American healthcare providers run vulnerable web apps
utpost24 , an innovator in
O identifying and managing cybersecurity exposure , has announced results from its 2021 Web Application Security for Healthcare report , which analysed the top 10 American healthcare providers , as ranked by the 100 largest hospitals and health systems in the US . The report revealed the majority of US healthcare providers ( 90 %) had an external attack surface score of above 30 ( out of 58.4 ) – which is categorised as ‘ critically exposed ’ and indicates a high susceptibility for security and vulnerability exposure .
The scoring was conducted using Outpost24 ’ s external attack surface management tool to assess the security exposure of the healthcare providers ’
Internet-facing web services which includes checking how many pages there are per application , if any outdated software components are used and what vulnerable third-party software it is running on .
Further findings showed the top 10 US healthcare organisations run a total of 6,069 web applications over 2,197 domains with 3 % deemed as ‘ suspicious ’ – these could be open test environments that should ideally be closed since they are essentially sitting ducks for attackers . Additionally , 24 % of these applications were running on old components containing exploitable vulnerabilities .
“ It ’ s paramount the healthcare organisations carry out the necessary due diligence to continuously evaluate their Internet exposed security perimeter given the highly sensitive information stored ,” said Nicolas Renard , Security Researcher at Outpost24 . “ Any kind of data breach and downtime for healthcare organisations can be fatal , therefore they must take a proactive stance to identify and mitigate potential security issues before critical care can be impacted .”
Overall , US healthcare organisations had a larger attack surface with an average risk exposure score of 40.5 when compared to EU pharmaceutical organisations which had a score of 32.79 . This is despite the US healthcare providers running 30 % less external web applications compared to the top 10 EU pharma manufacturers which had 20,394 apps .
It is no secret that healthcare and pharmaceutical organisations have become highly valuable targets with vast volumes of vital patient information and intellectual property hosted on often outdated systems .
Just this year alone , significant data breaches and ransomware attacks have impacted millions at US healthcare providers including the Florida Healthy Kids Corporation , Forefront Dermatology and Viverant Physical Therapy centre , which is exacerbating the challenge from a lack of security visibility and hygiene when combatting risk from the growing attack surface . With such sensitive and personal data housed in these organisations , healthcare providers must take action to reduce the overall attack surface , especially to ensure compliance with HIPAA and the continuity of critical patient care . u intelligent DATA SECURITY www . intelligentciso . com
57