Cyber attacks in healthcare up 51 per cent, study finds

Web application attacks on healthcare organisations spiked by 51 per cent following global roll outs of the COVID-19 vaccine in December, new research has found. Facilities operating in the UK, US, Brazil and Canada were the top targets. 

Research by IT security company Imperva Research Labs shows that the healthcare industry is experiencing a 10 per cent increase each year in cyber attacks each year, highlighting the growing risk for the healthcare sector, particularly during the ongoing pandemic.

Web application attacks may not be as commonly known as ransomware attacks, but they are just as malicious. Types of web application attacks include: 

Cross-site scripting (XSS). This can lead to patient accounts being compromised, and pages modified for patients to give out personal information. These attacks grew by 43 per cent in December. 

SQL injections (SQLi). These put patient data at risk, and in the most serious cases can give the attacker admin rights over a database. SQLi attacks increased by 44 per cent in December. 

Protocol manipulation, or ‘HTTP request smuggling’. This lets hackers interfere with how a website processes sequences of HTTP requests, allowing an attacker to bypass security controls, gain unauthorised access to sensitive data, and directly compromise other application users. Protocol manipulation attacks are rising fastest - by 76 per cent in December. 

Remote Code Execution/Remote File Inclusion (RCE/RFI). These target vulnerabilities in web applications so the attacker can upload malware. If successful, this can result in information theft, compromised servers and a takeover of the site. 

"Reliance on JavaScript APIs and third-party applications creates a threat landscape of more complex, automated, and opportunistic cybersecurity risks that are increasingly challenging for all organisations to detect and stop" Terry Ray, SVP at Imperva explains. 

"While ransomware attacks commonly land healthcare organisations in the news, it’s only the vulnerable application front end to all healthcare data that experiences the variety and volume of daily attacks noted above.

Ray adds that while the volume of attacks increased in 2020, the number of breaches decreased. "As someone who has worked in cybersecurity for more than 20 years, this makes no sense. My hypothesis is that many organisations likely don’t know the extent or impact of these attacks yet. The reason being: for most of the year, healthcare was focused on trying to enable remote work while managing the frontline logistics of a global pandemic. Less time was spent on threat research, incident response and incident analysis."

He predicts more breaches in 2021. "In the first three days of 2021, Imperva researchers saw a dramatic 43 per cent increase in data leakage, the unauthorised transmission of data from within an organization to an external destination or recipient, which is often the result of a breach. 

To defend themselves against these threats, healthcare providers must protect their data and look at other solutions. "With teams under-resourced, managing a growing stack of point solutions to address each unique risk is unrealistic. Instead, find a partner that can offer an integrated platform that provides protection against the leading attacks and optimizes web performance, helping the organization to operate more efficiently and securely" Ray says. 

"Don’t forget regulatory compliance. Most privacy and data security regulations today require healthcare providers and payers to demonstrate access controls and monitoring for all access to sensitive patient healthcare information."