthcare is uploading regulated data to unapproved locations on the web and in the cloud. In total, 81% of all data policy violations were for regulated healthcare data, while the other 19% included intellectual property, secrets, and source code. This finding highlights the critical need for healthcare organizations to enforce robust data loss prevention (DLP) strategies and educate employees on the risks associated with uploading sensitive information to unapproved locations.

                                      Netskope Threat Labs Report Healthcare 2025 - type of data policy violations in healthcare sector

                                      Narrowing the scope to only personal apps, the distribution of data policy violations changes only slightly. While regulated data still dominates, there is a comparatively higher incidence of individuals uploading source code to their personal apps (especially their personal Microsoft OneDrive and Google Drive accounts).

                                      Netskope Threat Labs Report Healthcare 2025 - data policy violations for personal apps in healthcare sector

                                       

                                      GenAI usage link link

                                      GenAI organizational adoption and usage trends

                                      GenAI has become mainstream in the healthcare sector, with 88% of organizations now integrating cloud-based genAI apps into their operations, 96% using apps that leverage user data for training, 98% using apps that incorporate genAI features,  and 43% experimenting with running some genAI infrastructure locally. These numbers lag behind the global averages of 94% of organizations using genAI apps in the cloud and 54% exploring running them locally.

                                      At the same time, the use of personal genAI accounts has declined from 87% to 71% over the past year. This trend signals a strategic shift toward centralized, organization-approved genAI solutions designed to strengthen security and ensure compliance. ​Healthcare organizations should continue to adopt enterprise-grade genAI applications with robust security features to protect sensitive data while advancing in this direction.

                                      Netskope Threat Labs Report Healthcare 2025 - GenAI usage personal vs organization account breakdown in healthcare sector

                                      Most used GenAI apps in healthcare

                                      The top ten genAI apps used in the healthcare industry mirror global trends, with the following highlights 

                                      • ChatGPT is by far the most widely used genAI app in healthcare and other sectors. 
                                      • Google Gemini is steadily gaining traction as a leading alternative to ChatGPT.

                                      The remainder of the top ten is a range of domain-specific and embedded AI tools.

                                      Netskope Threat Labs Report Healthcare 2025 - most popular GenAI apps based on percentage of orgs using those apps in healthcare sector

                                      Generative AI app usage and data policy violations

                                      Now that genAI apps have become mainstream in the healthcare sector, organizations have been rapidly adopting DLP as a mitigating control for the increased data security risk that comes with genAI use. Notably, a substantial portion of sensitive data shared with genAI apps includes regulated data (a problem previously highlighted in this report for unapproved and personal apps as well), source code, and intellectual property. This trend suggests that genAI applications offer innovative solutions, but also introduce new vectors for potential data breaches. Healthcare organizations must balance the benefits of genAI with the implementation of strict data governance policies to mitigate associated risks.​

                                      Netskope Threat Labs Report Healthcare 2025 - type of data policy violations for GenAI apps in healthcare sector

                                      Rising DLP adoption

                                      To manage the data risks associated with genAI apps, organizations in the healthcare sector are rapidly adopting DLP policies. Using DLP policies to monitor and control access to genAI applications has grown significantly, rising from 31% to 54% of healthcare organizations over the past year. This increase highlights a stronger commitment to safeguarding sensitive data, as more healthcare providers recognize the risks associated with unmonitored genAI usage. By implementing DLP controls, organizations are taking a proactive approach to reduce data risks during interactions with genAI tools. This shift marks an essential step toward the responsible and secure integration of AI in healthcare environments.

                                      Netskope Threat Labs Report Healthcare 2025 - percentage of organizations using DLP to control GenAI app access in healthcare sector

                                      Most blocked genAI apps

                                      While the specific genAI apps blocked may differ by organization, apps with consistently high block rates, like those in the top 10 list below, should prompt all organizations to evaluate the presence of those apps in their own environments. It is also a good opportunity to reassess controls across entire categories of genAI tools. DeepAI is the most commonly blocked genAI app in healthcare organizations, often due to concerns around privacy practices and a lack of enterprise-grade controls. The remaining apps on the list, including Tactiq, Scite, and JasperAI, also appear frequently, with blocking decisions typically influenced by the presence of more secure or better-aligned alternatives. These patterns reflect how healthcare organizations are using block policies to redirect users to use approved tools that meet internal requirements.

                                      Netskope Threat Labs Report Healthcare 2025 - most blocked AI apps by percentage of orgs enacting blanket ban on the app in healthcare sector

                                       

                                      Recommendations link link

                                      GenAI technology is significantly changing risk management approaches across businesses. The healthcare sector’s embrace of genAI applications necessitates a proactive approach, while these tools offer valuable efficiency gains and innovation opportunities, they also introduce notable security challenges. Organizations must remain vigilant by implementing comprehensive security measures, enforcing data protection policies, and promoting a cybersecurity awareness culture among employees. Netskope Threat Labs recommends organizations in the healthcare sector review their security posture to ensure that they are adequately protected against these trends:

                                      • Block access to apps that do not serve any legitimate business purpose or that pose a disproportionate risk to the organization. A good starting point is a policy to allow reputable apps currently in use while blocking all others.
                                      • Use DLP policies to detect potentially sensitive information, including source code, regulated data, passwords and keys, intellectual property, and encrypted data, being sent to personal app instances, genAI apps, or other unauthorized locations.
                                      • Inspect all HTTP and HTTPS downloads, including all web and cloud traffic, to prevent malware from infiltrating your network. Netskope customers can configure their Netskope NG-SWG with a Threat Protection policy that applies to downloads from all categories and applies to all file types.

                                      Use Remote Browser Isolation (RBI) technology to provide additional protection when there is a need to visit websites that fall into categories that can present higher risk, like newly observed and newly registered domains.

                                       

                                      Netskope Threat Labs link link

                                      Staffed by the industry’s foremost cloud threat and malware researchers, Netskope Threat Labs discovers, analyzes, and designs defenses against the latest cloud threats affecting enterprises. Our researchers are regular presenters and volunteers at top security conferences, including DefCon, BlackHat, and RSA.

                                       

                                      About This Report link link

                                      Netskope provides threat protection to millions of users worldwide. Information presented in this report is based on anonymized usage data collected by the Netskope One platform relating to a subset of Netskope customers with prior authorization.

                                      The statistics in this report are based on the period from March 1, 2024, through March 31, 2025. Stats reflect attacker tactics, user behavior, and organization policy.

                                      Threat Labs Reports

                                      In the monthly Netskope Threat Labs Report, you will find the top 5 malicious domains, malware, and apps that the Netskope Security Cloud platform blocked plus recent publications and a threat roundup.

                                      Threat labs

                                      Accelerate your security program with the SASE Leader