According to a new study from a cyber-assessment business, vulnerabilities exist in the majority of web apps used by prominent healthcare providers in the United States. The business discovered that 90 percent of web apps used by US healthcare operators are vulnerable to cyber-attacks in its new 2021 Web Application Security for Pharma and Healthcare research.
What does the Internet Survey tell?
The paper examined the top 20 largest pharmaceutical and healthcare companies in the European Union and the United States’ internet-exposed applications to find common attack routes and exploitable weaknesses. In comparison to EU pharmaceutical businesses, which had a risk exposure score of 32.79, the survey revealed that US healthcare organizations had a wider attack surface, with an average risk exposure score of 40.5. This is despite the fact that US healthcare providers use 30% fewer external web applications than the top ten largest EU pharmaceutical companies, which have 20,394 apps. The top 10 healthcare firms in the United States used 6,069 online applications across 2,197 domains, with 3% of them deemed questionable. According to the research, these could be test settings that should be shut down since they are vulnerable to hackers. It was also discovered that 24% of these applications were running on outdated components with vulnerable flaws.
According to the survey, healthcare security teams must improve their application security to limit the danger of ransomware and other malware from both known and unknown applications. With security resources under strain and a plethora of factors to monitor, including hybrid functioning from the pandemic, identifying all web services on the Internet that contain outdated components is difficult.” According to the report’s authors, “19.5 percent of all US and EU applications assessed use obsolete components, raising security exposure from known vulnerabilities and having a knock-on effect on security hygiene.”
What exactly is vulnerability?
In the United States, a quarter of the web apps used by healthcare institutions posed a security concern. Researchers detected 3 percent of 6069 web applications running across 2197 domains to be “suspicious,” and another 23.74 percent to be running on susceptible components. “Although EU healthcare applications were determined to be more up to date than those run by US companies, the number of live applications was 236 percent higher.” This highlights the disparities in their attack surfaces, with EU firms having a considerably broader attack surface, presumably as a result of shadow IT, and US organizations being more sensitive to potential exploits from vulnerable software components, according to the authors. Given the very sensitive information kept, according to Nicolas Renard, a security researcher at Outpost24, healthcare businesses must conduct the appropriate due diligence to regularly evaluate their internet security perimeter.
“Any data breach or outage for healthcare businesses can be fatal,” he continued. “As a result, they must take a proactive approach to identify and mitigate any security risks before crucial care is disrupted.”
Conclusion
This survey thus focuses on the major concern of the use of Healthcare Apps. There should be some well-built and secure health applications in alternatives against this flaw.
