51% More Attacks on Healthcare Industry Web Application in the Last Two Months of 2020

Cybersecurity firm Imperva released a report that showed significant growth of attacks on healthcare sector web apps. Imperva Research Labs noted 51% more web app attacks for the period November 2020 to December 2020, the same period of the roll-out of COVID-19 vaccines.

Imperva SVP Terry Ray reported that 2020’s cyber activity was unequaled as healthcare web app attacks grew by 10% year-over-year. In 2020, there were about 187 million web app attacks per month on healthcare targets. Every organization watched by Imperva had an average of 498 attacks each month. The primary targets were located in Canada, the United States, Brazil, and the United Kingdom.

Last December, Imperva Research Labs noticed four kinds of attacks that significantly elevated. Protocol manipulation attacks had the largest increase with a 76% increase from November. This is the third attack type that was most common. Remote code execution / remote file inclusion attacks went up by 68%, although this attack type just accounted for just a number of attacks.

The most prevalent attack type was cross-site scripting (XSS) attacks with 43% more attacks compared to November. SQL injection attacks, the next most prevalent attack type had 44% more attacks since November.

Though there were more web app attacks, the actual data breaches reported worldwide decreased. As reported by Ray, lots of organizations still don’t know the size or impact of these attacks. Considering that for the most part of the year, healthcare was focused on making remote work possible while caring for the frontline logistics of a global COVID outbreak. Consequently, researchers put in less time on threat query, incident response and evaluation.

Healthcare organizations will most likely only know the impact of those attacks a few weeks into 2021. Imperva saw a 43% increase in healthcare data leakage in the first 3 days of 2021. The leakage entailed unauthorized information transmission from inside a company to an outside recipient. This is usually the result of a security breach.

2020 has certainly been a hard year with the considerable speed of IT change. Ray stated that in healthcare the rate of change was exceptional. IT projects that usually take 10 years to complete were finished in three, whereas a number of digital projects only took weeks or months.

Though the acceleration is impressive, it has created risks. Plenty of healthcare organizations relied on third-party apps, rather than developing their own, for the sake of convenience, reduced IT development risks and expenses and more collaboration. Though third-party apps provide certain merits to business, the risks include: patching just on the vendor’s timeline, determining exploits that are frequently publicized, and constant zero-day research on broadly employed third-party applications and APIs.

The greater reliance on JavaScript APIs and third-party applications had produced a threat landscape of complex, programmed, and opportunistic cybersecurity challenges, which are difficult to recognize and stop.

The increase in attacks is certainly not very good news, nevertheless, healthcare organizations can take action to lessen the risk. Systems should be improved. Money used on application and data protection ought to be increased. Rather than using point solutions to handle each unique risk, a built-in system should be employed that can enhance web performance and protect against all web app threats.

About Christine Garcia 1200 Articles
Christine Garcia is the staff writer on Calculated HIPAA. Christine has several years experience in writing about healthcare sector issues with a focus on the compliance and cybersecurity issues. Christine has developed in-depth knowledge of HIPAA regulations. You can contact Christine at [email protected]. You can follow Christine on Twitter at https://twitter.com/ChrisCalHIPAA