85 percent of the top 20 healthcare apps ‘critically exposed’

85 percent of the top 20 pharma and healthcare applications are ‘critically exposed’, with a ‘high susceptibility for security exposure’, according to research published by cyber assessment company Outpost24. 

EU healthcare organisations had an average score of 33 (out of 58) in Outpost24’s algorithm which indicates critical exposure with a ‘high susceptibility for security and vulnerability exposure’.  

US healthcare organisations performed even worse, with the report finding they have an even larger attack surface with an ‘average risk exposure’ score of 41. 

Using their external attack surface management tool (EASM), the researchers analysed the top 20 pharma and healthcare organisations in the EU and US, uncovering common attack vectors and possible vulnerabilities in their external digital footprint. 

COVID-19 has put the healthcare industry under “exponential strain”, with the pandemic having “exacerbated cyber risk”, according to the report. It also highlighted the struggle for this sector borne from surging ransomware attacks.  

You can read more about cybersecurity threats in the healthcare sector and also the regulatory requirements for data protection, here.  

The research revealed a quarter of US healthcare apps were found to be susceptible to a cyberattack. Of 6,069 web applications over 2,197 domains, 3 percent were considered suspect, and 24 percent are running on vulnerable components. 

EU healthcare organisations did fare better overall than their US counterparts. Despite there being considerably more web applications (20,394) and domains (9,216) in Europe, less were considered susceptible to attack, with 3 percent considered suspect and just under a fifth (18 percent) had vulnerabilities. 

The top three attack vectors for both EU and US healthcare organisations were identified as Degree of Distribution, Page Creation Method and Active Content. 

“It’s paramount the healthcare organizations carry out the necessary due diligence to continuously evaluate their internet exposed security perimeter given the highly sensitive information stored," security researcher at Outpost24, Nicolas Renard, said. 

He also urged organisations to "take a proactive stance to identify and mitigate potential security issues before critical care can be impacted.” 

Securiwiser’s cybersecurity vulnerability assessment service can assist organisations in finding potential weaknesses in their infrastructure before attackers can exploit them. Securiwiser can continuously monitor your applications and domains to give you peace of mind. For healthcare organisations, the impacts of cyberattacks are clearly potentially very severe. 

Try Securiwiser for free today.