INTELLIGENT BRANDS // Enterprise Security
American healthcare providers run vulnerable web apps
Outpost24 , an innovator in identifying and managing cybersecurity exposure , has announced results from its 2021 Web Application Security for Healthcare report , which analyzed the top 10 American healthcare providers , as ranked by the 100 largest hospitals and health systems in the US .
The report revealed the majority of US healthcare providers ( 90 %) had an external attack surface score of above 30 ( out of 58.4 ) – which is categorized as ‘ critically exposed ’ and indicates a high susceptibility for security and vulnerability exposure .
The scoring was conducted using Outpost24 ’ s external attack surface management tool to assess the security exposure of the healthcare providers ’ Internet-facing web services which includes checking how many pages there are per application , if any outdated software components are used and what vulnerable third-party software it is running on .
Further findings showed the top 10 US healthcare organizations run a total of 6,069 web applications over 2,197 domains with 3 % deemed as ‘ suspicious ’ – these could be open test environments that should ideally be closed since they are essentially sitting ducks for attackers .
Additionally , 24 % of these applications were running on old components containing exploitable vulnerabilities .
“ It ’ s paramount the healthcare organizations carry out the necessary due diligence to continuously evaluate their Internet exposed security perimeter given the highly sensitive information stored ,” said Nicolas Renard , Security Researcher at Outpost24 .
“ Any kind of data breach and downtime for healthcare organizations can be fatal , therefore they must take a proactive stance to identify and mitigate potential security issues before critical care can be impacted .”
Overall , US healthcare organizations had a larger attack surface with an average risk exposure score of 40.5 when compared to EU pharmaceutical organizations which had a score of 32.79 . This is despite the US healthcare providers running 30 % fewer external web applications compared to the top 10 EU pharma manufacturers which had 20,394 apps .
It is no secret that healthcare and pharmaceutical organizations have become highly valuable targets with vast volumes of vital patient information and intellectual property hosted on often outdated systems .
Just this year alone , significant data breaches and ransomware attacks have impacted millions of US healthcare providers including the Florida Healthy Kids Corporation , Forefront Dermatology and Viverant Physical Therapy Center , which is exacerbating the challenge from a lack of security visibility and hygiene when combatting risk from the growing attack surface .
With such sensitive and personal data housed in these organizations , healthcare providers must take action to reduce the overall attack surface , especially to ensure compliance with HIPAA and the continuity of critical patient care . p
68 INTELLIGENTCIO NORTH AMERICA www . intelligentcio . com