.png)
More important than your credit card numbers is your health information. In fact, health data is worth 50 times more than bank data - at least that's what the Digital Trust Insights 2025 survey by consultancy firm PwC shows.
So it makes sense that in 2024, cyber attacks on healthcare companies increased by 35% around the world - compared to the previous year, according to the Global Threat Report 2025 by CrowdStrike. In line with this information, another report, carried out by Aiqon and Netwrix, indicates that 84% of Brazilian healthcare companies identified cyber threats in the same year.
And what happens when this information is finally stolen?
What the brazilian law says
In addition to the exposure of patient data, it is common for operations to be paralyzed, for payment to be made to retrieve the data and for fines and sanctions to be paid under the General Data Protection Law (LGPD).
In this sense, it is worth highlighting what Brazilian law says. In short, the sensitivity of health data implies strict criteria for data processing and the data subject must explicitly consent to the use of this information.
But regardless of the legal basis used, it is mandatory for companies to have techniques and processes in place that allow for data access, correction, deletion and portability. Failure to comply results in sanctions from the National Data Protection Authority (ANPD), ranging from warnings and fines of up to 2% of annual turnover, limited to R$50 million per infraction, to suspension of the use of databases, blocking or deletion of information.
At the end of each incident, according to the PwC analysis, the average global cost of data leaks exceeds 3 million dollars. Among other statistics, the survey also shows that 32% of executives from various sectors in Brazil suffered losses of at least US$1 million in the worst cyber incident in the last three years.
While the increase in cyber threats is the most visible symptom of a growing vulnerability, the root of the problem often lies in how data is stored, organized and accessed by healthcare institutions. And that's where the technical and strategic challenges of IT infrastructure come in.
To better understand how hospitals, laboratories and startups are dealing with these demands - and why storing a blood test can be quite different from storing a genetic test - we spoke to Miqueias Adson, cloud computing manager at Noxtec, a company specializing in digital health solutions.
5 pillars for thinking about health data
So, if you work - or intend to start - with sensitive health information, it's important to keep at least five main points in mind: purpose, security, technology, empowerment and humanity.
First and foremost, you need to establish the purpose of data collection and management: "The purpose is much greater than any technical operation. It is necessary to understand the purpose of healthcare, precisely because of the complexity of dealing with a life", said Miqueias Adson.
This is because it is sensitive information. Therefore, a system failure or poorly recorded information can put a patient's life at risk. "You have to understand the importance of well-handled data in healthcare, we're dealing with lives, so whether you're a doctor or not, it's a huge responsibility."
After understanding your objectives, you need to think about information security issues. "There's no point in having the data if it's not protected. In Brazil, we still have a culture of accepting improvised solutions, such as storing documents on paper in boxes. But in health, the responsibility is much greater: a medical record can be requested up to 20 years later, whether for legal reasons or family medical history. That's why it's necessary to guarantee safe storage, with robust structures that protect the data over decades."
Well, there's no way to guarantee this security without good technology involved at every stage of the process. That's why technology is the third pillar. Previously, significant technological developments took years to happen, but today they happen in a matter of months or even weeks - especially now, with the arrival of generative artificial intelligence. "In healthcare, this modernization has a direct impact on data management and processing, with solutions that integrate information more quickly and efficiently to benefit the patient. I'm not just talking about medical equipment, but technologies that structure and organize clinical data within management systems", says the manager.
In order to cope with these transformations, there's no getting away from continuous training. In addition, “having prepared people improves everything: technology, care and medical practice itself”, he said.
Last but not least, it is also necessary to maintain humanity. "Even with all the rules and protocols, it is essential to remember that we are dealing with lives. Anyone who has had a family member hospitalized for a long time knows how difficult this experience is. Sometimes you have to go beyond what the rules say, thinking about what is necessary to save a patient - even if that means, for example, resolving an emergency in the early hours of the morning, when the hospital seems to be at a standstill, but there are people in need of a medicine or critical information," he concluded.
The different types of data and their requirements
Not all health data is the same and is therefore not treated in the same way. As Miqueias Adson explains, everything that involves a patient's information is considered data: from their name, date of birth and medical history to laboratory test results or medical images, such as X-rays and ultrasounds.
“Each type of data needs to be stored differently, depending on its purpose and the tool that will handle it,” explains Miqueias. Image data, for example, goes through a specific digitization process, called iconization, so that it can be accessed and analysed with quality by medical software.
The frequency of use also directly influences the storage strategy. Continuous follow-up exams, such as for a patient undergoing cancer treatment, need to be available quickly, for doctors to consult again and again. On the other hand, an isolated exam, from an episode that doesn't require revisits, can be archived in cheaper storage layers with slower access.
"If I'm treating prostate cancer, the doctor will consult my scans regularly. That's why they're stored in a layer with quick access. On the other hand, a single exam, such as a check-up with no changes, can go to a cheaper space, with a longer retrieval time, because the chance of consultation is much lower," exemplifies Noxtec's cloud computing manager.
According to the expert, the sector usually adopts different storage tiers:
- immediate access data, known as “hot” storage;
- moderate access data, known as ‘cold’ storage;
- and long term storage data, known as “very cold” or “archive” storage, which can take up to 12 hours to be retrieved.
As well as reducing costs, this classification helps to ensure efficient use of space and computing resources. “It's as if I had bought a cheaper disk and stored it somewhere far away, to free up space here where the data is used all the time,” says Miqueias.
Artificial intelligence tools are also important for optimizing processes. At Noxtec, for example, the Health Imaging platform automatically manages this distribution, understanding each patient's profile and the frequency with which data needs to be accessed.
Costs and returns of managing health data
The decision to modernize the storage and processing of health data involves an assessment of costs. According to Miqueias, the amounts can vary greatly depending on the type of service contracted and the criticality of data access.
To illustrate, he cites the storage tiers of AWS, one of the main global cloud players.
- Hot storage (Storage Class Standard):
- immediate access to data
- approximate cost: R$140 per terabyte per month
- Very cold storage (Glacier Deep Archive):
- recovery time: up to 12 hours
- approximate cost: R$6 per terabyte per month
- Intermediate options:
- tiers with recovery times of 2 to 4 hours, with prices between the two extremes
- the cost varies according to the access time required and the geographic region of the data center
In addition to the choice of tier, factors such as the location of the data centers also have an impact on the budget. Storing data in Brazil, for example, tends to be more expensive than in the United States, due to the physical infrastructure available in each country.
But the financial benefits of technology go beyond savings on storage. The digitization and modernization of hospital management systems can have a direct impact on institutions' revenues.
Miqueias cites a public case that he followed closely, in which the adoption of a new hospital management platform brought significant results:
- before modernization - daily turnover: around R$1 million
- after implementing the system - daily turnover: between R$2 million and R$3 million
Overall, the investment in technology contributed to the hospital's financial sustainability throughout the year, reducing the need for emergency strategies.
However, although implementing technology generates good returns, transformation doesn't come without challenges. "Implementing a hospital management system always causes resistance. Doctors, used to paper, find the technology strange. There is an adaptation phase. But the return begins to show in the first few months, with an increase in turnover, improvements in processes and even in patient care," he says.
The gains can start with modest leaps - such as a 20% increase in daily turnover - and double in two or three years, as the team adapts and technological maturity is consolidated. But at the end of the day, it's the patient who benefits most from this evolution. “They are the ones most affected and most interested in having the best service,” he concludes.
Technical and cultural challenges
Stimulating digital transformation goes beyond choosing good clouds and software. In fact, even though there is talk of innovation and AI everywhere, the cultural change regarding these issues is still ongoing within institutions. In Miqueias' view, one of the main challenges is still getting managers and teams to understand the real value of each piece of data.
“Even the simplest piece of information has enormous importance within the care chain,” he says. According to him, resistance starts when collecting data: many professionals, either in a hurry or due to a lack of awareness, tend to fill in forms incompletely, believing that certain information is irrelevant. “But it's precisely that data that can make a difference to clinical decisions down the line or even to administrative processes, such as scheduling and patient tracking.”
In addition, there is still a certain resistance and fear of innovation among leaders. From a personal perspective, Miqueias estimates that around 70% to 80% of the hospital market is still wary of adopting new technologies, such as cloud storage or advanced information security tools. This resistance can be seen even among hospitals that have already migrated to the cloud: of the 20% that have joined, only 3% to 5% have a level of security that is considered adequate, with multiple layers of protection, such as firewalls and XDR solutions - that is, “extended detection and response”, responsible for automatically collecting and correlating data across different layers of security.
Among other factors, there are also data silos within healthcare institutions. This term refers to fragmented information about patients, which is found in different departments, systems or care units, without communicating with each other. As a result, it is common for there to be deficits in the clinical history, which contributes to the occurrence of medical errors.
Along with the cultural factor, budget limitations are a frequent obstacle, especially in public or smaller institutions. "Some hospitals are even aware of the need, but don't have the resources to invest in robust solutions. Today, the market offers everything from technological ‘ferraris’ to more affordable options, which work like a ‘little car’, but which also fulfill their role," he compares.
On the other hand, the Covid-19 pandemic has led to changes in this scenario. Before 2020, many managers still saw hospital management software as a luxury or a technological differential. However, “with the pandemic, it has ceased to be an option and has become a basic operating necessity,” says Miqueias.
Today, the search for cloud solutions and more efficient management systems continues to grow, but with an eye on reducing costs and optimizing processes, within the so-called “FinOps” philosophy, which balances operational efficiency and financial control.
Lack of knowledge, however, is still a bottleneck. Even with the advances in artificial intelligence, interoperability and cybersecurity for healthcare, many hospital leaders are still unaware of the real impact these technologies can have on improving services and patient safety.
Furthermore, from a macro perspective, the low level of knowledge and investment in digitalization in healthcare companies is also an obstacle to the concept of “open health” - a form of nationwide interoperability that would allow patients to be followed throughout their journey, regardless of the institution they have passed through, but which depends on data standardization, communication between systems and robust governance.
“We're in 2025, in the age of artificial intelligence, but we still find hospitals that think they can't use the cloud or that are unaware of the benefits that technology can bring,” concludes Miqueias.
